Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit tcp/ip detected on my laptop


  • This topic is locked This topic is locked
143 replies to this topic

#1 jackeduplaptop

jackeduplaptop

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 24 September 2011 - 06:53 PM

Hi. I am a new user. I have a work laptop that has been infected. I am running XP sp3, panasonic cf-w7. It corrupted a bunch of files and has rendered my computer useless. I could not start up in Normal mode because my Credant Security was corrupted, but i was able to uninstall it in Safe Mode. Before it would uninstall i had to remove my netnanny because it was corrupted. Seems like it was a chain reaction. With Credant off i could boot up in Normal mode. I tried to run antivirus applications in safe mode and normal mode but they would either not run or the application was killed. I took it to a local shop and the memory and HD were tested and were fine. They ran scans and could not find a virus (this was before i was able to boot in normal mode).

I can not get online. My Network connections says "empty". My printers are and other connections are removed also. I get errors stating my audio is missing or changed, B-clips is missing or changed. I can not open word, excel, Pdf files as it says i don't have permission. My tray is almost empty. the applications that were there don't show.

I have been scouring the internet for help or advice because my gut said it was something malicious and not hardware. Based on the different errors i got i was led to your website and the Combofix.exe application. I installed it via thumbdrive and follow the instructions step by step. Unfortunately i missed the BIG important one that says not to use it unless instructed. So here i am begging for help. I have attached the log it generated. At the outset of the application it said it picked up a TCP/IP rootkit infection. After running the application my computer looks about the same and i get a couple of the same messages. I did run the SuperAntivirusportable software and it was the first time i was able to run a full session of anything. I have not touched anything else since i generated the report and i won't until i hear back from someone.

Thanks in advance for anything and everything....

BC AdBot (Login to Remove)

 


#2 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 24 September 2011 - 07:20 PM

Update: I just noticed that after the Combofix was run my printers that were previously empty are back and appear to show as they did before infection.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:06 AM

Posted 24 September 2011 - 10:02 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. Since you have run ComboFix, please include the ComboFix log in the new topic.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the other logs, include the ComboFix log, and describe what happens when you try to create the other logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 25 September 2011 - 12:04 AM

Original post:
"Hi. I am a new user. I have a work laptop that has been infected. I am running XP sp3, panasonic cf-w7. It corrupted a bunch of files and has rendered my computer useless. I could not start up in Normal mode because my Credant Security was corrupted, but i was able to uninstall it in Safe Mode. Before it would uninstall i had to remove my netnanny because it was corrupted. Seems like it was a chain reaction. With Credant off i could boot up in Normal mode. I tried to run antivirus applications in safe mode and normal mode but they would either not run or the application was killed. I took it to a local shop and the memory and HD were tested and were fine. They ran scans and could not find a virus (this was before i was able to boot in normal mode).

I can not get online. My Network connections says "empty". My printers are and other connections are removed also. I get errors stating my audio is missing or changed, B-clips is missing or changed. I can not open word, excel, Pdf files as it says i don't have permission. My tray is almost empty. the applications that were there don't show.

I have been scouring the internet for help or advice because my gut said it was something malicious and not hardware. Based on the different errors i got i was led to your website and the Combofix.exe application. I installed it via thumbdrive and follow the instructions step by step. Unfortunately i missed the BIG important one that says not to use it unless instructed. So here i am begging for help. I have attached the log it generated. At the outset of the application it said it picked up a TCP/IP rootkit infection. After running the application my computer looks about the same and i get a couple of the same messages. I did run the SuperAntivirusportable software and it was the first time i was able to run a full session of anything. I have not touched anything else since i generated the report and i won't until i hear back from someone."

***Since my original post above***
I noticed that after the combofix application my printers were uncovered and show up again. But there is still signs of the other mischief.

OrangeBlossom kindly replied and sent me instructions on how to correctly post. I was able to get the other files with relative ease. They are attached. log.txt is the Combofix report.

Thank you in advance for anything you can do.

Attached Files

  • Attached File  dds.txt   15.42KB   14 downloads
  • Attached File  attach.txt   17.34KB   9 downloads
  • Attached File  ark.txt   182.48KB   0 downloads
  • Attached File  log.txt   30.67KB   18 downloads

Edited by Orange Blossom, 25 September 2011 - 03:06 PM.
Merged topics. ~ OB


#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 29 September 2011 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420341 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 30 September 2011 - 12:10 AM

Hi. I still need help. I don't remember doing anything change anything since my original post other than a couple reboots. My laptop has been useless since September 16th. I was running firefox web browner when some error showed up and shut it down. Tried to reopen but would not. IE would not work either. I realized it looked like some kind of infection so I tried to run SuperAntivirus portable. The scan was involuntarily terminated twice. I rebooted. I have Credant security on my laptop. My laptop runs secure software for work (smartapp Next Generation aka SNG and aflac related files) so with the sensitive information we are require to have Credant encryption. Upon reboot i attempted to enter my Credant log in and password, but an error pops up saying that Credant files were missing damaged and needed to be reinstalled. But I could not get past that point on the reboot. So I rebooted in Safe mode. I could pass the Credant. I tried running SAvirus portable but the same error occurred shutting it down. I also tried running Malwarebytes, but the same problem would occur. It ran through one time and picked up some nominal cookie or something similar. I ran the removal tool. I could not run it again, as it stops abruptly also. I could not open and word docs, excel, ms office, aflac programs. The files have been locked up by Credant. I can get to "my computer" to access c drive files. I took my laptop to a computer repair shop down the road. They tested the memory and hard drive (no errors), then ran antivirus and malware but were unable to find anything. They basically handed it back to me and said that Credant was corrupted and that was the problem. But my gut thought otherwise.

I called our tech support. They showed me how to uninstall Credant. But an error came up stating that I could not remove Credant because of an error with "content watch" (netnanny is on all our computers). I uninstalled Netnanny. I was then able to run the uninstall for Credant. This allowed me to reboot in normal mode. After rebooting in normal mode a bunch or errors popped up, such as: Sound Max needs to be reinstalled, B clips needs to be reinstalled, wireless switch, fan control, virus definitions vptray.exe. I could not reinstall Credant unless I have internet connection but that has been disabled. I went into msconfig and removed so things from start up and then rebooted and about half the errors didn't pop up. But that was just a band-aid. The programs will still need to run eventually. I also noticed that my tray was empty. I have about 8 things in my tray from volume, wifi, battery, and other basic items that should be there. My firewall is disabled. My network connections says "empty" so i can NOT connect to the internet via Lan or wifi. I can not create a connection either. My installed printers are also gone. I tried to search for help with Tcp/ip reinstall and things like that but nothing would work. In command prompt i would getter errors about some library was missing when trying to reset tcp/ip.

I was about to give up and mail this in for a re-imaging... Then i found bleeping computer. I read through some different posts that looked like there may be hope. I have pst files and things that I really need to restore, but re-imaging would destroy everything. I started reading about Combofix.exe halfway through a post. I printed out the instructions and followed them line by line. (it was afterwards i saw the notes that i should not run unless i was told to by a helper... i apologize for that) The combofix ran (to my suprise because at this point nothing i tried would run) Combofix detected a Rootkit TCP/IP (stack?) infection. It went into reboot mode and did its thing. It ran all the way through and generated a report (attached to my prior post below). After Combofix did its thing and rebooted, i noticed that i IE icon that disappeared was back and my printers showed up again. After reboot I ran SuperAntivirus portable and it picked up "Adware.vundo/Variant-x32 [header]" c:\windows\system32\mdhcp.dll and it removed this. I still can't get online and my network connections are still "empty", along with other problems of missing/corrupted/or just disappeared files. I posted my initial reply to bleeping computer, Orange blossom sent me instructions to generate files (attached), and I haven't touched my laptop since. After running combofix i don't want to do anything that may damage (further damage) my computer.

i am running XP Pro. My laptop is a panasonic CF-W7. The laptop came with a recovery CD, but not an OS cd. (I do have a copy of an XP pro upgrade CD if that is any help? I have the serial and original Win98 cd.)

I truly appreciate your assistance and look forward to hearing from you. If i missed anything please let me know and I will get it to you asap. The New DDS, Attach, and Ark (Gmer) is attached. The file date is included. Thanks...

Attached Files



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:06 PM

Posted 30 September 2011 - 05:26 AM

Hello jackeduplaptop,

Apologies for the delay.

Please copy and paste the logs instead of attaching them unless requested or the log is too long.

  • Please download TDSSKiller.zip and and extract it. Copy TDSSKiller.exe to your thumbdrive.
  • Please download Junction.zip and save it.
    Unzip it and copy junction.exe to your thumbdrive.
  • Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

    @ECHO OFF
    junction.exe -s c:\>log.txt
    start log.txt
    
    Save it to your thumbdrive
    Save as type: All Files
    File name: look.bat
  • Insert the thumbdrive into infected computer.
    • Double-click junction.exe and confirm the license agreement. It opens and closes, that is normal.
    • Double click look.bat to run it. A log will be presented. Copy and paste the log in your next reply.
  • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Edited by farbar, 30 September 2011 - 05:27 AM.
typo


#8 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 30 September 2011 - 09:46 AM

Look.bat post below

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

..
Failed to open \\?\c:\\Documents and Settings\A0JF\Desktop\arekill.com: Access is denied.


.

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Access is denied.


..

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.




...

...

...

...

..
Failed to open \\?\c:\\Program Files\Symantec AntiVirus\Rtvscan.exe: Access is denied.


.

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

...

...

...

...

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



...

...

...

...

...

...

...

...

...

...

...

...

...

.

TDS Killer Report below:


07:39:04.0828 0748 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
07:39:04.0843 0748 ============================================================
07:39:04.0843 0748 Current date / time: 2011/09/30 07:39:04.0843
07:39:04.0843 0748 SystemInfo:
07:39:04.0843 0748
07:39:04.0843 0748 OS Version: 5.1.2600 ServicePack: 3.0
07:39:04.0843 0748 Product type: Workstation
07:39:04.0843 0748 ComputerName: AFLACA0JF
07:39:04.0843 0748 UserName: A0JF
07:39:04.0843 0748 Windows directory: C:\WINDOWS
07:39:04.0843 0748 System windows directory: C:\WINDOWS
07:39:04.0843 0748 Processor architecture: Intel x86
07:39:04.0843 0748 Number of processors: 2
07:39:04.0843 0748 Page size: 0x1000
07:39:04.0843 0748 Boot type: Normal boot
07:39:04.0843 0748 ============================================================
07:39:05.0171 0748 Initialize success
07:39:06.0484 0676 ============================================================
07:39:06.0484 0676 Scan started
07:39:06.0484 0676 Mode: Manual;
07:39:06.0484 0676 ============================================================
07:39:06.0984 0676 Abiosdsk - ok
07:39:07.0000 0676 abp480n5 - ok
07:39:07.0078 0676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:39:07.0078 0676 ACPI - ok
07:39:07.0125 0676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:39:07.0125 0676 ACPIEC - ok
07:39:07.0187 0676 ADIHdAudAddService (dc558468f9aaa134d3126da3145a0c63) C:\WINDOWS\system32\drivers\ADIHdAud.sys
07:39:07.0203 0676 ADIHdAudAddService - ok
07:39:07.0296 0676 adpu160m - ok
07:39:07.0328 0676 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys
07:39:07.0328 0676 AEAudio - ok
07:39:07.0375 0676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:39:07.0375 0676 aec - ok
07:39:07.0437 0676 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
07:39:07.0453 0676 AFD - ok
07:39:07.0468 0676 Aha154x - ok
07:39:07.0484 0676 aic78u2 - ok
07:39:07.0500 0676 aic78xx - ok
07:39:07.0531 0676 AliIde - ok
07:39:07.0546 0676 amsint - ok
07:39:07.0562 0676 asc - ok
07:39:07.0578 0676 asc3350p - ok
07:39:07.0593 0676 asc3550 - ok
07:39:07.0671 0676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:39:07.0671 0676 AsyncMac - ok
07:39:07.0796 0676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:39:07.0796 0676 atapi - ok
07:39:07.0812 0676 Atdisk - ok
07:39:07.0859 0676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:39:07.0859 0676 Atmarpc - ok
07:39:07.0921 0676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:39:07.0921 0676 audstub - ok
07:39:07.0984 0676 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
07:39:07.0984 0676 awlegacy - ok
07:39:08.0062 0676 AW_HOST (852d995a4b283c341a2baefaa8067671) C:\WINDOWS\system32\drivers\aw_host5.sys
07:39:08.0062 0676 AW_HOST - ok
07:39:08.0203 0676 bcm (e16288bc922dfd9fa7a132ea69abcab8) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
07:39:08.0218 0676 bcm - ok
07:39:08.0250 0676 bcmbusctr (c0c693ea4b2e937502d6ed5c8a2c0e52) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
07:39:08.0250 0676 bcmbusctr - ok
07:39:08.0296 0676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:39:08.0296 0676 Beep - ok
07:39:08.0375 0676 BsStor (60ec51fcfba811085280a60137c94efb) C:\WINDOWS\system32\drivers\BsStor.sys
07:39:08.0375 0676 BsStor - ok
07:39:08.0484 0676 BsUDF (28d73abe81f81d42c8831da8de2d217b) C:\WINDOWS\system32\drivers\BsUDF.sys
07:39:08.0484 0676 BsUDF - ok
07:39:08.0484 0676 catchme - ok
07:39:08.0531 0676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:39:08.0531 0676 cbidf2k - ok
07:39:08.0546 0676 cd20xrnt - ok
07:39:08.0593 0676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:39:08.0593 0676 Cdaudio - ok
07:39:08.0656 0676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:39:08.0656 0676 Cdfs - ok
07:39:08.0703 0676 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
07:39:08.0703 0676 cdrbsdrv - ok
07:39:08.0750 0676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:39:08.0750 0676 Cdrom - ok
07:39:08.0843 0676 Changer - ok
07:39:08.0875 0676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:39:08.0875 0676 CmBatt - ok
07:39:08.0890 0676 CmdIde - ok
07:39:08.0968 0676 CmgShieldCEF (9cfc6ddd12e208a2776a215b68fff962) C:\WINDOWS\system32\DRIVERS\CMGShCEF.sys
07:39:08.0968 0676 CmgShieldCEF - ok
07:39:09.0046 0676 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\WINDOWS\system32\DRIVERS\cm_ser.sys
07:39:09.0046 0676 cm_ser - ok
07:39:09.0203 0676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:39:09.0203 0676 Compbatt - ok
07:39:09.0234 0676 Cpqarray - ok
07:39:09.0296 0676 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:39:09.0296 0676 CVirtA - ok
07:39:09.0375 0676 CVPNDRVA (a2660bbb3c266540a72be98e747adee6) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:39:09.0375 0676 CVPNDRVA - ok
07:39:09.0484 0676 dac2w2k - ok
07:39:09.0500 0676 dac960nt - ok
07:39:09.0578 0676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:39:09.0578 0676 Disk - ok
07:39:09.0671 0676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:39:09.0687 0676 dmboot - ok
07:39:09.0828 0676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:39:09.0828 0676 dmio - ok
07:39:09.0843 0676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:39:09.0843 0676 dmload - ok
07:39:09.0890 0676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:39:09.0890 0676 DMusic - ok
07:39:09.0968 0676 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:39:09.0968 0676 DNE - ok
07:39:10.0000 0676 dpti2o - ok
07:39:10.0015 0676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:39:10.0015 0676 drmkaud - ok
07:39:10.0109 0676 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
07:39:10.0109 0676 dsNcAdpt - ok
07:39:10.0265 0676 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:39:10.0265 0676 eeCtrl - ok
07:39:10.0296 0676 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:39:10.0296 0676 EraserUtilRebootDrv - ok
07:39:10.0468 0676 Etm (3d0c6873c620aa8d285edb8398a26777) C:\WINDOWS\system32\DRIVERS\EtmDrvMgr.sys
07:39:10.0468 0676 Etm - ok
07:39:10.0500 0676 EtmCpu (e424d70e9ddeeed1b81d3caf821c896f) C:\WINDOWS\system32\DRIVERS\EtmDevCpu.sys
07:39:10.0500 0676 EtmCpu - ok
07:39:10.0515 0676 EtmFan (b99c9f5509f7db7c69f7d99f2fc422bd) C:\WINDOWS\system32\DRIVERS\EtmDevFan.sys
07:39:10.0515 0676 EtmFan - ok
07:39:10.0546 0676 EtmGmchMem (d34fef2f9235489acc0d11b5d686c4f2) C:\WINDOWS\system32\DRIVERS\EtmDevGmch.sys
07:39:10.0546 0676 EtmGmchMem - ok
07:39:10.0562 0676 EtmTempSense (698e3dbad5443fb828fec5a14b17daab) C:\WINDOWS\system32\DRIVERS\EtmTempSense.sys
07:39:10.0562 0676 EtmTempSense - ok
07:39:10.0656 0676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:39:10.0656 0676 Fastfat - ok
07:39:10.0796 0676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:39:10.0796 0676 Fdc - ok
07:39:10.0843 0676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:39:10.0843 0676 Fips - ok
07:39:10.0859 0676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:39:10.0859 0676 Flpydisk - ok
07:39:10.0937 0676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:39:10.0937 0676 FltMgr - ok
07:39:11.0000 0676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:39:11.0000 0676 Fs_Rec - ok
07:39:11.0031 0676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:39:11.0031 0676 Ftdisk - ok
07:39:11.0187 0676 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
07:39:11.0187 0676 Gernuwa - ok
07:39:11.0281 0676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:39:11.0281 0676 Gpc - ok
07:39:11.0359 0676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:39:11.0359 0676 HDAudBus - ok
07:39:11.0390 0676 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:39:11.0406 0676 hidusb - ok
07:39:11.0484 0676 HOTKEY (e853f5e773eb89a6435cd0cfeab63076) C:\WINDOWS\system32\DRIVERS\hotkey.sys
07:39:11.0484 0676 HOTKEY - ok
07:39:11.0578 0676 hpn - ok
07:39:11.0656 0676 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:39:11.0656 0676 HSFHWAZL - ok
07:39:11.0718 0676 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:39:11.0734 0676 HSF_DPV - ok
07:39:11.0921 0676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:39:11.0921 0676 HTTP - ok
07:39:11.0984 0676 i2omgmt - ok
07:39:12.0000 0676 i2omp - ok
07:39:12.0062 0676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:39:12.0062 0676 i8042prt - ok
07:39:12.0406 0676 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:39:12.0468 0676 ialm - ok
07:39:12.0656 0676 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
07:39:12.0656 0676 iaStor - ok
07:39:12.0734 0676 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
07:39:12.0734 0676 IFXTPM - ok
07:39:12.0812 0676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:39:12.0812 0676 Imapi - ok
07:39:12.0968 0676 ini910u - ok
07:39:12.0984 0676 IntelIde - ok
07:39:13.0015 0676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:39:13.0031 0676 intelppm - ok
07:39:13.0062 0676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:39:13.0062 0676 Ip6Fw - ok
07:39:13.0093 0676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:39:13.0093 0676 IpFilterDriver - ok
07:39:13.0140 0676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:39:13.0140 0676 IpInIp - ok
07:39:13.0281 0676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:39:13.0296 0676 IpNat - ok
07:39:13.0328 0676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:39:13.0328 0676 IPSec - ok
07:39:13.0375 0676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:39:13.0375 0676 IRENUM - ok
07:39:13.0421 0676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:39:13.0421 0676 isapnp - ok
07:39:13.0578 0676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:39:13.0578 0676 Kbdclass - ok
07:39:13.0609 0676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:39:13.0609 0676 kmixer - ok
07:39:13.0656 0676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:39:13.0671 0676 KSecDD - ok
07:39:13.0703 0676 kwkxusb (f335b5683c682bed08bd318a6a9838c1) C:\WINDOWS\system32\DRIVERS\kwusb2k.sys
07:39:13.0718 0676 kwkxusb - ok
07:39:13.0843 0676 lbrtfdc - ok
07:39:13.0906 0676 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
07:39:13.0906 0676 LHidFlt2 - ok
07:39:13.0953 0676 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
07:39:13.0953 0676 LMouFlt2 - ok
07:39:14.0000 0676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:39:14.0000 0676 mdmxsdk - ok
07:39:14.0093 0676 meiudf (6dd626a5d80338c6c85a3774de9c8e4c) C:\WINDOWS\system32\Drivers\meiudf.sys
07:39:14.0093 0676 meiudf ( Rootkit.Win32.ZAccess.g ) - infected
07:39:14.0093 0676 meiudf - detected Rootkit.Win32.ZAccess.g (0)
07:39:14.0203 0676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:39:14.0203 0676 mnmdd - ok
07:39:14.0281 0676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:39:14.0281 0676 Modem - ok
07:39:14.0359 0676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:39:14.0359 0676 Mouclass - ok
07:39:14.0390 0676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:39:14.0406 0676 mouhid - ok
07:39:14.0531 0676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:39:14.0531 0676 MountMgr - ok
07:39:14.0593 0676 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:39:14.0593 0676 MpFilter - ok
07:39:14.0625 0676 mraid35x - ok
07:39:14.0671 0676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:39:14.0671 0676 MRxDAV - ok
07:39:14.0734 0676 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:39:14.0750 0676 MRxSmb - ok
07:39:14.0843 0676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:39:14.0859 0676 Msfs - ok
07:39:14.0906 0676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:39:14.0906 0676 MSKSSRV - ok
07:39:14.0968 0676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:39:14.0968 0676 MSPCLOCK - ok
07:39:15.0000 0676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:39:15.0000 0676 MSPQM - ok
07:39:15.0046 0676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:39:15.0046 0676 mssmbios - ok
07:39:15.0203 0676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:39:15.0203 0676 Mup - ok
07:39:15.0375 0676 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110913.002\naveng.sys
07:39:15.0375 0676 NAVENG - ok
07:39:15.0500 0676 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110913.002\navex15.sys
07:39:15.0515 0676 NAVEX15 - ok
07:39:15.0718 0676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:39:15.0734 0676 NDIS - ok
07:39:15.0750 0676 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:39:15.0750 0676 NdisTapi - ok
07:39:15.0781 0676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:39:15.0781 0676 Ndisuio - ok
07:39:15.0812 0676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:39:15.0812 0676 NdisWan - ok
07:39:16.0015 0676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:39:16.0031 0676 NDProxy - ok
07:39:16.0078 0676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:39:16.0078 0676 NetBIOS - ok
07:39:16.0109 0676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:39:16.0125 0676 NetBT - ok
07:39:16.0296 0676 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
07:39:16.0328 0676 NETw4x32 - ok
07:39:16.0515 0676 NewMisc (3c481a1b3a89bd643f0dce063faef6cc) C:\WINDOWS\system32\DRIVERS\newmisc.sys
07:39:16.0515 0676 NewMisc - ok
07:39:16.0578 0676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:39:16.0593 0676 Npfs - ok
07:39:16.0625 0676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:39:16.0625 0676 Ntfs - ok
07:39:16.0656 0676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:39:16.0671 0676 Null - ok
07:39:16.0859 0676 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
07:39:16.0875 0676 NWADI - ok
07:39:16.0921 0676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:39:16.0921 0676 NwlnkFlt - ok
07:39:16.0953 0676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:39:16.0953 0676 NwlnkFwd - ok
07:39:17.0000 0676 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
07:39:17.0000 0676 NWUSBCDFIL - ok
07:39:17.0187 0676 NWUSBModem_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
07:39:17.0187 0676 NWUSBModem_000 - ok
07:39:17.0250 0676 NWUSBPort2_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
07:39:17.0250 0676 NWUSBPort2_000 - ok
07:39:17.0296 0676 NWUSBPort_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
07:39:17.0296 0676 NWUSBPort_000 - ok
07:39:17.0484 0676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:39:17.0484 0676 Parport - ok
07:39:17.0531 0676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:39:17.0531 0676 PartMgr - ok
07:39:17.0578 0676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:39:17.0578 0676 ParVdm - ok
07:39:17.0593 0676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:39:17.0593 0676 PCI - ok
07:39:17.0609 0676 PCIDump - ok
07:39:17.0640 0676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:39:17.0640 0676 PCIIde - ok
07:39:17.0812 0676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:39:17.0812 0676 Pcmcia - ok
07:39:17.0828 0676 PCTINDIS5 - ok
07:39:17.0843 0676 PDCOMP - ok
07:39:17.0859 0676 PDFRAME - ok
07:39:17.0875 0676 PDRELI - ok
07:39:17.0906 0676 PDRFRAME - ok
07:39:17.0921 0676 perc2 - ok
07:39:17.0937 0676 perc2hib - ok
07:39:18.0000 0676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:39:18.0000 0676 PptpMiniport - ok
07:39:18.0031 0676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:39:18.0046 0676 PSched - ok
07:39:18.0062 0676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:39:18.0062 0676 Ptilink - ok
07:39:18.0078 0676 ql1080 - ok
07:39:18.0093 0676 Ql10wnt - ok
07:39:18.0125 0676 ql12160 - ok
07:39:18.0140 0676 ql1240 - ok
07:39:18.0156 0676 ql1280 - ok
07:39:18.0171 0676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:39:18.0171 0676 RasAcd - ok
07:39:18.0203 0676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:39:18.0203 0676 Rasl2tp - ok
07:39:18.0406 0676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:39:18.0406 0676 RasPppoe - ok
07:39:18.0421 0676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:39:18.0421 0676 Raspti - ok
07:39:18.0453 0676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:39:18.0468 0676 Rdbss - ok
07:39:18.0484 0676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:39:18.0484 0676 RDPCDD - ok
07:39:18.0562 0676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:39:18.0562 0676 rdpdr - ok
07:39:18.0703 0676 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:39:18.0718 0676 RDPWD - ok
07:39:18.0750 0676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:39:18.0765 0676 redbook - ok
07:39:18.0843 0676 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
07:39:18.0843 0676 s24trans - ok
07:39:18.0921 0676 SafDskNT (ed8757c58232bb7686ba39496c7a919c) C:\WINDOWS\system32\drivers\SafDskNT.sys
07:39:18.0921 0676 SafDskNT - ok
07:39:19.0078 0676 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:39:19.0093 0676 SASDIFSV - ok
07:39:19.0093 0676 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:39:19.0093 0676 SASKUTIL - ok
07:39:19.0187 0676 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
07:39:19.0187 0676 SAVRT - ok
07:39:19.0187 0676 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
07:39:19.0187 0676 SAVRTPEL - ok
07:39:19.0406 0676 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:39:19.0406 0676 sdbus - ok
07:39:19.0578 0676 SDKEY (bdbcdbd35c1ee7b6496ed731107f4b66) C:\Program Files\Panasonic\SDKEY\SDKEY.SYS
07:39:19.0578 0676 SDKEY - ok
07:39:19.0765 0676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:39:19.0765 0676 Secdrv - ok
07:39:19.0796 0676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:39:19.0812 0676 Serial - ok
07:39:19.0859 0676 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
07:39:19.0859 0676 sffdisk - ok
07:39:20.0062 0676 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
07:39:20.0062 0676 sffp_sd - ok
07:39:20.0093 0676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:39:20.0093 0676 Sfloppy - ok
07:39:20.0109 0676 Simbad - ok
07:39:20.0218 0676 SMNDIS5 - ok
07:39:20.0281 0676 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
07:39:20.0281 0676 SMSIVZAM5 - ok
07:39:20.0421 0676 Sparrow - ok
07:39:20.0578 0676 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:39:20.0578 0676 SPBBCDrv - ok
07:39:20.0781 0676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:39:20.0781 0676 splitter - ok
07:39:20.0812 0676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:39:20.0828 0676 sr - ok
07:39:20.0906 0676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:39:20.0906 0676 Srv - ok
07:39:21.0125 0676 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
07:39:21.0125 0676 StillCam - ok
07:39:21.0156 0676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:39:21.0156 0676 swenum - ok
07:39:21.0218 0676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:39:21.0218 0676 swmidi - ok
07:39:21.0250 0676 symc810 - ok
07:39:21.0265 0676 symc8xx - ok
07:39:21.0390 0676 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
07:39:21.0390 0676 SymEvent - ok
07:39:21.0562 0676 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
07:39:21.0562 0676 SYMREDRV - ok
07:39:21.0625 0676 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
07:39:21.0625 0676 SYMTDI - ok
07:39:21.0640 0676 sym_hi - ok
07:39:21.0656 0676 sym_u3 - ok
07:39:21.0734 0676 SynTP (03d4738f3c6a5fa6c8f6633191e0ad1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:39:21.0734 0676 SynTP - ok
07:39:21.0921 0676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:39:21.0921 0676 sysaudio - ok
07:39:22.0000 0676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:39:22.0000 0676 Tcpip - ok
07:39:22.0031 0676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:39:22.0031 0676 TDPIPE - ok
07:39:22.0062 0676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:39:22.0062 0676 TDTCP - ok
07:39:22.0312 0676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:39:22.0312 0676 TermDD - ok
07:39:22.0390 0676 TOPAZUSB (2c4af6504326a8030ac10565acfebc52) C:\WINDOWS\system32\DRIVERS\TOPAZUSB.sys
07:39:22.0390 0676 TOPAZUSB - ok
07:39:22.0406 0676 TosIde - ok
07:39:22.0468 0676 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
07:39:22.0468 0676 tosporte - ok
07:39:22.0656 0676 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
07:39:22.0656 0676 tosrfbd - ok
07:39:22.0687 0676 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
07:39:22.0687 0676 tosrfbnp - ok
07:39:22.0765 0676 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
07:39:22.0765 0676 Tosrfcom - ok
07:39:22.0937 0676 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
07:39:22.0937 0676 Tosrfhid - ok
07:39:22.0968 0676 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
07:39:22.0968 0676 tosrfnds - ok
07:39:23.0000 0676 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys
07:39:23.0000 0676 TosRfSnd - ok
07:39:23.0062 0676 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
07:39:23.0062 0676 tosrfusb - ok
07:39:23.0265 0676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:39:23.0265 0676 Udfs - ok
07:39:23.0281 0676 ultra - ok
07:39:23.0359 0676 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
07:39:23.0359 0676 UltraMonMirror - ok
07:39:23.0437 0676 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
07:39:23.0437 0676 UltraMonUtility - ok
07:39:23.0640 0676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:39:23.0656 0676 Update - ok
07:39:23.0718 0676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:39:23.0718 0676 usbccgp - ok
07:39:23.0765 0676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:39:23.0765 0676 usbehci - ok
07:39:23.0921 0676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:39:23.0921 0676 usbhub - ok
07:39:23.0968 0676 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:39:23.0968 0676 usbohci - ok
07:39:24.0000 0676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:39:24.0000 0676 usbprint - ok
07:39:24.0046 0676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:39:24.0046 0676 usbscan - ok
07:39:24.0093 0676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:39:24.0093 0676 USBSTOR - ok
07:39:24.0234 0676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:39:24.0234 0676 usbuhci - ok
07:39:24.0265 0676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:39:24.0265 0676 VgaSave - ok
07:39:24.0281 0676 ViaIde - ok
07:39:24.0312 0676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:39:24.0312 0676 VolSnap - ok
07:39:24.0375 0676 vsdatant (57009a8610a4e1f5ed333f543224516a) C:\WINDOWS\system32\vsdatant.sys
07:39:24.0375 0676 vsdatant - ok
07:39:24.0562 0676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:39:24.0562 0676 Wanarp - ok
07:39:24.0625 0676 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
07:39:24.0640 0676 wceusbsh - ok
07:39:24.0718 0676 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:39:24.0718 0676 Wdf01000 - ok
07:39:24.0859 0676 WDICA - ok
07:39:24.0937 0676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:39:24.0937 0676 wdmaud - ok
07:39:25.0015 0676 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:39:25.0031 0676 winachsf - ok
07:39:25.0218 0676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:39:25.0218 0676 WS2IFSL - ok
07:39:25.0281 0676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:39:25.0281 0676 WudfPf - ok
07:39:25.0328 0676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:39:25.0328 0676 WudfRd - ok
07:39:25.0406 0676 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
07:39:25.0406 0676 yukonwxp - ok
07:39:25.0468 0676 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:39:25.0703 0676 \Device\Harddisk0\DR0 - ok
07:39:25.0703 0676 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6
07:39:25.0718 0676 \Device\Harddisk1\DR6 - ok
07:39:25.0718 0676 Boot (0x1200) (6a92c672ea773e35c113a4cfdf6c03ca) \Device\Harddisk0\DR0\Partition0
07:39:25.0718 0676 \Device\Harddisk0\DR0\Partition0 - ok
07:39:25.0734 0676 Boot (0x1200) (d557f6e9a3c8ecf854e79a84c239c764) \Device\Harddisk1\DR6\Partition0
07:39:25.0734 0676 \Device\Harddisk1\DR6\Partition0 - ok
07:39:25.0734 0676 ============================================================
07:39:25.0734 0676 Scan finished
07:39:25.0734 0676 ============================================================
07:39:25.0750 0488 Detected object count: 1
07:39:25.0750 0488 Actual detected object count: 1
07:39:32.0796 0488 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\meiudf.sys) error 1813
07:39:33.0015 0488 Backup copy not found, trying to cure infected file..
07:39:33.0015 0488 C:\WINDOWS\system32\Drivers\meiudf.sys - Cure failed (FFFFFFFF)
07:39:33.0015 0488 C:\WINDOWS\system32\Drivers\meiudf.sys - processing error
07:39:33.0015 0488 meiudf ( Rootkit.Win32.ZAccess.g ) - User select action: Cure


End reports, Thanks.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:06 PM

Posted 30 September 2011 - 10:35 AM

Well done.

  • For x86 bit systems please download GrantPerms.zip.

    Unzip the file, save GrantPerms.exe on the flash drive and run it on the infected computer:
    Copy and paste the following in the edit box (you can copy it from your working computer to a text file and save it on your flash drive to open it later on when you insert the flash drive into the infected computer):

    c:\\Documents and Settings\A0JF\Desktop\arekill.com
    c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin
    c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    c:\\Program Files\Symantec AntiVirus\Rtvscan.exe
    c:\\Qoobox\BackEnv


    Click Unlock. When it is done click "OK".
  • Go to C:\WINDOWS\system32\drivers, right click meiudf.sys and select copy. Go to start =>My Computer => Right-click C drive and select Paste. Open C drive to check if meiudf.sys is on the C drive.
  • Important: Restart the computer now (after making sure the copy of meiudf.sys file is on C drive)
  • Please download SystemLook (32-bit) and save it to your flash drive.
  • Double-click the tool to run it.
  • Type or copy the content of the following codebox into the main textfield:

    :filefind
    meiudf.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#10 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 30 September 2011 - 01:18 PM

systemlook scan results:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:14 on 30/09/2011 by A0JF
Administrator - Elevation successful

========== filefind ==========

Searching for "meiudf.sys"
C:\meiudf.sys --a---- 117424 bytes [18:08 30/09/2011] [10:18 26/03/2007] 6DD626A5D80338C6C85A3774DE9C8E4C
C:\util\drivers\ramdrvr\Chinese-Simplified\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Chinese-Traditional\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Danish\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Dutch\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\English\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Finnish\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\French\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\German\meiudf.sys --a--c- 117424 bytes [08:17 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Italian\meiudf.sys --a--c- 117424 bytes [08:16 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Japanese\meiudf.sys --a--c- 117424 bytes [08:16 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Norwegian\meiudf.sys --a--c- 117424 bytes [08:16 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Spanish\meiudf.sys --a--c- 117424 bytes [08:16 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\util\drivers\ramdrvr\Swedish\meiudf.sys --a--c- 117424 bytes [08:16 03/10/2007] [10:18 26/03/2007] 8CD90E78DA1CD103F0F6A0742684FA03
C:\WINDOWS\system32\drivers\meiudf.sys --a---- 117424 bytes [01:25 04/10/2007] [10:18 26/03/2007] 6DD626A5D80338C6C85A3774DE9C8E4C

-= EOF =-

end of scan results

thanks.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:06 PM

Posted 30 September 2011 - 01:28 PM

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    FCopy::
    C:\util\drivers\ramdrvr\English\meiudf.sys C:\WINDOWS\system32\drivers\meiudf.sys
    
    

    Save this as CFScript.txt, in the same location as ComboFix.exe

    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • Reboot.
  • Please run TDSSKiller.exe as you run it before and post the log.


#12 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 30 September 2011 - 01:43 PM

When i drug the CFScript.txt onto Combofix.exe, a scan began, BUT a Warning!! popped up. Combofix has detected the following realtime scanner to be active" Antivirus: Symantec Antivirus Corporate Edition. Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. this may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking "ok".

I do not know how to disable this? I don't even see it running in the tray.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:06 PM

Posted 30 September 2011 - 01:51 PM

Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
  • Log to your usual account.

Now run the fix please.

#14 jackeduplaptop

jackeduplaptop
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state, United States
  • Local time:08:06 AM

Posted 30 September 2011 - 02:01 PM

I get the same warning in safe mode.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:06 PM

Posted 30 September 2011 - 02:08 PM

In safe mode Just ignore it and proceed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users