Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need Help removing a virus


  • Please log in to reply
12 replies to this topic

#1 Anthony14

Anthony14

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 28 January 2012 - 06:58 PM

Hi everyone, this is my first time here.
Every time that I scan my Laptop with Malwarebytes, find a trojan virus
Trojan.Win32/agent, I've try all AV and nothing IDK what to do anymore..
PLEASE HELP!!

Edited by hamluis, 28 January 2012 - 08:32 PM.
No logs, moved from Malware Removal Logs to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 28 January 2012 - 08:48 PM

Hello and welcome.
Lets run a couple things.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 January 2012 - 06:27 AM

Hi and thanks for replying.
I did as Instructed and here's the following.

Result txt from MinitoolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Anthony (administrator) on 29-01-2012 at 05:59:19
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Pheonixs-14
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 0C-60-76-3F-2D-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dca9:ab9f:d9ed:a932%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 6:21:25 PM
Lease Expires . . . . . . . . . . : Sunday, January 29, 2012 9:21:29 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 225450500
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5F-5B-60-00-25-64-5D-7D-9E
DNS Servers . . . . . . . . . . . : 167.206.245.130
167.206.245.129
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-25-64-6A-D6-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2CDD94C5-4CC0-466F-A87F-6B2E5AF8E515}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{36ACAA0F-D8DE-45BC-AC1D-BE3502223E48}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns2.srv.prnynj.cv.net
Address: 167.206.245.130

Name: google.com
Addresses: 74.125.113.99
74.125.113.147
74.125.113.103
74.125.113.106
74.125.113.105
74.125.113.104


Pinging google.com [74.125.113.104] with 32 bytes of data:
Reply from 74.125.113.104: bytes=32 time=45ms TTL=51
Reply from 74.125.113.104: bytes=32 time=26ms TTL=51

Ping statistics for 74.125.113.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 45ms, Average = 35ms
Server: vdns2.srv.prnynj.cv.net
Address: 167.206.245.130

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=491ms TTL=50
Reply from 72.30.2.43: bytes=32 time=108ms TTL=52

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 491ms, Average = 299ms
Server: vdns2.srv.prnynj.cv.net
Address: 167.206.245.130

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...0c 60 76 3f 2d 79 ......Dell Wireless 1397 WLAN Mini-Card
11...00 25 64 6a d6 ec ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::dca9:ab9f:d9ed:a932/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 10:35:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash10b.ocx, version: 10.0.22.87, time stamp: 0x4987a6c3
Exception code: 0xc0000005
Fault offset: 0x00225c8a
Faulting process id: 0x964
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2012 06:37:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (01/28/2012 06:37:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (01/28/2012 06:23:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {71224562-2ac8-48c6-99a8-4960267b9f66}

Error: (01/28/2012 05:52:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash10b.ocx, version: 10.0.22.87, time stamp: 0x4987a6c3
Exception code: 0xc0000005
Fault offset: 0x0020a841
Faulting process id: 0x9f0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2012 04:08:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {98473ab1-e97f-44a2-8655-860124a03da3}

Error: (01/28/2012 05:29:15 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (01/28/2012 05:16:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash10b.ocx, version: 10.0.22.87, time stamp: 0x4987a6c3
Exception code: 0xc0000005
Fault offset: 0x00225c8a
Faulting process id: 0x938
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2012 04:55:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {50ee40d5-80cf-4407-90e0-1fddc34a62c5}

Error: (01/28/2012 02:56:36 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription


System errors:
=============
Error: (01/28/2012 07:54:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (01/28/2012 04:04:23 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 04:03:23 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 04:01:23 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 04:00:23 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 03:58:23 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 03:57:22 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 03:55:21 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 03:54:20 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2012 03:52:20 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/28/2012 10:35:53 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5Flash10b.ocx10.0.22.874987a6c3c000000500225c8a96401ccde1398a56cf7\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWow64\Macromed\Flash\Flash10b.ocx57b30ac8-4a2a-11e1-9021-0025646ad6ec

Error: (01/28/2012 06:37:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Anthony\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2012 06:37:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Anthony\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2012 06:23:50 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {71224562-2ac8-48c6-99a8-4960267b9f66}

Error: (01/28/2012 05:52:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5Flash10b.ocx10.0.22.874987a6c3c00000050020a8419f001ccde00a930a2c6\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWow64\Macromed\Flash\Flash10b.ocxb94438a6-4a02-11e1-a1ab-0025646ad6ec

Error: (01/28/2012 04:08:21 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {98473ab1-e97f-44a2-8655-860124a03da3}

Error: (01/28/2012 05:29:15 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (01/28/2012 05:16:54 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5Flash10b.ocx10.0.22.874987a6c3c000000500225c8a93801ccdda287ff5ba3\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWow64\Macromed\Flash\Flash10b.ocx33214916-4999-11e1-a48c-0025646ad6ec

Error: (01/28/2012 04:55:23 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {50ee40d5-80cf-4407-90e0-1fddc34a62c5}

Error: (01/28/2012 02:56:36 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription


=========================== Installed Programs ============================

µTorrent (Version: 3.1.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
Advanced SystemCare 5 (Version: 5.1.0)
Choice Guard (Version: 1.2.87.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Consumer In-Home Service Agreement (Version: 2.0.0)
Dell Communications (Support Software) (Version: 1.0.09094)
Dell DataSafe Local Backup - Support Software (Version: 2.25)
Dell DataSafe Local Backup (Version: 9.3.24)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.104.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
ESET Online Scanner v3
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8050.1202)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee Total Protection (Version: 11.0.654)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.121.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 4056.36 MB
Available physical RAM: 2193.48 MB
Total Pagefile: 8110.87 MB
Available Pagefile: 5889.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.39 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:278.92 GB) (Free:200.23 GB) NTFS

========================= Users: ========================================

User accounts for \\PHEONIXS-14

Administrator Anthony Guest

========================= Minidump Files ==================================


**** End of log ****

Next I scanned my laptop with ESET Online scanner and here's the Result

:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

Next I followed the instructions for the Malwarebytes scan and here's the Result

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: PHEONIXS-14 [administrator]

1/28/2012 9:24:46 PM
Malwarebytescan

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176461
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> 2404 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Pretty much my computer is still the same because I have windows 7 and theres this one update that is important to install but it won't let me because of this virus

Thanks again for replying...

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 29 January 2012 - 09:12 PM

Hello, in MBAM I see "No action taken." Did you click Remove Selected?

C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 January 2012 - 10:32 PM

If I click on "Remove Selected" it will supposedly removed and restart my laptop but then when I when scan again with MBAM the virus are there again

Vendor Category Item Other
Trojan.Agent File C:\WINDOWS\svchost.exe
Trojan.Agent Memory Process C:\WINDOWS\svchost.exe 2492

thanks again for replying

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 29 January 2012 - 11:42 PM

Hello, lets look at some more.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 January 2012 - 05:32 PM

Ok so I installed and scanned my laptop with TDSSKILLER and yes it did found a threat, I clicked continue and it did make my laptop restart.. for some reason I can't seem to find the log, when i click on report the log shows up there but can't do anything... I rescanned my laptop with TDSSKILLER and this time it didn't found a threat, I also scanned my laptop with aswMBR and heres the log

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 16:25:52
-----------------------------
16:25:52.890 OS Version: Windows x64 6.1.7600
16:25:52.890 Number of processors: 2 586 0x170A
16:25:52.906 ComputerName: PHEONIXS-14 UserName: Anthony
16:26:02.203 Initialize success
16:27:09.213 AVAST engine defs: 12013000
16:27:26.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:27:26.545 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:27:26.623 Disk 0 MBR read successfully
16:27:26.623 Disk 0 MBR scan
16:27:26.638 Disk 0 Windows 7 default MBR code
16:27:26.638 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 298 MB offset 63
16:27:26.716 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19328 MB offset 612352
16:27:26.872 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285615 MB offset 40196096
16:27:26.888 Service scanning
16:27:28.542 Modules scanning
16:27:28.542 Disk 0 trace - called modules:
16:27:28.573 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:27:28.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f7060]
16:27:29.150 3 CLASSPNP.SYS[fffff88001d2643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004133050]
16:27:31.584 AVAST engine scan C:\Windows
16:27:33.705 AVAST engine scan C:\Windows\system32
16:36:11.117 AVAST engine scan C:\Windows\system32\drivers
16:36:32.521 AVAST engine scan C:\Users\Anthony
16:37:58.882 AVAST engine scan C:\ProgramData
16:39:07.803 Scan finished successfully
16:41:14.304 Disk 0 MBR has been saved successfully to "C:\Users\Anthony\Desktop\MBR.dat"
16:41:14.304 The log file has been saved successfully to "C:\Users\Anthony\Desktop\aswMBR.txt"



I aslo rescanned my laptop with MBAM and this time it only found 1 threat out of the 2.. here's the log



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: PHEONIXS-14 [administrator]

1/30/2012 4:18:30 PM
mbam-log-2012-01-30 (16-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176243
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

(end)


I was also able to install the update for my windows 7 which I couldn't before duo to the threat

MBAM still shows up 1 threat


thank you again for the help.. Really appreciated

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 30 January 2012 - 07:31 PM

OK, thats progress.

See if you can see the log here
By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Now we'll do this and see if we get that other.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 31 January 2012 - 07:59 PM

Ok so I found the text for TDSSKILLER

23:59:31.0984 5812 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
23:59:33.0357 5812 ============================================================
23:59:33.0357 5812 Current date / time: 2012/01/29 23:59:33.0357
23:59:33.0357 5812 SystemInfo:
23:59:33.0357 5812
23:59:33.0357 5812 OS Version: 6.1.7600 ServicePack: 0.0
23:59:33.0357 5812 Product type: Workstation
23:59:33.0357 5812 ComputerName: PHEONIXS-14
23:59:33.0357 5812 UserName: Anthony
23:59:33.0357 5812 Windows directory: C:\Windows
23:59:33.0357 5812 System windows directory: C:\Windows
23:59:33.0357 5812 Running under WOW64
23:59:33.0357 5812 Processor architecture: Intel x64
23:59:33.0357 5812 Number of processors: 2
23:59:33.0357 5812 Page size: 0x1000
23:59:33.0357 5812 Boot type: Normal boot
23:59:33.0357 5812 ============================================================
23:59:34.0309 5812 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:59:34.0371 5812 Initialize success
23:59:41.0937 0500 ============================================================
23:59:41.0937 0500 Scan started
23:59:41.0937 0500 Mode: Manual;
23:59:41.0937 0500 ============================================================
23:59:43.0918 0500 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:59:43.0934 0500 1394ohci - ok
23:59:44.0027 0500 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:59:44.0043 0500 ACPI - ok
23:59:44.0152 0500 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:59:44.0152 0500 AcpiPmi - ok
23:59:44.0261 0500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:59:44.0277 0500 adp94xx - ok
23:59:44.0402 0500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:59:44.0417 0500 adpahci - ok
23:59:44.0527 0500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:59:44.0542 0500 adpu320 - ok
23:59:44.0698 0500 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
23:59:44.0714 0500 AFD - ok
23:59:44.0807 0500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:59:44.0807 0500 agp440 - ok
23:59:44.0917 0500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:59:44.0917 0500 aliide - ok
23:59:45.0041 0500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:59:45.0057 0500 amdide - ok
23:59:45.0151 0500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:59:45.0166 0500 AmdK8 - ok
23:59:45.0260 0500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:59:45.0260 0500 AmdPPM - ok
23:59:45.0369 0500 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:59:45.0431 0500 amdsata - ok
23:59:45.0541 0500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:59:45.0556 0500 amdsbs - ok
23:59:45.0665 0500 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:59:45.0712 0500 amdxata - ok
23:59:45.0821 0500 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:59:45.0884 0500 ApfiltrService - ok
23:59:45.0977 0500 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:59:45.0993 0500 AppID - ok
23:59:46.0087 0500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:59:46.0102 0500 arc - ok
23:59:46.0149 0500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:59:46.0165 0500 arcsas - ok
23:59:46.0243 0500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:46.0243 0500 AsyncMac - ok
23:59:46.0305 0500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:59:46.0305 0500 atapi - ok
23:59:46.0399 0500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:59:46.0430 0500 b06bdrv - ok
23:59:46.0555 0500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:59:46.0555 0500 b57nd60a - ok
23:59:46.0726 0500 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
23:59:46.0773 0500 BCM42RLY - ok
23:59:46.0960 0500 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:59:47.0163 0500 BCM43XX - ok
23:59:47.0257 0500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:59:47.0272 0500 Beep - ok
23:59:47.0335 0500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:59:47.0350 0500 blbdrive - ok
23:59:47.0413 0500 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:59:47.0413 0500 bowser - ok
23:59:47.0491 0500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:59:47.0506 0500 BrFiltLo - ok
23:59:47.0553 0500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:59:47.0569 0500 BrFiltUp - ok
23:59:47.0662 0500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:59:47.0678 0500 Brserid - ok
23:59:47.0756 0500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:59:47.0771 0500 BrSerWdm - ok
23:59:47.0818 0500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:59:47.0834 0500 BrUsbMdm - ok
23:59:47.0927 0500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:59:47.0943 0500 BrUsbSer - ok
23:59:48.0005 0500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:59:48.0021 0500 BTHMODEM - ok
23:59:48.0115 0500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:59:48.0130 0500 cdfs - ok
23:59:48.0177 0500 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:59:48.0177 0500 cdrom - ok
23:59:48.0271 0500 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
23:59:48.0271 0500 cfwids - ok
23:59:48.0317 0500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:59:48.0333 0500 circlass - ok
23:59:48.0427 0500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:59:48.0442 0500 CLFS - ok
23:59:48.0505 0500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:48.0505 0500 CmBatt - ok
23:59:48.0536 0500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:59:48.0583 0500 cmdide - ok
23:59:48.0629 0500 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:59:48.0707 0500 CNG - ok
23:59:48.0770 0500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:59:48.0785 0500 Compbatt - ok
23:59:48.0910 0500 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:59:48.0926 0500 CompositeBus - ok
23:59:49.0035 0500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:59:49.0051 0500 crcdisk - ok
23:59:49.0191 0500 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:59:49.0238 0500 CtClsFlt - ok
23:59:49.0300 0500 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
23:59:49.0347 0500 dc3d - ok
23:59:49.0409 0500 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:59:49.0472 0500 DfsC - ok
23:59:49.0519 0500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:59:49.0534 0500 discache - ok
23:59:49.0565 0500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:59:49.0565 0500 Disk - ok
23:59:49.0612 0500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:59:49.0612 0500 drmkaud - ok
23:59:49.0675 0500 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:59:49.0799 0500 DXGKrnl - ok
23:59:49.0893 0500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:59:49.0987 0500 ebdrv - ok
23:59:50.0049 0500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:59:50.0065 0500 elxstor - ok
23:59:50.0096 0500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:59:50.0096 0500 ErrDev - ok
23:59:50.0143 0500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:59:50.0205 0500 exfat - ok
23:59:50.0236 0500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:59:50.0236 0500 fastfat - ok
23:59:50.0267 0500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:59:50.0267 0500 fdc - ok
23:59:50.0299 0500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:59:50.0314 0500 FileInfo - ok
23:59:50.0345 0500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:59:50.0345 0500 Filetrace - ok
23:59:50.0377 0500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:50.0377 0500 flpydisk - ok
23:59:50.0439 0500 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:59:50.0439 0500 FltMgr - ok
23:59:50.0455 0500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:59:50.0470 0500 FsDepends - ok
23:59:50.0486 0500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:59:50.0501 0500 Fs_Rec - ok
23:59:50.0548 0500 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:59:50.0548 0500 fvevol - ok
23:59:50.0579 0500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:59:50.0579 0500 gagp30kx - ok
23:59:50.0626 0500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:59:50.0626 0500 hcw85cir - ok
23:59:50.0657 0500 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:50.0657 0500 HDAudBus - ok
23:59:50.0689 0500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:59:50.0689 0500 HidBatt - ok
23:59:50.0735 0500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:59:50.0735 0500 HidBth - ok
23:59:50.0767 0500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:59:50.0782 0500 HidIr - ok
23:59:50.0798 0500 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:59:50.0798 0500 HidUsb - ok
23:59:50.0829 0500 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:59:50.0829 0500 HpSAMD - ok
23:59:50.0876 0500 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:59:50.0891 0500 HTTP - ok
23:59:50.0907 0500 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:59:50.0907 0500 hwpolicy - ok
23:59:50.0923 0500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:59:50.0923 0500 i8042prt - ok
23:59:51.0032 0500 iaStor (4f6fb2cdbdeefc47e7d2066e78254580) C:\Windows\system32\DRIVERS\iaStor.sys
23:59:51.0125 0500 iaStor - ok
23:59:51.0188 0500 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:59:51.0266 0500 iaStorV - ok
23:59:51.0656 0500 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:59:51.0983 0500 igfx - ok
23:59:52.0139 0500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:59:52.0155 0500 iirsp - ok
23:59:52.0202 0500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:59:52.0202 0500 intelide - ok
23:59:52.0249 0500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:59:52.0249 0500 intelppm - ok
23:59:52.0280 0500 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:52.0295 0500 IpFilterDriver - ok
23:59:52.0311 0500 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:59:52.0311 0500 IPMIDRV - ok
23:59:52.0342 0500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:59:52.0342 0500 IPNAT - ok
23:59:52.0358 0500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:59:52.0373 0500 IRENUM - ok
23:59:52.0389 0500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:59:52.0389 0500 isapnp - ok
23:59:52.0420 0500 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:59:52.0436 0500 iScsiPrt - ok
23:59:52.0467 0500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:59:52.0467 0500 kbdclass - ok
23:59:52.0483 0500 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:59:52.0483 0500 kbdhid - ok
23:59:52.0529 0500 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:59:52.0545 0500 KSecDD - ok
23:59:52.0561 0500 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:59:52.0623 0500 KSecPkg - ok
23:59:52.0639 0500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:59:52.0639 0500 ksthunk - ok
23:59:52.0654 0500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:59:52.0670 0500 lltdio - ok
23:59:52.0701 0500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:59:52.0701 0500 LSI_FC - ok
23:59:52.0717 0500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:59:52.0732 0500 LSI_SAS - ok
23:59:52.0748 0500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:59:52.0763 0500 LSI_SAS2 - ok
23:59:52.0779 0500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:59:52.0795 0500 LSI_SCSI - ok
23:59:52.0810 0500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:59:52.0810 0500 luafv - ok
23:59:52.0935 0500 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
23:59:52.0997 0500 McPvDrv - ok
23:59:53.0029 0500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:59:53.0044 0500 megasas - ok
23:59:53.0075 0500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:59:53.0091 0500 MegaSR - ok
23:59:53.0153 0500 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
23:59:53.0169 0500 mfeapfk - ok
23:59:53.0294 0500 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
23:59:53.0356 0500 mfeavfk - ok
23:59:53.0403 0500 mfeavfk01 - ok
23:59:53.0481 0500 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
23:59:53.0575 0500 mfefirek - ok
23:59:53.0637 0500 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
23:59:53.0715 0500 mfehidk - ok
23:59:53.0809 0500 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:59:53.0840 0500 mfenlfk - ok
23:59:53.0887 0500 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
23:59:53.0933 0500 mferkdet - ok
23:59:53.0980 0500 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
23:59:53.0996 0500 mfewfpk - ok
23:59:54.0027 0500 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
23:59:54.0089 0500 MOBKFilter - ok
23:59:54.0121 0500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:59:54.0136 0500 Modem - ok
23:59:54.0167 0500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:59:54.0167 0500 monitor - ok
23:59:54.0183 0500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:59:54.0183 0500 mouclass - ok
23:59:54.0199 0500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:59:54.0199 0500 mouhid - ok
23:59:54.0230 0500 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:59:54.0230 0500 mountmgr - ok
23:59:54.0245 0500 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:59:54.0261 0500 mpio - ok
23:59:54.0277 0500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:59:54.0292 0500 mpsdrv - ok
23:59:54.0308 0500 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:59:54.0323 0500 MRxDAV - ok
23:59:54.0370 0500 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:54.0370 0500 mrxsmb - ok
23:59:54.0401 0500 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:54.0401 0500 mrxsmb10 - ok
23:59:54.0448 0500 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:54.0511 0500 mrxsmb20 - ok
23:59:54.0542 0500 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:59:54.0542 0500 msahci - ok
23:59:54.0557 0500 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:59:54.0557 0500 msdsm - ok
23:59:54.0589 0500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:59:54.0589 0500 Msfs - ok
23:59:54.0620 0500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:59:54.0635 0500 mshidkmdf - ok
23:59:54.0651 0500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:59:54.0651 0500 msisadrv - ok
23:59:54.0682 0500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:59:54.0682 0500 MSKSSRV - ok
23:59:54.0698 0500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:54.0698 0500 MSPCLOCK - ok
23:59:54.0713 0500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:59:54.0729 0500 MSPQM - ok
23:59:54.0745 0500 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:59:54.0760 0500 MsRPC - ok
23:59:54.0760 0500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:54.0776 0500 mssmbios - ok
23:59:54.0791 0500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:59:54.0791 0500 MSTEE - ok
23:59:54.0807 0500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:59:54.0807 0500 MTConfig - ok
23:59:54.0823 0500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:59:54.0823 0500 Mup - ok
23:59:54.0854 0500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:59:54.0869 0500 NativeWifiP - ok
23:59:54.0901 0500 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:59:54.0932 0500 NDIS - ok
23:59:54.0963 0500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:59:54.0963 0500 NdisCap - ok
23:59:54.0979 0500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:54.0979 0500 NdisTapi - ok
23:59:55.0010 0500 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:55.0010 0500 Ndisuio - ok
23:59:55.0025 0500 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:55.0025 0500 NdisWan - ok
23:59:55.0041 0500 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:59:55.0041 0500 NDProxy - ok
23:59:55.0057 0500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:59:55.0057 0500 NetBIOS - ok
23:59:55.0088 0500 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:59:55.0088 0500 NetBT - ok
23:59:55.0135 0500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:59:55.0135 0500 nfrd960 - ok
23:59:55.0150 0500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:59:55.0150 0500 Npfs - ok
23:59:55.0166 0500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:59:55.0166 0500 nsiproxy - ok
23:59:55.0275 0500 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:59:55.0353 0500 Ntfs - ok
23:59:55.0369 0500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:59:55.0384 0500 Null - ok
23:59:55.0431 0500 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:59:55.0493 0500 nvraid - ok
23:59:55.0509 0500 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:59:55.0556 0500 nvstor - ok
23:59:55.0587 0500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:59:55.0587 0500 nv_agp - ok
23:59:55.0618 0500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:59:55.0618 0500 ohci1394 - ok
23:59:55.0649 0500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:59:55.0649 0500 Parport - ok
23:59:55.0681 0500 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:59:55.0681 0500 partmgr - ok
23:59:55.0696 0500 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:59:55.0712 0500 pci - ok
23:59:55.0727 0500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:59:55.0727 0500 pciide - ok
23:59:55.0759 0500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:59:55.0774 0500 pcmcia - ok
23:59:55.0790 0500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:59:55.0790 0500 pcw - ok
23:59:55.0821 0500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:59:55.0852 0500 PEAUTH - ok
23:59:55.0930 0500 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:59:55.0977 0500 Point64 - ok
23:59:56.0008 0500 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:59:56.0024 0500 PptpMiniport - ok
23:59:56.0039 0500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:59:56.0055 0500 Processor - ok
23:59:56.0071 0500 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:59:56.0086 0500 Psched - ok
23:59:56.0086 0500 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:59:56.0149 0500 PxHlpa64 - ok
23:59:56.0211 0500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:59:56.0305 0500 ql2300 - ok
23:59:56.0320 0500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:59:56.0336 0500 ql40xx - ok
23:59:56.0351 0500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:59:56.0367 0500 QWAVEdrv - ok
23:59:56.0383 0500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:59:56.0398 0500 RasAcd - ok
23:59:56.0429 0500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:59:56.0429 0500 RasAgileVpn - ok
23:59:56.0461 0500 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:56.0461 0500 Rasl2tp - ok
23:59:56.0492 0500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:56.0492 0500 RasPppoe - ok
23:59:56.0507 0500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:59:56.0523 0500 RasSstp - ok
23:59:56.0539 0500 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:59:56.0539 0500 rdbss - ok
23:59:56.0570 0500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:59:56.0585 0500 rdpbus - ok
23:59:56.0601 0500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:56.0601 0500 RDPCDD - ok
23:59:56.0632 0500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:59:56.0632 0500 RDPENCDD - ok
23:59:56.0663 0500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:59:56.0663 0500 RDPREFMP - ok
23:59:56.0679 0500 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:59:56.0695 0500 RDPWD - ok
23:59:56.0726 0500 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:59:56.0741 0500 rdyboost - ok
23:59:56.0788 0500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:59:56.0788 0500 rspndr - ok
23:59:56.0835 0500 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
23:59:56.0851 0500 RSUSBSTOR - ok
23:59:56.0882 0500 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:59:56.0882 0500 sbp2port - ok
23:59:56.0960 0500 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
23:59:57.0022 0500 SBRE - ok
23:59:57.0022 0500 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:59:57.0038 0500 scfilter - ok
23:59:57.0053 0500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:59:57.0053 0500 secdrv - ok
23:59:57.0069 0500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:59:57.0085 0500 Serenum - ok
23:59:57.0100 0500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:59:57.0100 0500 Serial - ok
23:59:57.0116 0500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:59:57.0116 0500 sermouse - ok
23:59:57.0163 0500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:59:57.0163 0500 sffdisk - ok
23:59:57.0209 0500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:59:57.0209 0500 sffp_mmc - ok
23:59:57.0241 0500 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:59:57.0303 0500 sffp_sd - ok
23:59:57.0350 0500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:57.0350 0500 sfloppy - ok
23:59:57.0397 0500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:57.0397 0500 SiSRaid2 - ok
23:59:57.0428 0500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:57.0428 0500 SiSRaid4 - ok
23:59:57.0459 0500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:59:57.0459 0500 Smb - ok
23:59:57.0490 0500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:59:57.0506 0500 spldr - ok
23:59:57.0584 0500 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:59:57.0599 0500 srv - ok
23:59:57.0662 0500 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:59:57.0724 0500 srv2 - ok
23:59:57.0755 0500 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:59:57.0818 0500 srvnet - ok
23:59:57.0849 0500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:59:57.0865 0500 stexstor - ok
23:59:57.0927 0500 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
23:59:57.0989 0500 STHDA - ok
23:59:58.0021 0500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:59:58.0021 0500 swenum - ok
23:59:58.0114 0500 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:59:58.0270 0500 Tcpip - ok
23:59:58.0301 0500 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:59:58.0317 0500 TCPIP6 - ok
23:59:58.0364 0500 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:59:58.0364 0500 tcpipreg - ok
23:59:58.0411 0500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:59:58.0411 0500 TDPIPE - ok
23:59:58.0442 0500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:59:58.0442 0500 TDTCP - ok
23:59:58.0473 0500 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:59:58.0473 0500 tdx - ok
23:59:58.0489 0500 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:59:58.0504 0500 TermDD - ok
23:59:58.0535 0500 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:58.0535 0500 tssecsrv - ok
23:59:58.0551 0500 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:59:58.0551 0500 tunnel - ok
23:59:58.0582 0500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:59:58.0582 0500 uagp35 - ok
23:59:58.0613 0500 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:59:58.0629 0500 udfs - ok
23:59:58.0660 0500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:59:58.0660 0500 uliagpkx - ok
23:59:58.0676 0500 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:59:58.0676 0500 umbus - ok
23:59:58.0707 0500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:59:58.0707 0500 UmPass - ok
23:59:58.0754 0500 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:58.0832 0500 usbccgp - ok
23:59:58.0847 0500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:59:58.0863 0500 usbcir - ok
23:59:58.0910 0500 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:59:58.0957 0500 usbehci - ok
23:59:59.0019 0500 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:59:59.0081 0500 usbhub - ok
23:59:59.0113 0500 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
23:59:59.0159 0500 usbohci - ok
23:59:59.0175 0500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:59:59.0191 0500 usbprint - ok
23:59:59.0206 0500 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
23:59:59.0253 0500 USBSTOR - ok
23:59:59.0269 0500 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:59.0315 0500 usbuhci - ok
23:59:59.0362 0500 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:59:59.0425 0500 usbvideo - ok
23:59:59.0456 0500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:59:59.0471 0500 vdrvroot - ok
23:59:59.0487 0500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:59.0503 0500 vga - ok
23:59:59.0518 0500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:59:59.0518 0500 VgaSave - ok
23:59:59.0549 0500 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:59:59.0549 0500 vhdmp - ok
23:59:59.0565 0500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:59:59.0581 0500 viaide - ok
23:59:59.0596 0500 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:59:59.0596 0500 volmgr - ok
23:59:59.0627 0500 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:59:59.0627 0500 volmgrx - ok
23:59:59.0659 0500 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:59:59.0674 0500 volsnap - ok
23:59:59.0705 0500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:59.0721 0500 vsmraid - ok
23:59:59.0737 0500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:59:59.0737 0500 vwifibus - ok
23:59:59.0752 0500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:59:59.0752 0500 vwififlt - ok
23:59:59.0768 0500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:59:59.0783 0500 WacomPen - ok
23:59:59.0783 0500 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:59.0799 0500 WANARP - ok
23:59:59.0799 0500 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:59.0799 0500 Wanarpv6 - ok
23:59:59.0830 0500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:59:59.0846 0500 Wd - ok
23:59:59.0877 0500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:59:59.0893 0500 Wdf01000 - ok
23:59:59.0924 0500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:59.0939 0500 WfpLwf - ok
23:59:59.0971 0500 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
00:00:00.0033 0500 WimFltr - ok
00:00:00.0049 0500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:00:00.0049 0500 WIMMount - ok
00:00:00.0158 0500 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:00:00.0158 0500 WinUsb - ok
00:00:00.0189 0500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:00:00.0205 0500 WmiAcpi - ok
00:00:00.0251 0500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:00:00.0251 0500 ws2ifsl - ok
00:00:00.0283 0500 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:00:00.0283 0500 WudfPf - ok
00:00:00.0329 0500 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:00:00.0345 0500 WUDFRd - ok
00:00:00.0439 0500 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
00:00:00.0485 0500 yukonw7 - ok
00:00:00.0501 0500 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
00:00:00.0532 0500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:00:00.0532 0500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:00:00.0563 0500 Boot (0x1200) (29b7ea528f44347ce91f4391116b3612) \Device\Harddisk0\DR0\Partition0
00:00:00.0563 0500 \Device\Harddisk0\DR0\Partition0 - ok
00:00:00.0579 0500 Boot (0x1200) (46e4a1dce303e2fff987c9cacfa4d060) \Device\Harddisk0\DR0\Partition1
00:00:00.0595 0500 \Device\Harddisk0\DR0\Partition1 - ok
00:00:00.0595 0500 ============================================================
00:00:00.0595 0500 Scan finished
00:00:00.0595 0500 ============================================================
00:00:00.0610 5252 Detected object count: 1
00:00:00.0610 5252 Actual detected object count: 1
06:55:33.0155 5252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
06:55:33.0155 5252 \Device\Harddisk0\DR0 - ok
06:55:33.0171 5252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
06:55:40.0986 4824 Deinitialize success


I also rescanned my laptop with ESETscanner and this time it found 3 threats, I clicked on finish and restarted my laptop .. then rescanned my laptop with esetscanned and this time it didn't found threats, I also rescanned with MBAM (Quick Scan) and it one 1 threat the same one so I clicked remove selected and restarted my laptop then I rescanned again with MBAM (quick scan and this time it didn't found any threats .. I doing a full scan now with MBAM ..

thank again for the Help... thank you so much!!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 31 January 2012 - 08:39 PM

OK good let me know if its gone. Rebooting is good between scans as it clears the registry cahnges.

We will still need to Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


And
Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 31 January 2012 - 09:23 PM

Ok I followed the instructions with both programs and they both restarted my laptop after completing
thank you again for the help
really thank you so much

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 31 January 2012 - 09:55 PM

You're most welcome!!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Anthony14

Anthony14
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 31 January 2012 - 10:29 PM

Done.. THANK YOU AGAIN thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users