Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Complete loss of IPSEC and TCP/IP functionality


  • Please log in to reply
3 replies to this topic

#1 nan0guy

nan0guy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 March 2012 - 09:10 AM

I was on travel this past week, using my computer on a hotel network, and it began acting weird - no DNS, no TCP/IP incoming/outgoing, wireless network would seem to connect (with a "Connected!" message), but no communication.

Disconnected and ran a full sweep with SUPERAntiSpyware. It had been disabled, so no live protection - my mistake. It wiped out some files as infected, then told me to reboot. I did so - no connectivity since then.

Came here, and read the prep document.

DDS.scr freezes up - ran it three times, never completed.
GMER log is attached - it gave me the message window, "GMER has detected Rootkit activity"

First question - will a full system reinstall remove the rootkit? I really need to have a functional computer for a presentation on travel tomorrow, and I know I can do that (reinstall Windows, add office) in the amount of time that I have.

2nd question - if not, what do i have to do to get this problem solved, and my system working on network again? I can try to complete before my presentation - I will be monitoring email closely and reply to log/mod requests ASAP.

Thanks for all your help

Attached Files

  • Attached File  ark.txt   6.97KB   6 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 12 March 2012 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Sorry for this delay but we work on the principle of the first come first serve basis.

If you still need help with this computer please submit these logs for my review.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

#3 nan0guy

nan0guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 March 2012 - 08:40 PM

Nasdaq,
Thanks for the help.

TDSSKiller log:
20:09:42.0346 2968 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:09:42.0386 2968 ============================================================
20:09:42.0386 2968 Current date / time: 2012/03/13 20:09:42.0386
20:09:42.0386 2968 SystemInfo:
20:09:42.0386 2968
20:09:42.0396 2968 OS Version: 5.1.2600 ServicePack: 3.0
20:09:42.0396 2968 Product type: Workstation
20:09:42.0396 2968 ComputerName: GRUMPYTOSHIBA
20:09:42.0396 2968 UserName: nan0guy
20:09:42.0396 2968 Windows directory: C:\WINDOWS
20:09:42.0396 2968 System windows directory: C:\WINDOWS
20:09:42.0396 2968 Processor architecture: Intel x86
20:09:42.0396 2968 Number of processors: 1
20:09:42.0396 2968 Page size: 0x1000
20:09:42.0396 2968 Boot type: Normal boot
20:09:42.0396 2968 ============================================================
20:09:44.0839 2968 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:09:44.0839 2968 Drive \Device\Harddisk1\DR12 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:09:44.0839 2968 \Device\Harddisk0\DR0:
20:09:44.0839 2968 MBR used
20:09:44.0839 2968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
20:09:44.0839 2968 \Device\Harddisk1\DR12:
20:09:44.0839 2968 MBR used
20:09:44.0839 2968 \Device\Harddisk1\DR12\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7797E0
20:09:44.0879 2968 Initialize success
20:09:44.0879 2968 ============================================================
20:10:22.0433 0948 ============================================================
20:10:22.0433 0948 Scan started
20:10:22.0433 0948 Mode: Manual;
20:10:22.0433 0948 ============================================================
20:10:23.0124 0948 Abiosdsk - ok
20:10:23.0385 0948 abp480n5 - ok
20:10:23.0725 0948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:10:23.0795 0948 ACPI - ok
20:10:24.0076 0948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:10:24.0086 0948 ACPIEC - ok
20:10:24.0336 0948 adpu160m - ok
20:10:24.0666 0948 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
20:10:24.0727 0948 aeaudio - ok
20:10:25.0047 0948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:10:25.0097 0948 aec - ok
20:10:25.0428 0948 AFD (0d602e296ac08711fb4cf1ef896b0685) C:\WINDOWS\System32\drivers\afd.sys
20:10:25.0478 0948 AFD ( Virus.Win32.ZAccess.c ) - infected
20:10:25.0478 0948 AFD - detected Virus.Win32.ZAccess.c (0)
20:10:26.0189 0948 AgereSoftModem (e66ae825c42b668a90e67e7e41eeeee7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:10:26.0599 0948 AgereSoftModem - ok
20:10:26.0970 0948 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:10:26.0990 0948 agp440 - ok
20:10:27.0230 0948 Aha154x - ok
20:10:27.0491 0948 aic78u2 - ok
20:10:27.0741 0948 aic78xx - ok
20:10:28.0222 0948 AliIde - ok
20:10:28.0472 0948 amsint - ok
20:10:28.0782 0948 Andbus (45039ad240754b3bd789668c2c986ea7) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
20:10:28.0792 0948 Andbus - ok
20:10:29.0073 0948 AndDiag (f7ec18db02c9fb26aed52e0e1bb98960) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
20:10:29.0083 0948 AndDiag - ok
20:10:29.0363 0948 AndGps (6d79f0c7f33dd85f50d69c7d7efec9e0) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
20:10:29.0363 0948 AndGps - ok
20:10:29.0634 0948 ANDModem (881837e816b948f7a94098add21afd7c) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
20:10:29.0654 0948 ANDModem - ok
20:10:29.0934 0948 androidusb (54a40a58ff71936026f2e49ecfd487b8) C:\WINDOWS\system32\Drivers\lgandadb.sys
20:10:29.0954 0948 androidusb - ok
20:10:30.0275 0948 ApfiltrService (25b063d45e57f06b175f29140c700a14) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:10:30.0315 0948 ApfiltrService - ok
20:10:30.0565 0948 asc - ok
20:10:30.0835 0948 asc3350p - ok
20:10:31.0096 0948 asc3550 - ok
20:10:31.0396 0948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:10:31.0406 0948 AsyncMac - ok
20:10:31.0747 0948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:10:31.0747 0948 atapi - ok
20:10:32.0017 0948 Atdisk - ok
20:10:32.0307 0948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:10:32.0327 0948 Atmarpc - ok
20:10:32.0608 0948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:10:32.0618 0948 audstub - ok
20:10:32.0958 0948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:10:32.0958 0948 Beep - ok
20:10:33.0109 0948 catchme - ok
20:10:33.0389 0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:10:33.0399 0948 cbidf2k - ok
20:10:33.0659 0948 cd20xrnt - ok
20:10:34.0010 0948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:10:34.0020 0948 Cdaudio - ok
20:10:34.0360 0948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:10:34.0380 0948 Cdfs - ok
20:10:34.0691 0948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:10:34.0711 0948 Cdrom - ok
20:10:34.0981 0948 Changer - ok
20:10:35.0272 0948 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:10:35.0282 0948 CmBatt - ok
20:10:35.0532 0948 CmdIde - ok
20:10:35.0833 0948 COH_Mon (c348e3288d3d9f2d26f4097496c143a2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
20:10:35.0843 0948 COH_Mon - ok
20:10:36.0123 0948 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:10:36.0133 0948 Compbatt - ok
20:10:36.0403 0948 Cpqarray - ok
20:10:36.0714 0948 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
20:10:36.0744 0948 ctxusbm - ok
20:10:37.0074 0948 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
20:10:37.0134 0948 d347bus - ok
20:10:37.0415 0948 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
20:10:37.0425 0948 d347prt - ok
20:10:37.0685 0948 dac2w2k - ok
20:10:37.0936 0948 dac960nt - ok
20:10:38.0256 0948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:10:38.0266 0948 Disk - ok
20:10:38.0887 0948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:10:39.0167 0948 dmboot - ok
20:10:39.0488 0948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:10:39.0538 0948 dmio - ok
20:10:39.0908 0948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:10:39.0918 0948 dmload - ok
20:10:40.0199 0948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:10:40.0219 0948 DMusic - ok
20:10:40.0479 0948 dpti2o - ok
20:10:40.0750 0948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:10:40.0760 0948 drmkaud - ok
20:10:41.0100 0948 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:10:41.0150 0948 E100B - ok
20:10:41.0391 0948 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:10:41.0531 0948 eeCtrl - ok
20:10:41.0631 0948 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:10:41.0661 0948 EraserUtilRebootDrv - ok
20:10:42.0061 0948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:10:42.0112 0948 Fastfat - ok
20:10:42.0402 0948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:10:42.0412 0948 Fdc - ok
20:10:42.0722 0948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:10:42.0732 0948 Fips - ok
20:10:43.0023 0948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:10:43.0033 0948 Flpydisk - ok
20:10:43.0383 0948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:10:43.0433 0948 FltMgr - ok
20:10:43.0844 0948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:10:43.0884 0948 Fs_Rec - ok
20:10:44.0215 0948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:10:44.0265 0948 Ftdisk - ok
20:10:44.0545 0948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:10:44.0555 0948 Gpc - ok
20:10:44.0856 0948 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
20:10:44.0856 0948 grmnusb - ok
20:10:45.0146 0948 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
20:10:45.0166 0948 gv3 - ok
20:10:45.0456 0948 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:10:45.0456 0948 HidUsb - ok
20:10:45.0727 0948 hpn - ok
20:10:46.0197 0948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:10:46.0288 0948 HTTP - ok
20:10:46.0548 0948 i2omgmt - ok
20:10:46.0798 0948 i2omp - ok
20:10:47.0109 0948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:10:47.0129 0948 i8042prt - ok
20:10:47.0459 0948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:10:47.0469 0948 Imapi - ok
20:10:47.0740 0948 ini910u - ok
20:10:48.0020 0948 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:10:48.0020 0948 IntelIde - ok
20:10:48.0331 0948 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:10:48.0341 0948 intelppm - ok
20:10:48.0631 0948 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:10:48.0641 0948 ip6fw - ok
20:10:48.0961 0948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:10:48.0971 0948 IpFilterDriver - ok
20:10:49.0262 0948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:10:49.0272 0948 IpInIp - ok
20:10:49.0813 0948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:10:49.0863 0948 IpNat - ok
20:10:50.0183 0948 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:10:50.0213 0948 irda - ok
20:10:50.0494 0948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:10:50.0504 0948 IRENUM - ok
20:10:50.0844 0948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:10:50.0854 0948 isapnp - ok
20:10:51.0155 0948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:10:51.0165 0948 Kbdclass - ok
20:10:51.0445 0948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:10:51.0445 0948 kbdhid - ok
20:10:51.0765 0948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:10:51.0836 0948 kmixer - ok
20:10:52.0156 0948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:10:52.0196 0948 KSecDD - ok
20:10:52.0476 0948 lbrtfdc - ok
20:10:52.0777 0948 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
20:10:52.0787 0948 MDC8021X - ok
20:10:53.0087 0948 meiudf (8f821dbe06ea5e1f1448a13f7faf649b) C:\WINDOWS\system32\Drivers\meiudf.sys
20:10:53.0127 0948 meiudf - ok
20:10:53.0508 0948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:10:53.0508 0948 mnmdd - ok
20:10:53.0818 0948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:10:53.0838 0948 Modem - ok
20:10:54.0129 0948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:10:54.0139 0948 Mouclass - ok
20:10:54.0429 0948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:10:54.0439 0948 mouhid - ok
20:10:54.0730 0948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:10:54.0750 0948 MountMgr - ok
20:10:55.0000 0948 mraid35x - ok
20:10:55.0321 0948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:10:55.0391 0948 MRxDAV - ok
20:10:55.0821 0948 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:10:55.0992 0948 MRxSmb - ok
20:10:56.0312 0948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:10:56.0322 0948 Msfs - ok
20:10:56.0602 0948 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
20:10:56.0612 0948 MSIRCOMM - ok
20:10:56.0893 0948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:10:56.0903 0948 MSKSSRV - ok
20:10:57.0223 0948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:10:57.0223 0948 MSPCLOCK - ok
20:10:57.0494 0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:10:57.0494 0948 MSPQM - ok
20:10:57.0774 0948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:10:57.0774 0948 mssmbios - ok
20:10:58.0085 0948 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:10:58.0135 0948 Mup - ok
20:10:58.0345 0948 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120228.021\NAVENG.SYS
20:10:58.0375 0948 NAVENG - ok
20:10:59.0457 0948 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120228.021\NAVEX15.SYS
20:11:00.0518 0948 NAVEX15 - ok
20:11:00.0909 0948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:11:00.0979 0948 NDIS - ok
20:11:01.0259 0948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:11:01.0259 0948 NdisTapi - ok
20:11:01.0529 0948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:11:01.0529 0948 Ndisuio - ok
20:11:01.0830 0948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:01.0870 0948 NdisWan - ok
20:11:02.0160 0948 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:11:02.0170 0948 NDProxy - ok
20:11:02.0451 0948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:11:02.0461 0948 NetBIOS - ok
20:11:02.0821 0948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:11:02.0881 0948 NetBT - ok
20:11:03.0182 0948 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:11:03.0192 0948 Netdevio - ok
20:11:03.0532 0948 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
20:11:03.0542 0948 npf - ok
20:11:03.0833 0948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:11:03.0843 0948 Npfs - ok
20:11:04.0624 0948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:11:05.0055 0948 Ntfs - ok
20:11:05.0415 0948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:11:05.0425 0948 Null - ok
20:11:06.0236 0948 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:11:06.0757 0948 nv - ok
20:11:07.0087 0948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:11:07.0097 0948 NwlnkFlt - ok
20:11:07.0388 0948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:11:07.0408 0948 NwlnkFwd - ok
20:11:07.0718 0948 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
20:11:07.0728 0948 PalmUSBD - ok
20:11:08.0039 0948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:11:08.0069 0948 Parport - ok
20:11:08.0349 0948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:11:08.0359 0948 PartMgr - ok
20:11:08.0650 0948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:11:08.0660 0948 ParVdm - ok
20:11:08.0980 0948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:11:09.0000 0948 PCI - ok
20:11:09.0251 0948 PCIDump - ok
20:11:09.0531 0948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:11:09.0531 0948 PCIIde - ok
20:11:09.0811 0948 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
20:11:09.0831 0948 pciSd - ok
20:11:10.0162 0948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:11:10.0222 0948 Pcmcia - ok
20:11:10.0472 0948 PDCOMP - ok
20:11:10.0733 0948 PDFRAME - ok
20:11:10.0993 0948 PDRELI - ok
20:11:11.0253 0948 PDRFRAME - ok
20:11:11.0504 0948 perc2 - ok
20:11:11.0764 0948 perc2hib - ok
20:11:12.0085 0948 PLUsbbc2 (deb5a23f8625d7d84daff899478a4893) C:\WINDOWS\system32\Drivers\usbbc2.sys
20:11:12.0085 0948 PLUsbbc2 - ok
20:11:12.0405 0948 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys
20:11:12.0415 0948 pneteth - ok
20:11:12.0696 0948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:11:12.0716 0948 PptpMiniport - ok
20:11:13.0026 0948 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:11:13.0036 0948 Processor - ok
20:11:13.0377 0948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:11:13.0407 0948 PSched - ok
20:11:13.0677 0948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:11:13.0687 0948 Ptilink - ok
20:11:13.0987 0948 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:11:13.0997 0948 PxHelp20 - ok
20:11:14.0258 0948 ql1080 - ok
20:11:14.0518 0948 Ql10wnt - ok
20:11:14.0769 0948 ql12160 - ok
20:11:15.0019 0948 ql1240 - ok
20:11:15.0279 0948 ql1280 - ok
20:11:15.0770 0948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:11:15.0780 0948 RasAcd - ok
20:11:16.0090 0948 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:11:16.0100 0948 Rasirda - ok
20:11:16.0381 0948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:11:16.0401 0948 Rasl2tp - ok
20:11:16.0671 0948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:11:16.0691 0948 RasPppoe - ok
20:11:16.0952 0948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:11:16.0962 0948 Raspti - ok
20:11:17.0292 0948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:11:17.0362 0948 Rdbss - ok
20:11:17.0733 0948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:11:17.0743 0948 RDPCDD - ok
20:11:18.0113 0948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:11:18.0183 0948 rdpdr - ok
20:11:18.0584 0948 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:11:18.0634 0948 RDPWD - ok
20:11:18.0925 0948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:11:18.0945 0948 redbook - ok
20:11:19.0075 0948 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:11:19.0085 0948 SASDIFSV - ok
20:11:19.0155 0948 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:11:19.0185 0948 SASKUTIL - ok
20:11:19.0365 0948 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
20:11:19.0475 0948 SAVRT - ok
20:11:19.0565 0948 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
20:11:19.0585 0948 SAVRTPEL - ok
20:11:19.0906 0948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:11:19.0916 0948 Secdrv - ok
20:11:20.0246 0948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:11:20.0266 0948 Serial - ok
20:11:20.0567 0948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:11:20.0567 0948 Sfloppy - ok
20:11:20.0837 0948 Simbad - ok
20:11:21.0128 0948 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
20:11:21.0138 0948 SMCIRDA - ok
20:11:21.0658 0948 smwdm (f343cbf87cf8952701aa2062bdbf2bba) C:\WINDOWS\system32\drivers\smwdm.sys
20:11:21.0869 0948 smwdm - ok
20:11:22.0149 0948 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:11:22.0149 0948 SONYPVU1 - ok
20:11:22.0410 0948 Sparrow - ok
20:11:22.0670 0948 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:11:22.0820 0948 SPBBCDrv - ok
20:11:23.0131 0948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:11:23.0131 0948 splitter - ok
20:11:23.0201 0948 sr - ok
20:11:23.0641 0948 SRTSP (620bbcc5c4c4407447866793c36e1215) C:\WINDOWS\system32\Drivers\SRTSP.SYS
20:11:23.0741 0948 SRTSP - ok
20:11:24.0132 0948 SRTSPL (995e15de499ca58445e39a2fba7d170e) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
20:11:24.0242 0948 SRTSPL - ok
20:11:24.0543 0948 SRTSPX (1b63f794f283b974a79084514df206a0) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
20:11:24.0573 0948 SRTSPX - ok
20:11:24.0973 0948 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
20:11:25.0103 0948 Srv - ok
20:11:25.0474 0948 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys
20:11:25.0524 0948 STVqx3 - ok
20:11:25.0834 0948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:11:25.0844 0948 swenum - ok
20:11:26.0135 0948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:11:26.0155 0948 swmidi - ok
20:11:26.0425 0948 symc810 - ok
20:11:26.0746 0948 symc8xx - ok
20:11:27.0076 0948 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:11:27.0116 0948 SymEvent - ok
20:11:27.0417 0948 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:11:27.0437 0948 SYMREDRV - ok
20:11:27.0837 0948 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:11:27.0907 0948 SYMTDI - ok
20:11:28.0178 0948 sym_hi - ok
20:11:28.0438 0948 sym_u3 - ok
20:11:28.0749 0948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:11:28.0769 0948 sysaudio - ok
20:11:29.0119 0948 SysPlant (c8f9eb4ac42740d036b0b9f0809b335b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
20:11:29.0159 0948 SysPlant - ok
20:11:29.0460 0948 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\System32\Drivers\Tbiosdrv.sys
20:11:29.0460 0948 TBiosDrv - ok
20:11:29.0750 0948 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
20:11:29.0760 0948 TBtnKey - ok
20:11:30.0411 0948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:11:30.0551 0948 Tcpip - ok
20:11:30.0922 0948 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:11:31.0002 0948 Tcpip6 - ok
20:11:31.0302 0948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:11:31.0302 0948 TDPIPE - ok
20:11:31.0653 0948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:11:31.0663 0948 TDTCP - ok
20:11:31.0963 0948 Teefer2 (75346634d815c9fda103ae5fada072b3) C:\WINDOWS\system32\DRIVERS\teefer2.sys
20:11:31.0993 0948 Teefer2 - ok
20:11:32.0284 0948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:11:32.0294 0948 TermDD - ok
20:11:32.0664 0948 TMEI3E (dde020c16673b702d7235b0d96d34fd7) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
20:11:32.0664 0948 TMEI3E - ok
20:11:32.0925 0948 TosIde - ok
20:11:33.0245 0948 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:11:33.0265 0948 tosporte - ok
20:11:33.0596 0948 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:11:33.0666 0948 Tosrfbd - ok
20:11:33.0986 0948 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:11:33.0996 0948 Tosrfbnp - ok
20:11:34.0297 0948 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:11:34.0327 0948 Tosrfcom - ok
20:11:34.0587 0948 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
20:11:34.0597 0948 tosrfec - ok
20:11:34.0887 0948 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:11:34.0907 0948 Tosrfhid - ok
20:11:35.0188 0948 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:11:35.0198 0948 tosrfnds - ok
20:11:35.0488 0948 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:11:35.0508 0948 Tosrfusb - ok
20:11:35.0789 0948 tossmbnt (b3b20cd6ab0c9ef8feef9fbbe04f1cb2) C:\WINDOWS\system32\drivers\tossmbnt.sys
20:11:35.0799 0948 tossmbnt - ok
20:11:36.0109 0948 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
20:11:36.0119 0948 tsdhd - ok
20:11:36.0410 0948 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:11:36.0410 0948 tunmp - ok
20:11:36.0710 0948 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
20:11:36.0720 0948 TVALZ - ok
20:11:37.0041 0948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:11:37.0061 0948 Udfs - ok
20:11:37.0331 0948 ultra - ok
20:11:37.0742 0948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:11:37.0892 0948 Update - ok
20:11:38.0152 0948 USBAAPL - ok
20:11:38.0473 0948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:11:38.0483 0948 usbccgp - ok
20:11:38.0753 0948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:11:38.0763 0948 usbehci - ok
20:11:39.0053 0948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:11:39.0073 0948 usbhub - ok
20:11:39.0364 0948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:11:39.0374 0948 usbprint - ok
20:11:39.0664 0948 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:11:39.0674 0948 usbser - ok
20:11:39.0955 0948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:11:39.0965 0948 USBSTOR - ok
20:11:40.0295 0948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:11:40.0305 0948 usbuhci - ok
20:11:40.0716 0948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:11:40.0726 0948 VgaSave - ok
20:11:41.0136 0948 ViaIde - ok
20:11:41.0467 0948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:11:41.0487 0948 VolSnap - ok
20:11:42.0378 0948 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
20:11:42.0959 0948 w22n51 - ok
20:11:44.0061 0948 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:11:44.0842 0948 w29n51 - ok
20:11:45.0483 0948 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
20:11:45.0853 0948 w70n51 - ok
20:11:46.0174 0948 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
20:11:46.0184 0948 WacomPen - ok
20:11:46.0474 0948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:11:46.0484 0948 Wanarp - ok
20:11:46.0905 0948 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:11:46.0915 0948 wceusbsh - ok
20:11:47.0365 0948 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:11:47.0546 0948 Wdf01000 - ok
20:11:47.0796 0948 WDICA - ok
20:11:48.0096 0948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:11:48.0126 0948 wdmaud - ok
20:11:48.0537 0948 WPS (d81ef0d8716500a573cd82185ef3e42d) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
20:11:48.0557 0948 WPS - ok
20:11:48.0958 0948 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
20:11:49.0028 0948 WpsHelper - ok
20:11:49.0108 0948 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
20:11:49.0328 0948 \Device\Harddisk0\DR0 - ok
20:11:49.0338 0948 MBR (0x1B8) (23b571400a29918f5392f6e85eeb756e) \Device\Harddisk1\DR12
20:11:56.0959 0948 \Device\Harddisk1\DR12 - ok
20:11:56.0989 0948 Boot (0x1200) (17e7080e0409b0478d9ad67719e8672b) \Device\Harddisk0\DR0\Partition0
20:11:56.0989 0948 \Device\Harddisk0\DR0\Partition0 - ok
20:11:57.0009 0948 Boot (0x1200) (5e9bb78d4b724a5772a336af7d417d34) \Device\Harddisk1\DR12\Partition0
20:11:57.0009 0948 \Device\Harddisk1\DR12\Partition0 - ok
20:11:57.0009 0948 ============================================================
20:11:57.0009 0948 Scan finished
20:11:57.0009 0948 ============================================================
20:11:57.0039 1592 Detected object count: 1
20:11:57.0039 1592 Actual detected object count: 1
20:12:04.0009 1592 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
20:12:04.0270 1592 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
20:12:14.0544 1592 Backup copy found, using it..
20:12:15.0125 1592 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
20:12:35.0334 1592 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:12:40.0552 2984 Deinitialize success


aswMBR log


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-13 20:26:40
-----------------------------
20:26:40.608 OS Version: Windows 5.1.2600 Service Pack 3
20:26:40.608 Number of processors: 1 586 0x905
20:26:40.608 ComputerName: GRUMPYTOSHIBA UserName: nan0guy
20:26:53.467 Initialize success
20:27:54.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:27:54.184 Disk 0 Vendor: HTS548060M9AT00 MGBOA53A Size: 57231MB BusType: 3
20:27:54.224 Disk 0 MBR read successfully
20:27:54.224 Disk 0 MBR scan
20:27:54.224 Disk 0 unknown MBR code
20:27:54.254 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
20:27:54.284 Disk 0 scanning sectors +117210240
20:27:54.595 Disk 0 scanning C:\WINDOWS\system32\drivers
20:29:31.003 Service scanning
20:31:28.522 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
20:31:30.565 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
20:31:46.989 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
20:31:47.590 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
20:31:50.794 Modules scanning
20:33:43.156 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
20:33:43.436 The log file has been saved successfully to "E:\aswMBR.txt"
20:34:27.550 Disk 0 trace - called modules:
20:34:27.610 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf3162fc0]<<
20:34:27.620 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8372fab8]
20:34:27.870 3 CLASSPNP.SYS[f88b4fd7] -> nt!IofCallDriver -> [0x829b7e38]
20:34:27.870 \Driver\00032274[0x829a8b48] -> IRP_MJ_CREATE -> 0xf3162fc0
20:34:27.880 Scan finished successfully
20:34:45.686 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
20:34:45.896 The log file has been saved successfully to "E:\aswMBR.txt"

Waiting for next instructions.

Thanks.

Attached Files

  • Attached File  MBR.zip   490bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 14 March 2012 - 09:29 AM

Please download MBRCheck.exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.
====

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs for my review.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users