Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service Provider Suspects Malware on my Laptop(s)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Daniel B.

Daniel B.

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 19 November 2011 - 01:10 AM

Hello:

I recently received an email from my service provider that they suspect malware on a computer here in my home.
Here's just a paragraph from the email: "You are receiving this email as Cogeco has received reports of atypical traffic from your system which is indicative of malware (ie: a virus or trojan). It is most likely that your system has been compromised with malware that is allowing a remote entity to utilize your system resources"

Fearing the worst, I started googling and came across your site.
As gathering this information takes time. I am posting this thread for one of 2 machines I need checked.
I followed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and am attaching all the log files generated, along with the hijack this report.
I don't know exactly what I'm looking for so your help would most be appreciated.

I will post the 2nd computer in a different thread, as I have to wait for someone to come home this evening to gain access to it.

Thanking You in advance.
Dan.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 23 November 2011 - 01:56 PM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 November 2011 - 01:11 PM

I just got off the phone with my service provider. They are still not 100% sure, but they suspect the malware is named DNS Changer.
They actually tried to convince me to do a hard format on my drive, and I told them that was out of the question.

I ran the DDS and here are the logs it produced.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by DAN at 12:52:57 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.1339 [GMT -5:00]
.
AV: COGECO Security Services 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: COGECO Security Services 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COGECO Security Services 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\FILMFA~2\bar\1.bin\pabarsvc.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Windows\system32\lxdfcoms.exe
C:\Program Files\COGECO Security Services\Common\FSHDLL32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Windows\system32\SearchIndexer.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\STK02N\STK02NM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\progra~1\filmfa~2\bar\1.bin\pabar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\cogeco security services\nrs\iescript\baselitmus.dll
BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\cogeco security services\nrs\iescript\baselitmus.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Innerpass] c:\programdata\skype\plugins\plugins\9e0d937f462e4362a83b254a9f8ab3f8\InnerPassFileSharing.exe autostart
uRun: [AdobeBridge]
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [F-Secure Manager] "c:\program files\cogeco security services\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\cogeco security services\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FilmFanatic Browser Plugin Loader] c:\progra~1\filmfa~2\bar\1.bin\pabrmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
LSP: c:\program files\cogeco security services\fsps\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265929867199
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\23E24375966496 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\4416E69656C60224F69736562E08993702960586F6E656 : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\44C4E45647 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\5375966496 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{297B24D2-B94E-431D-95A8-AD6547720977}\841677B696E676F5330303E4F554874756E6465627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5B561F0A-5C67-41C0-A71D-86233FC083FC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6B023BC1-4976-4AF1-83DB-1B727A286B60} : DhcpNameServer = 64.71.255.198 64.71.255.253
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\fortg3r3.default\
FF - component: c:\program files\cogeco security services\nrs\litmus-ff@f-secure.com\components\6litmus-ff.dll
FF - component: c:\program files\cogeco security services\nrs\litmus-ff@f-secure.com\components\7litmus-ff.dll
FF - component: c:\program files\cogeco security services\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\filmfanatic\bar\1.bin\NPpaStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-19 42672]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\cogeco security services\hips\drivers\fshs.sys [2010-1-19 68064]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-1-19 36792]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-1-19 73160]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\cogeco security services\anti-virus\minifilter\fsvista.sys [2010-1-19 12384]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\cogeco security services\anti-virus\fsgk32st.exe [2010-1-19 215648]
R2 FilmFanaticService;FilmFanatic Service;c:\progra~1\filmfa~2\bar\1.bin\pabarsvc.exe [2011-4-27 36864]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 136176]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2010-2-27 133664]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cogeco security services\anti-virus\minifilter\fsgk.sys [2010-1-19 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\cogeco security services\orsp client\fsorsp.exe [2010-1-19 61088]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2011-11-7 21520]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-5-20 314368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [2007-5-29 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2011-3-20 39704]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-16 52224]
.
=============== Created Last 30 ================
.
2011-11-24 17:34:39 -------- d-----w- c:\users\dan\appdata\local\{A368E883-F571-466F-BB79-48237B770B28}
2011-11-24 17:34:11 -------- d-----w- c:\users\dan\appdata\local\{55EE510E-59B7-4742-BE62-1C639BF596A2}
2011-11-24 11:58:55 -------- d-----w- c:\users\dan\appdata\local\{8D9B77C4-9522-4D95-9469-D72CF569E936}
2011-11-23 20:59:06 -------- d-----w- c:\users\dan\appdata\local\{17D952B0-5601-4460-BD18-5B37E952E155}
2011-11-23 20:58:44 -------- d-----w- c:\users\dan\appdata\local\{23CD52A9-0FE1-45A9-9BB2-62293073F55E}
2011-11-23 02:47:51 -------- d-----w- c:\users\dan\appdata\local\{7608FF27-F75C-4E16-B7A9-62CB5DCBBD63}
2011-11-23 02:47:37 -------- d-----w- c:\users\dan\appdata\local\{CCEA17C8-4678-480F-948D-5D14F519833C}
2011-11-22 15:00:19 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d9364d9f-9205-4fa4-a87e-cb2ab018bf9d}\offreg.dll
2011-11-22 15:00:12 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d9364d9f-9205-4fa4-a87e-cb2ab018bf9d}\mpengine.dll
2011-11-22 14:46:47 -------- d-----w- c:\users\dan\appdata\local\{61F4390B-FE2B-45F2-9EC2-32D22FDE83F4}
2011-11-22 14:46:23 -------- d-----w- c:\users\dan\appdata\local\{BBDC3A96-4D2E-40B1-A303-A832A4ADBAB4}
2011-11-22 02:46:09 -------- d-----w- c:\users\dan\appdata\local\{B15209F4-7090-48D3-82A1-2D320D174B47}
2011-11-22 02:45:58 -------- d-----w- c:\users\dan\appdata\local\{B6C106B4-225C-4C18-A150-38093460DC6A}
2011-11-21 14:45:13 -------- d-----w- c:\users\dan\appdata\local\{8E04AE22-162E-4739-A2C4-2426E8EA6844}
2011-11-21 14:44:57 -------- d-----w- c:\users\dan\appdata\local\{519F5CBC-0A2D-4493-B76A-DE935630C979}
2011-11-20 17:41:18 -------- d-----w- c:\users\dan\appdata\local\{2E7F98B5-D187-4E64-9209-DC15C1269DC4}
2011-11-20 17:41:01 -------- d-----w- c:\users\dan\appdata\local\{88028F7D-AFD2-45F9-A478-EE936EF4259A}
2011-11-20 02:33:03 -------- d-----w- c:\users\dan\appdata\local\{151C4124-B4F7-4E34-91A9-55050BE2815A}
2011-11-20 02:32:51 -------- d-----w- c:\users\dan\appdata\local\{3F2A7519-E593-49F5-8294-17A4F4E1FCAB}
2011-11-19 14:32:35 -------- d-----w- c:\users\dan\appdata\local\{98335FFB-8BD1-463F-9500-5C97E887CE29}
2011-11-19 14:32:24 -------- d-----w- c:\users\dan\appdata\local\{DFAC45C6-3418-4D91-92F0-FEA9E2AABA1D}
2011-11-19 02:31:58 -------- d-----w- c:\users\dan\appdata\local\{766BFFF5-4F8B-46C5-BBE5-0760DA8E6312}
2011-11-19 02:31:43 -------- d-----w- c:\users\dan\appdata\local\{743B47E0-E93E-4928-99BC-BECF4D83F290}
2011-11-18 14:31:15 -------- d-----w- c:\users\dan\appdata\local\{AD073480-CED5-469C-A3B0-E24B756F7A98}
2011-11-18 14:31:01 -------- d-----w- c:\users\dan\appdata\local\{D1891521-D280-4147-9C05-AB2203D2360D}
2011-11-18 01:24:49 -------- d-----w- c:\users\dan\appdata\local\{FCAF485D-D5A8-441F-9E2F-45DE829F2F11}
2011-11-18 01:24:38 -------- d-----w- c:\users\dan\appdata\local\{21375D65-98A8-4F8A-8AE0-FAAB1CDEF858}
2011-11-17 13:24:47 -------- d-----w- c:\users\dan\appdata\local\{21C84CA6-F133-4219-A099-94C15E30D23C}
2011-11-16 23:55:53 -------- d-----w- c:\users\dan\appdata\local\{99567504-7F4B-4D9F-A0EF-BA56A89D415E}
2011-11-16 10:34:27 -------- d-----w- c:\users\dan\appdata\local\{D294056A-50FE-4F6E-A439-B20282EBD5D6}
2011-11-15 19:02:58 -------- d-----w- c:\users\dan\appdata\local\{D36541C0-7FC2-4A3C-A0B6-3BF30B3D824D}
2011-11-15 19:02:44 -------- d-----w- c:\users\dan\appdata\local\{5D76E1AC-ECE4-4064-8972-F874E3456C3A}
2011-11-15 19:02:29 -------- d-----w- c:\users\dan\appdata\local\{6F0C9E30-DC5D-4255-8F45-DEDE25F1017A}
2011-11-15 04:39:16 -------- d-----w- c:\users\dan\appdata\local\{CEDF22FA-1FCE-4551-A81B-EDDCACB4F4F6}
2011-11-15 04:39:06 -------- d-----w- c:\users\dan\appdata\local\{7F0405C9-C30F-4106-9107-8CD7F2F7080C}
2011-11-15 04:38:56 -------- d-----w- c:\users\dan\appdata\local\{40AA6758-152B-44FA-9E5C-B6D9E3E50DF7}
2011-11-14 21:02:52 -------- d-----w- c:\program files\iPod
2011-11-14 21:02:51 -------- d-----w- c:\program files\iTunes
2011-11-14 16:38:31 -------- d-----w- c:\users\dan\appdata\local\{ADC055F3-1655-49BC-B75A-CA7639CDEF91}
2011-11-14 16:38:17 -------- d-----w- c:\users\dan\appdata\local\{BE33013E-E45D-4F46-8DDA-AEFBBBD1BF36}
2011-11-14 16:37:47 -------- d-----w- c:\users\dan\appdata\local\{3ECA789E-DF1D-4184-8D27-F72121A62208}
2011-11-14 00:12:05 -------- d-----w- c:\users\dan\appdata\local\{15BAF793-D896-4989-8C06-A3AFC91A1FE0}
2011-11-13 13:47:21 -------- d-----w- c:\users\dan\appdata\local\{8264BCEC-C461-4AD1-9FA3-A7A003A196A9}
2011-11-12 23:23:21 -------- d-----w- c:\users\dan\appdata\local\{E6FD26F7-A63E-44E2-BA98-EF1102D2AE7D}
2011-11-12 23:23:11 -------- d-----w- c:\users\dan\appdata\local\{B02DD79B-96A4-4F40-8EA0-1776F32C7730}
2011-11-12 23:23:01 -------- d-----w- c:\users\dan\appdata\local\{C7D2C498-D13B-48A1-B8D3-8F4735C0C8CC}
2011-11-12 07:20:59 -------- d-----w- c:\users\dan\appdata\local\{F773A554-D764-423B-AF61-6C6FE8BFBD42}
2011-11-12 07:20:49 -------- d-----w- c:\users\dan\appdata\local\{A547C745-B95F-4B5D-BCA5-EF951B840D6B}
2011-11-12 07:20:39 -------- d-----w- c:\users\dan\appdata\local\{B0C88C55-B3CB-4A4C-BB90-DDAB2F88DF6B}
2011-11-11 19:20:14 -------- d-----w- c:\users\dan\appdata\local\{AE814162-28A7-4E78-9C43-173467275B97}
2011-11-11 19:20:04 -------- d-----w- c:\users\dan\appdata\local\{3CE0CEAD-16D2-4884-BA09-A50D4E46E1E7}
2011-11-11 19:19:54 -------- d-----w- c:\users\dan\appdata\local\{C52C36C4-8AB3-4171-9183-053B3D5111F5}
2011-11-11 05:24:44 -------- d-----w- c:\users\dan\appdata\local\{352C7DD5-9BB8-4E5B-B233-DFA4AEF937B9}
2011-11-11 05:24:34 -------- d-----w- c:\users\dan\appdata\local\{5C673A1D-E532-4D35-8A64-980F133701FB}
2011-11-11 05:24:24 -------- d-----w- c:\users\dan\appdata\local\{CF23F0F8-F428-4F8D-8670-154FEBF1CD23}
2011-11-11 05:24:13 -------- d-----w- c:\users\dan\appdata\local\{6A8381A6-A748-49B2-9B59-1102461E6CA7}
2011-11-11 00:09:09 -------- d-----w- C:\csporder
2011-11-10 09:53:45 -------- d-----w- c:\users\dan\appdata\local\{3B9A540B-480E-4F7F-9523-40A7606FEA05}
2011-11-10 09:53:27 -------- d-----w- c:\users\dan\appdata\local\{D101585E-9F21-4160-8E4E-33C2A1EE1A84}
2011-11-09 22:31:29 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:31:25 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 22:31:20 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 16:59:43 -------- d-----w- c:\users\dan\appdata\local\{79EFAB9A-0563-46D5-B440-22BCA2036910}
2011-11-09 11:02:49 -------- d-----w- c:\users\dan\appdata\local\{6413597C-549B-4848-B284-FF52A37DA46E}
2011-11-08 17:12:55 -------- d-----w- c:\users\dan\appdata\local\{FE07908E-583D-4C3F-A389-F91448D32E8C}
2011-11-08 10:19:48 -------- d-----w- c:\users\dan\appdata\local\{571FA547-796B-436D-BCE7-A967A6830807}
2011-11-08 02:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 16:39:26 -------- d-----w- c:\users\dan\appdata\local\{D880A3F2-62FD-4B5B-9C05-A65A8A269ED1}
2011-11-07 16:39:10 -------- d-----w- c:\users\dan\appdata\local\{71EC440A-AD25-40F8-91BF-DA5C3639E850}
2011-11-06 19:59:29 -------- d-----w- c:\users\dan\appdata\local\{E6B4D088-BE86-490B-B870-9D8F2C0FCF2F}
2011-11-06 19:59:14 -------- d-----w- c:\users\dan\appdata\local\{39E6BF2C-9506-4414-9B67-0396371D9633}
2011-11-06 03:58:54 -------- d-----w- c:\users\dan\appdata\local\{1A3059EF-C5BB-4880-B7B8-6D7A37A1E700}
2011-11-06 03:58:42 -------- d-----w- c:\users\dan\appdata\local\{A2963230-EBA3-425F-A283-56F2838F5E29}
2011-11-05 15:52:18 -------- d-----w- c:\users\dan\appdata\local\{1B0EECD5-427E-4CC0-A54B-71FD0D55C56A}
2011-11-05 15:52:07 -------- d-----w- c:\users\dan\appdata\local\{DD9AAE68-39AE-4CFD-934B-E4B1EFC57726}
2011-11-05 03:51:53 -------- d-----w- c:\users\dan\appdata\local\{6C30E87C-9959-427F-8329-58CE27DA8F79}
2011-11-05 03:51:43 -------- d-----w- c:\users\dan\appdata\local\{73C82543-C6EE-4C39-B98B-965CE8EAE31E}
2011-11-05 03:51:21 -------- d-----w- c:\users\dan\appdata\local\{7A9941BF-51FA-4A3B-8180-7C2888B5B125}
2011-11-04 15:50:57 -------- d-----w- c:\users\dan\appdata\local\{C174E1D3-DDE8-4C54-BC18-533650B8BB3A}
2011-11-04 15:50:38 -------- d-----w- c:\users\dan\appdata\local\{353B667C-E033-421E-AB7A-C6B1383AC932}
2011-11-04 09:05:54 -------- d-----w- c:\users\dan\appdata\local\{62F2CA9D-C18A-4C2E-BC61-A0A44EA24556}
2011-11-04 01:27:51 -------- d-----w- c:\users\dan\appdata\roaming\Icu2
2011-11-03 16:41:24 -------- d-----w- c:\users\dan\appdata\local\{F74C6B50-DD79-46C4-8E67-D52F8CF7098C}
2011-11-03 16:41:14 -------- d-----w- c:\users\dan\appdata\local\{D8EEDC3C-AF94-40EF-A498-13EBDD93245E}
2011-11-03 16:41:04 -------- d-----w- c:\users\dan\appdata\local\{B937DF6B-9B78-4892-89F0-1A1F289D1E1D}
2011-11-03 03:09:35 -------- d-----w- c:\users\dan\appdata\local\{D1742304-0557-41BB-8E71-6E50635FDF9C}
2011-11-03 03:09:26 -------- d-----w- c:\users\dan\appdata\local\{7EA2EFE7-4DD9-4FBB-8D75-F31195AF7EFE}
2011-11-03 03:09:16 -------- d-----w- c:\users\dan\appdata\local\{0531B8FA-B685-4401-9213-6BB21CEB7482}
2011-11-02 15:08:26 -------- d-----w- c:\users\dan\appdata\local\{94FAF867-441A-4873-AFC8-C066B600E05A}
2011-11-02 15:08:04 -------- d-----w- c:\users\dan\appdata\local\{E4367404-B777-4A60-8727-83CD01734FFC}
2011-11-02 09:30:01 -------- d-----w- c:\users\dan\appdata\local\{641B7F17-E5CD-47DC-855D-4610456B9A9D}
2011-11-01 20:31:56 -------- d-----w- c:\users\dan\appdata\local\{D36E7613-EEDE-430D-BC2B-5B47F9025CA8}
2011-11-01 20:31:31 -------- d-----w- c:\users\dan\appdata\local\{B9E16F4D-0054-47A9-8483-DCC5626AD7CC}
2011-11-01 20:31:14 -------- d-----w- c:\users\dan\appdata\local\{D7D2B8A8-9F1C-4FFF-A91C-7592E6EAD392}
2011-10-31 19:02:05 -------- d-----w- c:\users\dan\appdata\local\{E2485614-A98A-48E7-9BFD-A0497631AACB}
2011-10-31 19:01:24 -------- d-----w- c:\users\dan\appdata\local\{CC4A2C2C-826C-4B5A-9E44-350EA3E45360}
2011-10-31 09:04:53 -------- d-----w- c:\users\dan\appdata\local\{F393F5D6-7806-45CD-975B-AB0CE6290802}
2011-10-30 18:47:51 -------- d-----w- c:\users\dan\appdata\local\{24214593-5E0E-4375-8B47-A68E1225C9AB}
2011-10-30 18:47:39 -------- d-----w- c:\users\dan\appdata\local\{A9790876-7F7D-4EB4-951D-E59BD2D4C420}
2011-10-30 18:47:27 -------- d-----w- c:\users\dan\appdata\local\{5682DAB7-2FC2-4DC7-B1A4-FDB09E52AF20}
2011-10-30 03:31:23 -------- d-----w- c:\users\dan\appdata\local\{30F7182E-C981-4266-AFBC-2EC29C97F17D}
2011-10-30 03:31:06 -------- d-----w- c:\users\dan\appdata\local\{5E2E9B2A-E3C5-4128-A113-BBC02AC4648C}
2011-10-30 03:30:41 -------- d-----w- c:\users\dan\appdata\local\{3FEBFECA-C447-4B1B-B0FE-3803D67905B6}
2011-10-29 13:44:15 -------- d-----w- c:\users\dan\appdata\local\{F2E91C4E-FAD5-40F3-B864-127FC7D5D646}
2011-10-29 10:00:42 -------- d-----w- c:\users\dan\appdata\local\{04455DDC-5DA2-49CE-AA5B-50935333036A}
2011-10-28 19:52:54 -------- d-----w- c:\users\dan\appdata\local\{FB52BD7D-C316-41A5-A926-ACD8BCDBDDA5}
2011-10-28 19:52:43 -------- d-----w- c:\users\dan\appdata\local\{25DA6A40-2925-4965-A153-EBF5E41C113B}
2011-10-28 19:52:30 -------- d-----w- c:\users\dan\appdata\local\{FC03EEE9-2E9D-4A10-A359-5CA20D3A42D4}
2011-10-28 02:32:34 -------- d-----w- c:\users\dan\appdata\local\{5FB9FF0C-24C4-4FC7-B649-CD33C68BB7B4}
2011-10-28 02:32:23 -------- d-----w- c:\users\dan\appdata\local\{C06120AD-0570-4075-B9B5-7810E9589242}
2011-10-28 02:32:02 -------- d-----w- c:\users\dan\appdata\local\{1197131D-6974-4C69-BD3A-D1767C14AF93}
2011-10-27 14:17:18 -------- d-----w- c:\users\dan\appdata\local\{DF932608-679B-45D3-B204-63AF566EDEA8}
2011-10-27 10:21:06 -------- d-----w- c:\users\dan\appdata\local\{29E824E3-F879-4E0B-B281-B50A364257FC}
2011-10-26 17:46:08 -------- d-----w- c:\users\dan\appdata\local\{21A99876-0C26-4A80-9ACB-97FCEC1FC788}
2011-10-26 07:57:59 -------- d-----w- c:\users\dan\appdata\local\{B4EAC74B-1CF3-473A-8690-3CD87CA6324D}
.
==================== Find3M ====================
.
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 12:58:09.08 ===============





ATTACHE LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/01/2010 1:15:02 PM
System Uptime: 24/11/2011 7:05:24 AM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | N/A | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 128.174 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1297\7&97C65CA&0&18E7F4E58C5B_C00000006
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1297\7&97C65CA&0&18E7F4E58C5B_C00000006
Service:
.
==== System Restore Points ===================
.
RP367: 10/11/2011 12:24:04 PM - Windows Modules Installer
RP369: 10/11/2011 12:41:42 PM - Installed Rapport
RP370: 12/11/2011 3:00:13 AM - Windows Update
RP371: 15/11/2011 2:13:32 PM - Windows Update
RP372: 22/11/2011 9:59:22 AM - Windows Update
RP374: 23/11/2011 4:06:34 PM - Installed Rapport
RP375: 23/11/2011 5:02:50 PM - Installed Windows Media Player Firefox Plugin
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Reader 9.4.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agama Web Menus
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cheat Engine 5.6
Click to Disc Editor
CoffeeCup Password Wizard
COGECO Security Services
Connect
D3DX10
Desktop Calendar Tools
EditPlus 3
F-Secure PSC Prerequisites
Facebook Plug-In
FilmFanatic
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
iCloud
iCU2
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Ipswitch WS_FTP 12
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
jZip
KBD
kuler
Lexmark 6500 Series
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Marvell Miniport Driver
MFC RunTime files
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-GB)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
nav-u tool
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PS2
Punch! Interior Design Suite
QuickTime
Rapport
Realtek High Definition Audio Driver
Realtime Landscaping Photo 2011 Trial
Remote Control USB Driver
RICOH R5U8xx Media Driver ver.3.62.02
Rosetta Stone Version 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Sothink Tree Menu
STK02N 2.3
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
24/11/2011 6:58:42 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
24/11/2011 12:34:06 PM, Error: atikmdag [43029] - Display is not active
24/11/2011 12:34:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
23/11/2011 4:04:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdfCATSCustConnectService service to connect.
23/11/2011 4:04:53 PM, Error: Service Control Manager [7000] - The lxdfCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/11/2011 4:04:40 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
23/11/2011 3:55:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
22/11/2011 9:45:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
22/11/2011 8:55:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the F-Secure Gatekeeper Handler Starter service.
20/11/2011 11:25:11 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{297B24D2-B94E-431D-95A8-AD6547720977} because another computer on the network has the same name. The server could not start.
19/11/2011 2:21:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user DAN-PC\DAN SID (S-1-5-21-2631104474-2121115015-1904257722-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/11/2011 2:21:32 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user DAN-PC\DAN SID (S-1-5-21-2631104474-2121115015-1904257722-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/11/2011 9:57:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
17/11/2011 1:41:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CRAIG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{297B24D2-B94E-431D-95A8-AD6547720. The master browser is stopping or an election is being forced.
17/11/2011 1:36:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 24 November 2011 - 01:41 PM

Hi, except for this mail, do you have any problem that may indicate an infection (pop ups, extreme slowness, redirects,...)?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 November 2011 - 02:07 PM

Hi. Following you will see the log from the scan I just ran.
I have noticed the computer getting slower over time, but just attributed that to age and use.

14:00:15.0022 6744 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:00:17.0025 6744 ============================================================
14:00:17.0025 6744 Current date / time: 2011/11/24 14:00:17.0025
14:00:17.0025 6744 SystemInfo:
14:00:17.0025 6744
14:00:17.0025 6744 OS Version: 6.1.7601 ServicePack: 1.0
14:00:17.0025 6744 Product type: Workstation
14:00:17.0025 6744 ComputerName: DAN-PC
14:00:17.0025 6744 UserName: DAN
14:00:17.0025 6744 Windows directory: C:\Windows
14:00:17.0025 6744 System windows directory: C:\Windows
14:00:17.0025 6744 Processor architecture: Intel x86
14:00:17.0025 6744 Number of processors: 2
14:00:17.0025 6744 Page size: 0x1000
14:00:17.0025 6744 Boot type: Normal boot
14:00:17.0025 6744 ============================================================
14:00:19.0201 6744 Initialize success
14:00:38.0455 7236 ============================================================
14:00:38.0455 7236 Scan started
14:00:38.0455 7236 Mode: Manual;
14:00:38.0455 7236 ============================================================
14:00:40.0894 7236 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:00:40.0910 7236 1394ohci - ok
14:00:41.0038 7236 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:00:41.0054 7236 ACPI - ok
14:00:41.0095 7236 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:00:41.0097 7236 AcpiPmi - ok
14:00:41.0156 7236 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
14:00:41.0160 7236 adfs - ok
14:00:41.0328 7236 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:00:41.0357 7236 adp94xx - ok
14:00:41.0434 7236 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:00:41.0453 7236 adpahci - ok
14:00:41.0488 7236 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:00:41.0494 7236 adpu320 - ok
14:00:41.0654 7236 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:00:41.0675 7236 AFD - ok
14:00:41.0726 7236 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:00:41.0746 7236 agp440 - ok
14:00:41.0788 7236 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:00:41.0791 7236 aic78xx - ok
14:00:41.0847 7236 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:00:41.0849 7236 aliide - ok
14:00:41.0883 7236 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:00:41.0886 7236 amdagp - ok
14:00:41.0912 7236 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:00:41.0914 7236 amdide - ok
14:00:41.0959 7236 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:00:41.0962 7236 AmdK8 - ok
14:00:41.0993 7236 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:00:41.0995 7236 AmdPPM - ok
14:00:42.0044 7236 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:00:42.0046 7236 amdsata - ok
14:00:42.0077 7236 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:00:42.0080 7236 amdsbs - ok
14:00:42.0102 7236 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:00:42.0104 7236 amdxata - ok
14:00:42.0180 7236 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:00:42.0184 7236 AppID - ok
14:00:42.0262 7236 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:00:42.0264 7236 arc - ok
14:00:42.0297 7236 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:00:42.0299 7236 arcsas - ok
14:00:42.0345 7236 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:00:42.0347 7236 AsyncMac - ok
14:00:42.0395 7236 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:00:42.0396 7236 atapi - ok
14:00:42.0702 7236 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
14:00:42.0773 7236 atikmdag - ok
14:00:42.0971 7236 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:00:42.0983 7236 b06bdrv - ok
14:00:43.0049 7236 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:00:43.0053 7236 b57nd60x - ok
14:00:43.0082 7236 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:00:43.0083 7236 Beep - ok
14:00:43.0117 7236 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:00:43.0119 7236 blbdrive - ok
14:00:43.0192 7236 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:00:43.0194 7236 bowser - ok
14:00:43.0214 7236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:00:43.0215 7236 BrFiltLo - ok
14:00:43.0243 7236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:00:43.0244 7236 BrFiltUp - ok
14:00:43.0283 7236 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:00:43.0288 7236 Brserid - ok
14:00:43.0318 7236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:00:43.0320 7236 BrSerWdm - ok
14:00:43.0346 7236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:00:43.0347 7236 BrUsbMdm - ok
14:00:43.0377 7236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:00:43.0378 7236 BrUsbSer - ok
14:00:43.0445 7236 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
14:00:43.0448 7236 BthEnum - ok
14:00:43.0477 7236 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:00:43.0480 7236 BTHMODEM - ok
14:00:43.0522 7236 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:00:43.0524 7236 BthPan - ok
14:00:43.0589 7236 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
14:00:43.0596 7236 BTHPORT - ok
14:00:43.0640 7236 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
14:00:43.0641 7236 BTHUSB - ok
14:00:43.0688 7236 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:00:43.0690 7236 cdfs - ok
14:00:43.0771 7236 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:00:43.0774 7236 cdrom - ok
14:00:43.0810 7236 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:00:43.0811 7236 circlass - ok
14:00:43.0866 7236 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:00:43.0873 7236 CLFS - ok
14:00:43.0965 7236 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:00:43.0967 7236 CmBatt - ok
14:00:43.0998 7236 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:00:43.0999 7236 cmdide - ok
14:00:44.0035 7236 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:00:44.0042 7236 CNG - ok
14:00:44.0086 7236 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:00:44.0087 7236 Compbatt - ok
14:00:44.0147 7236 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:00:44.0148 7236 CompositeBus - ok
14:00:44.0181 7236 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:00:44.0182 7236 crcdisk - ok
14:00:44.0259 7236 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:00:44.0263 7236 DfsC - ok
14:00:44.0292 7236 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:00:44.0293 7236 discache - ok
14:00:44.0334 7236 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:00:44.0336 7236 Disk - ok
14:00:44.0419 7236 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:00:44.0420 7236 drmkaud - ok
14:00:44.0488 7236 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:00:44.0500 7236 DXGKrnl - ok
14:00:44.0619 7236 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:00:44.0662 7236 ebdrv - ok
14:00:44.0706 7236 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:00:44.0714 7236 elxstor - ok
14:00:44.0820 7236 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:00:44.0834 7236 ErrDev - ok
14:00:44.0975 7236 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:00:44.0980 7236 exfat - ok
14:00:45.0133 7236 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys
14:00:45.0139 7236 F-Secure Gatekeeper - ok
14:00:45.0196 7236 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys
14:00:45.0201 7236 F-Secure HIPS - ok
14:00:45.0364 7236 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:00:45.0370 7236 fastfat - ok
14:00:45.0415 7236 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:00:45.0417 7236 fdc - ok
14:00:45.0450 7236 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:00:45.0452 7236 FileInfo - ok
14:00:45.0476 7236 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:00:45.0478 7236 Filetrace - ok
14:00:45.0527 7236 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:00:45.0529 7236 flpydisk - ok
14:00:45.0560 7236 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:00:45.0565 7236 FltMgr - ok
14:00:45.0611 7236 fsbts (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys
14:00:45.0613 7236 fsbts - ok
14:00:45.0634 7236 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:00:45.0636 7236 FsDepends - ok
14:00:45.0699 7236 FSES (2bffae1318ce3d9847a8d61b3726e54e) C:\Windows\system32\drivers\fses.sys
14:00:45.0701 7236 FSES - ok
14:00:45.0732 7236 FSFW (73e6e711455491da6ebbaf9603e96323) C:\Windows\system32\drivers\fsdfw.sys
14:00:45.0734 7236 FSFW - ok
14:00:45.0803 7236 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:00:45.0805 7236 fssfltr - ok
14:00:45.0919 7236 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys
14:00:45.0922 7236 fsvista - ok
14:00:45.0982 7236 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:00:45.0992 7236 Fs_Rec - ok
14:00:46.0058 7236 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:00:46.0062 7236 fvevol - ok
14:00:46.0100 7236 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:00:46.0102 7236 gagp30kx - ok
14:00:46.0158 7236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:00:46.0159 7236 GEARAspiWDM - ok
14:00:46.0206 7236 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:00:46.0208 7236 hcw85cir - ok
14:00:46.0288 7236 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:00:46.0297 7236 HdAudAddService - ok
14:00:46.0344 7236 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:00:46.0347 7236 HDAudBus - ok
14:00:46.0376 7236 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:00:46.0378 7236 HidBatt - ok
14:00:46.0414 7236 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:00:46.0417 7236 HidBth - ok
14:00:46.0464 7236 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:00:46.0466 7236 HidIr - ok
14:00:46.0512 7236 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:00:46.0513 7236 HidUsb - ok
14:00:46.0545 7236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:00:46.0547 7236 HpSAMD - ok
14:00:46.0647 7236 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:00:46.0655 7236 HTTP - ok
14:00:46.0708 7236 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:00:46.0708 7236 hwpolicy - ok
14:00:46.0783 7236 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:00:46.0805 7236 i8042prt - ok
14:00:46.0844 7236 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:00:46.0850 7236 iaStorV - ok
14:00:46.0919 7236 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:00:46.0934 7236 iirsp - ok
14:00:47.0652 7236 IntcAzAudAddService (e846f87239c4a92b14a56f8b90b24383) C:\Windows\system32\drivers\RTKVHDA.sys
14:00:47.0767 7236 IntcAzAudAddService - ok
14:00:48.0135 7236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:00:48.0149 7236 intelide - ok
14:00:48.0232 7236 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:00:48.0236 7236 intelppm - ok
14:00:48.0429 7236 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:00:48.0431 7236 IpFilterDriver - ok
14:00:48.0482 7236 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:00:48.0485 7236 IPMIDRV - ok
14:00:48.0514 7236 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:00:48.0517 7236 IPNAT - ok
14:00:48.0589 7236 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:00:48.0590 7236 IRENUM - ok
14:00:48.0628 7236 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:00:48.0630 7236 isapnp - ok
14:00:48.0703 7236 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:00:48.0725 7236 iScsiPrt - ok
14:00:48.0777 7236 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:00:48.0780 7236 kbdclass - ok
14:00:48.0850 7236 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:00:48.0868 7236 kbdhid - ok
14:00:48.0987 7236 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:00:49.0013 7236 KSecDD - ok
14:00:49.0075 7236 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:00:49.0099 7236 KSecPkg - ok
14:00:49.0164 7236 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:00:49.0167 7236 lltdio - ok
14:00:49.0223 7236 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:00:49.0242 7236 LSI_FC - ok
14:00:49.0278 7236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:00:49.0281 7236 LSI_SAS - ok
14:00:49.0310 7236 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:00:49.0312 7236 LSI_SAS2 - ok
14:00:49.0344 7236 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:00:49.0347 7236 LSI_SCSI - ok
14:00:49.0372 7236 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:00:49.0374 7236 luafv - ok
14:00:49.0436 7236 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:00:49.0437 7236 megasas - ok
14:00:49.0508 7236 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:00:49.0534 7236 MegaSR - ok
14:00:49.0592 7236 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:00:49.0596 7236 Modem - ok
14:00:49.0623 7236 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:00:49.0625 7236 monitor - ok
14:00:49.0696 7236 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:00:49.0718 7236 mouclass - ok
14:00:49.0765 7236 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:00:49.0766 7236 mouhid - ok
14:00:49.0829 7236 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:00:49.0831 7236 mountmgr - ok
14:00:49.0867 7236 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:00:49.0870 7236 mpio - ok
14:00:49.0889 7236 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:00:49.0891 7236 mpsdrv - ok
14:00:49.0965 7236 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:00:49.0979 7236 MRxDAV - ok
14:00:50.0048 7236 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:00:50.0062 7236 mrxsmb - ok
14:00:50.0115 7236 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:00:50.0119 7236 mrxsmb10 - ok
14:00:50.0145 7236 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:00:50.0147 7236 mrxsmb20 - ok
14:00:50.0195 7236 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:00:50.0197 7236 msahci - ok
14:00:50.0252 7236 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:00:50.0255 7236 msdsm - ok
14:00:50.0335 7236 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:00:50.0338 7236 Msfs - ok
14:00:50.0364 7236 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:00:50.0366 7236 mshidkmdf - ok
14:00:50.0421 7236 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:00:50.0422 7236 msisadrv - ok
14:00:50.0498 7236 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:00:50.0499 7236 MSKSSRV - ok
14:00:50.0523 7236 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:00:50.0525 7236 MSPCLOCK - ok
14:00:50.0541 7236 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:00:50.0542 7236 MSPQM - ok
14:00:50.0569 7236 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:00:50.0573 7236 MsRPC - ok
14:00:50.0601 7236 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:00:50.0605 7236 mssmbios - ok
14:00:50.0626 7236 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:00:50.0628 7236 MSTEE - ok
14:00:50.0651 7236 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:00:50.0652 7236 MTConfig - ok
14:00:50.0690 7236 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:00:50.0692 7236 Mup - ok
14:00:50.0815 7236 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:00:50.0837 7236 NativeWifiP - ok
14:00:50.0950 7236 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:00:50.0965 7236 NDIS - ok
14:00:51.0035 7236 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:00:51.0036 7236 NdisCap - ok
14:00:51.0079 7236 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:00:51.0081 7236 NdisTapi - ok
14:00:51.0130 7236 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:00:51.0136 7236 Ndisuio - ok
14:00:51.0194 7236 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:00:51.0211 7236 NdisWan - ok
14:00:51.0257 7236 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:00:51.0259 7236 NDProxy - ok
14:00:51.0325 7236 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
14:00:51.0357 7236 Netaapl - ok
14:00:51.0392 7236 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:00:51.0395 7236 NetBIOS - ok
14:00:51.0468 7236 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:00:51.0482 7236 NetBT - ok
14:00:52.0135 7236 netw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\netw5v32.sys
14:00:52.0216 7236 netw5v32 - ok
14:00:52.0389 7236 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:00:52.0391 7236 nfrd960 - ok
14:00:52.0437 7236 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:00:52.0438 7236 Npfs - ok
14:00:52.0460 7236 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:00:52.0461 7236 nsiproxy - ok
14:00:52.0551 7236 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:00:52.0581 7236 Ntfs - ok
14:00:52.0608 7236 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:00:52.0610 7236 Null - ok
14:00:52.0674 7236 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:00:52.0679 7236 nvraid - ok
14:00:52.0714 7236 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:00:52.0721 7236 nvstor - ok
14:00:52.0757 7236 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:00:52.0760 7236 nv_agp - ok
14:00:52.0807 7236 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:00:52.0809 7236 ohci1394 - ok
14:00:52.0874 7236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:00:52.0876 7236 Parport - ok
14:00:52.0940 7236 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:00:52.0941 7236 partmgr - ok
14:00:52.0966 7236 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:00:52.0968 7236 Parvdm - ok
14:00:52.0991 7236 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:00:52.0996 7236 pci - ok
14:00:53.0020 7236 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:00:53.0022 7236 pciide - ok
14:00:53.0050 7236 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:00:53.0054 7236 pcmcia - ok
14:00:53.0085 7236 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:00:53.0087 7236 pcw - ok
14:00:53.0118 7236 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:00:53.0128 7236 PEAUTH - ok
14:00:53.0191 7236 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:00:53.0193 7236 PptpMiniport - ok
14:00:53.0216 7236 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:00:53.0218 7236 Processor - ok
14:00:53.0293 7236 Ps2 (bffdb363485501a38f0bca83aec810db) C:\Windows\system32\DRIVERS\PS2.sys
14:00:53.0294 7236 Ps2 - ok
14:00:53.0334 7236 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:00:53.0336 7236 Psched - ok
14:00:53.0398 7236 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:00:53.0419 7236 ql2300 - ok
14:00:53.0451 7236 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:00:53.0454 7236 ql40xx - ok
14:00:53.0483 7236 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:00:53.0485 7236 QWAVEdrv - ok
14:00:53.0690 7236 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
14:00:53.0786 7236 RapportCerberus_32301 - ok
14:00:53.0872 7236 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:00:53.0876 7236 RapportEI - ok
14:00:53.0986 7236 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
14:00:54.0022 7236 RapportIaso - ok
14:00:54.0147 7236 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
14:00:54.0153 7236 RapportKELL - ok
14:00:54.0221 7236 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:00:54.0227 7236 RapportPG - ok
14:00:54.0293 7236 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:00:54.0296 7236 RasAcd - ok
14:00:54.0357 7236 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:00:54.0361 7236 RasAgileVpn - ok
14:00:54.0397 7236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:00:54.0401 7236 Rasl2tp - ok
14:00:54.0449 7236 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:00:54.0452 7236 RasPppoe - ok
14:00:54.0482 7236 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:00:54.0485 7236 RasSstp - ok
14:00:54.0545 7236 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:00:54.0551 7236 rdbss - ok
14:00:54.0575 7236 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:00:54.0577 7236 rdpbus - ok
14:00:54.0629 7236 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:00:54.0631 7236 RDPCDD - ok
14:00:54.0674 7236 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:00:54.0676 7236 RDPENCDD - ok
14:00:54.0697 7236 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:00:54.0699 7236 RDPREFMP - ok
14:00:54.0755 7236 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:00:54.0760 7236 RDPWD - ok
14:00:54.0815 7236 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:00:54.0820 7236 rdyboost - ok
14:00:54.0887 7236 RemoteControl-USBLAN (7553d60b85ac53bd4486c418a0fbfcdf) C:\Windows\system32\DRIVERS\rcblan.sys
14:00:54.0891 7236 RemoteControl-USBLAN - ok
14:00:54.0964 7236 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:00:54.0968 7236 RFCOMM - ok
14:00:55.0024 7236 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:00:55.0026 7236 rimsptsk - ok
14:00:55.0111 7236 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:00:55.0113 7236 rspndr - ok
14:00:55.0153 7236 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
14:00:55.0176 7236 RTHDMIAzAudService - ok
14:00:55.0234 7236 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:00:55.0237 7236 sbp2port - ok
14:00:55.0286 7236 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:00:55.0288 7236 scfilter - ok
14:00:55.0321 7236 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
14:00:55.0323 7236 sdbus - ok
14:00:55.0407 7236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:00:55.0408 7236 secdrv - ok
14:00:55.0449 7236 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:00:55.0451 7236 Serenum - ok
14:00:55.0490 7236 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:00:55.0493 7236 Serial - ok
14:00:55.0525 7236 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:00:55.0526 7236 sermouse - ok
14:00:55.0592 7236 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
14:00:55.0593 7236 SFEP - ok
14:00:55.0646 7236 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:00:55.0647 7236 sffdisk - ok
14:00:55.0676 7236 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:00:55.0678 7236 sffp_mmc - ok
14:00:55.0715 7236 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:00:55.0717 7236 sffp_sd - ok
14:00:55.0747 7236 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:00:55.0749 7236 sfloppy - ok
14:00:55.0788 7236 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:00:55.0790 7236 sisagp - ok
14:00:55.0829 7236 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:00:55.0831 7236 SiSRaid2 - ok
14:00:55.0856 7236 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:00:55.0858 7236 SiSRaid4 - ok
14:00:55.0897 7236 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:00:55.0899 7236 Smb - ok
14:00:55.0956 7236 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:00:55.0957 7236 spldr - ok
14:00:56.0024 7236 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:00:56.0030 7236 srv - ok
14:00:56.0062 7236 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:00:56.0068 7236 srv2 - ok
14:00:56.0142 7236 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:00:56.0150 7236 SrvHsfHDA - ok
14:00:56.0214 7236 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:00:56.0230 7236 SrvHsfV92 - ok
14:00:56.0269 7236 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:00:56.0280 7236 SrvHsfWinac - ok
14:00:56.0324 7236 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:00:56.0326 7236 srvnet - ok
14:00:56.0398 7236 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:00:56.0400 7236 stexstor - ok
14:00:56.0466 7236 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:00:56.0467 7236 swenum - ok
14:00:56.0597 7236 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:00:56.0616 7236 Tcpip - ok
14:00:56.0663 7236 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:00:56.0672 7236 TCPIP6 - ok
14:00:56.0737 7236 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:00:56.0738 7236 tcpipreg - ok
14:00:56.0787 7236 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:00:56.0789 7236 TDPIPE - ok
14:00:56.0814 7236 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:00:56.0816 7236 TDTCP - ok
14:00:56.0866 7236 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:00:56.0868 7236 tdx - ok
14:00:56.0915 7236 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:00:56.0918 7236 TermDD - ok
14:00:56.0969 7236 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:00:56.0970 7236 tssecsrv - ok
14:00:57.0059 7236 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:00:57.0061 7236 TsUsbFlt - ok
14:00:57.0127 7236 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:00:57.0132 7236 tunnel - ok
14:00:57.0196 7236 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:00:57.0200 7236 uagp35 - ok
14:00:57.0270 7236 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:00:57.0274 7236 udfs - ok
14:00:57.0344 7236 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:00:57.0348 7236 uliagpkx - ok
14:00:57.0399 7236 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:00:57.0403 7236 umbus - ok
14:00:57.0433 7236 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:00:57.0435 7236 UmPass - ok
14:00:57.0493 7236 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:00:57.0496 7236 USBAAPL - ok
14:00:57.0540 7236 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:00:57.0543 7236 usbaudio - ok
14:00:57.0569 7236 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:00:57.0572 7236 usbccgp - ok
14:00:57.0627 7236 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:00:57.0630 7236 usbcir - ok
14:00:57.0644 7236 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:00:57.0647 7236 usbehci - ok
14:00:57.0682 7236 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:00:57.0688 7236 usbhub - ok
14:00:57.0712 7236 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:00:57.0714 7236 usbohci - ok
14:00:57.0762 7236 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:00:57.0764 7236 usbprint - ok
14:00:57.0817 7236 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:00:57.0819 7236 usbscan - ok
14:00:57.0847 7236 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:00:57.0849 7236 USBSTOR - ok
14:00:57.0878 7236 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:00:57.0880 7236 usbuhci - ok
14:00:57.0955 7236 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:00:57.0960 7236 usbvideo - ok
14:00:58.0008 7236 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:00:58.0011 7236 vdrvroot - ok
14:00:58.0071 7236 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:00:58.0073 7236 vga - ok
14:00:58.0096 7236 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:00:58.0098 7236 VgaSave - ok
14:00:58.0127 7236 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:00:58.0131 7236 vhdmp - ok
14:00:58.0173 7236 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:00:58.0175 7236 viaagp - ok
14:00:58.0206 7236 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:00:58.0208 7236 ViaC7 - ok
14:00:58.0255 7236 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:00:58.0258 7236 viaide - ok
14:00:58.0430 7236 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:00:58.0432 7236 volmgr - ok
14:00:58.0465 7236 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:00:58.0470 7236 volmgrx - ok
14:00:58.0500 7236 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:00:58.0505 7236 volsnap - ok
14:00:58.0547 7236 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:00:58.0550 7236 vsmraid - ok
14:00:58.0572 7236 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:00:58.0574 7236 vwifibus - ok
14:00:58.0622 7236 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:00:58.0623 7236 WacomPen - ok
14:00:58.0690 7236 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:00:58.0694 7236 WANARP - ok
14:00:58.0707 7236 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:00:58.0710 7236 Wanarpv6 - ok
14:00:58.0798 7236 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:00:58.0800 7236 Wd - ok
14:00:58.0826 7236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:00:58.0835 7236 Wdf01000 - ok
14:00:58.0893 7236 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:00:58.0894 7236 WfpLwf - ok
14:00:58.0924 7236 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:00:58.0925 7236 WIMMount - ok
14:00:59.0031 7236 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:00:59.0032 7236 WinUsb - ok
14:00:59.0094 7236 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:00:59.0096 7236 WmiAcpi - ok
14:00:59.0145 7236 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:00:59.0146 7236 ws2ifsl - ok
14:00:59.0203 7236 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:00:59.0206 7236 WudfPf - ok
14:00:59.0227 7236 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:00:59.0231 7236 WUDFRd - ok
14:00:59.0304 7236 yukonw7 (95c1a8e708efa7fcae03cae688465b0a) C:\Windows\system32\DRIVERS\yk62x86.sys
14:00:59.0310 7236 yukonw7 - ok
14:00:59.0360 7236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:00:59.0373 7236 \Device\Harddisk0\DR0 - ok
14:00:59.0379 7236 Boot (0x1200) (32036f1eb618c10620061c844b1c1208) \Device\Harddisk0\DR0\Partition0
14:00:59.0381 7236 \Device\Harddisk0\DR0\Partition0 - ok
14:00:59.0384 7236 ============================================================
14:00:59.0384 7236 Scan finished
14:00:59.0384 7236 ============================================================
14:00:59.0397 6728 Detected object count: 0
14:00:59.0397 6728 Actual detected object count: 0

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 24 November 2011 - 02:11 PM

That is possible, so far I see no evidence of malware.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 November 2011 - 03:36 PM

Here is the log from running ComboFix.

ComboFix 11-11-24.01 - DAN 24/11/2011 14:52:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.1321 [GMT -5:00]
Running from: c:\users\DAN\Downloads\PC Repair\ComboFix.exe
AV: COGECO Security Services 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: COGECO Security Services 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: COGECO Security Services 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\FILMFA~2\bar\1.bin\paBAr.dll
c:\program files\FilmFanatic
c:\program files\FilmFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\FilmFanatic\bar\1.bin\chrome\paffxtbr.jar
c:\program files\FilmFanatic\bar\1.bin\INSTALL.RDF
c:\program files\FilmFanatic\bar\1.bin\LOGO.BMP
c:\program files\FilmFanatic\bar\1.bin\NPpaStub.dll
c:\program files\FilmFanatic\bar\1.bin\paauxstb.dll
c:\program files\FilmFanatic\bar\1.bin\paBAr.dll
c:\program files\FilmFanatic\bar\1.bin\pabarsvc.exe
c:\program files\FilmFanatic\bar\1.bin\pabrmon.exe
c:\program files\FilmFanatic\bar\1.bin\pabrstub.dll
c:\program files\FilmFanatic\bar\1.bin\padatact.dll
c:\program files\FilmFanatic\bar\1.bin\padlghk.dll
c:\program files\FilmFanatic\bar\1.bin\padyn.dll
c:\program files\FilmFanatic\bar\1.bin\pafeedmg.dll
c:\program files\FilmFanatic\bar\1.bin\pahighin.exe
c:\program files\FilmFanatic\bar\1.bin\paHTml.dll
c:\program files\FilmFanatic\bar\1.bin\paHTmlmu.dll
c:\program files\FilmFanatic\bar\1.bin\paHTtpct.dll
c:\program files\FilmFanatic\bar\1.bin\paidle.dll
c:\program files\FilmFanatic\bar\1.bin\paimpipe.exe
c:\program files\FilmFanatic\bar\1.bin\pamedint.exe
c:\program files\FilmFanatic\bar\1.bin\pamlbtn.dll
c:\program files\FilmFanatic\bar\1.bin\paMSg.dll
c:\program files\FilmFanatic\bar\1.bin\paPlugin.dll
c:\program files\FilmFanatic\bar\1.bin\paRAdio.dll
c:\program files\FilmFanatic\bar\1.bin\paregfft.dll
c:\program files\FilmFanatic\bar\1.bin\paregiet.dll
c:\program files\FilmFanatic\bar\1.bin\paSCript.dll
c:\program files\FilmFanatic\bar\1.bin\paskin.dll
c:\program files\FilmFanatic\bar\1.bin\paskplay.exe
c:\program files\FilmFanatic\bar\1.bin\paSRcas.dll
c:\program files\FilmFanatic\bar\1.bin\patpinst.dll
c:\program files\FilmFanatic\bar\1.bin\pauabtn.dll
c:\program files\FilmFanatic\bar\1.bin\T8FFTBPR.DLL
c:\program files\FilmFanatic\bar\1.bin\T8PATCH.DLL
c:\program files\FilmFanatic\bar\1.bin\T8UNPAT.DLL
c:\program files\FilmFanatic\bar\Message\COMMON.T8S
c:\program files\FilmFanatic\bar\Settings\s_pid.dat
c:\program files\FilmFanaticEI
c:\programdata\Roaming
c:\users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\fortg3r3.default\extensions\paffxtbr@FilmFanatic.com
c:\users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\fortg3r3.default\extensions\paffxtbr@FilmFanatic.com\chrome.manifest
c:\users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\fortg3r3.default\extensions\paffxtbr@FilmFanatic.com\chrome\paffxtbr.jar
c:\users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\fortg3r3.default\extensions\paffxtbr@FilmFanatic.com\install.rdf
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\ps2.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FilmFanaticService
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 20:12 . 2011-11-24 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 20:11 . 2011-11-24 20:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-22 15:00 . 2011-11-23 21:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9364D9F-9205-4FA4-A87E-CB2AB018BF9D}\offreg.dll
2011-11-22 15:00 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9364D9F-9205-4FA4-A87E-CB2AB018BF9D}\mpengine.dll
2011-11-14 21:02 . 2011-11-14 21:02 -------- d-----w- c:\program files\iPod
2011-11-14 21:02 . 2011-11-14 21:03 -------- d-----w- c:\program files\iTunes
2011-11-11 00:09 . 2011-11-21 21:15 -------- d-----w- C:\csporder
2011-11-09 22:31 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:31 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 22:31 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 02:28 . 2011-11-08 02:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-04 01:27 . 2011-11-04 01:35 -------- d-----w- c:\users\DAN\AppData\Roaming\Icu2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 00:22 . 2011-10-10 00:22 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-01 02:35 . 2011-10-13 13:28 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 13:28 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 13:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-27 04:26 . 2011-10-13 01:59 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 01:59 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-20 22:25 . 2011-10-21 00:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Innerpass"="c:\programdata\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe" [2010-01-23 258048]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-03-20 66864]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2009-07-07 455336]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2009-07-07 25256]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2009-07-07 307880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-16 7739936]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-03 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-3-20 66864]
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2010-11-9 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-18 42672]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-08 56208]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\COGECO Security Services\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-12-17 36792]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-12-17 73160]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-08 227312]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-08 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-08 164112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 598960]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2009-09-16 133664]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [2011-09-08 148632]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\COGECO Security Services\ORSP Client\fsorsp.exe [2011-05-23 61088]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 03:39]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 03:39]
.
2011-11-24 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\COGECO~1\ANTI-V~1\fsav.exe [2010-01-19 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\COGECO Security Services\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5B561F0A-5C67-41C0-A71D-86233FC083FC}: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\fortg3r3.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\cogeco security services\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\program files\cogeco security services\hips\fshook32.dll
.
- - - - - - - > 'Explorer.exe'(3092)
c:\program files\cogeco security services\hips\fshook32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\COGECO Security Services\Anti-Virus\FSGK32.EXE
c:\program files\COGECO Security Services\Common\FSHDLL32.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\program files\COGECO Security Services\FWES\Program\fsdfwd.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\windows\system32\conhost.exe
c:\program files\COGECO Security Services\Anti-Virus\fsav32.exe
c:\windows\system32\DllHost.exe
c:\program files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2011-11-24 15:28:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 20:27
.
Pre-Run: 151,539,187,712 bytes free
Post-Run: 155,698,298,880 bytes free
.
- - End Of File - - 4DC77709564FA43BBB9D0E4787FC3FD9

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 24 November 2011 - 03:53 PM

Did your ISP ask you to reset your router? I see no signs of DNS hijacking here, but a router's DNS can also be hijacked, which can be fixed by resetting the router.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 November 2011 - 04:28 PM

No, the Service Provider didn't ask, and I just read the possability of the router hijack about 1 hour ago.
I will reset the router as a precaution.
I guess if you don't see anything on this computer, then I'll assume it's clean.
I couldn't see anything that would indicate to me that there was any malware either.

Thank You very much for your help.
I really appreciate it.
Cheers.
Dan.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 25 November 2011 - 11:55 AM

Hi Dan, if you need help resetting the router please let me know. :)
If not, let me know how it went.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 10 December 2011 - 06:45 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users