Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Chinese IP addresses trying to connect with my PC


  • This topic is locked This topic is locked
40 replies to this topic

#1 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 02 October 2009 - 04:28 PM

Hi,

I'm using a Vista laptop that I haven't used for a while but anti-virus (Kaspersky) and firewall (Comodo) are up to date.
I added a VPN connection to be able to connect from Australia to a client site in the UK.

I mentioned to one of the tech guys there that Comodo window keeps popping up saying that a program is trying to connect from the Internet and I keep blocking them. Some of them are in Chinese. He said that he thought that the way my router was set up that this meant that something could be coming from my PC in the first place.

UPDATE 04/10/09: I also have connections from my PC to the internet that don't seem kosher too in that Windows doesn't recognize them.
I've run malwarebytes this morning but nothing found. Hopefully the logs below will find something!

I've run scans and they say there's no threat but I'm still having to block these connections and I'm worried what if I hit the wring button and don't block them. So I want to know if there is something on my PC that causing this.

Here are my logs:

DDS / RootRepeal / HJT and attach.txt.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Karen at 7:34:54.01 on 03/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2038.917 [GMT 9.5:30]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SpywareBot *disabled* (Updated) {02EC97B4-CA62-456B-817F-536582F038EB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WinService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\QUICKENW\qagent.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Wclock\wclock.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\mrtMngr.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE
C:\PROGRAM FILES\NETGEAR\WG111V2\WG111V2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Karen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Wclock] c:\program files\wclock\Wclock.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Skype] c:\program files\skype\phone\Skype.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BtHidUi] c:\program files\csr\vista profile pack\BtHidUi.exe
mRun: [<NO NAME>]
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [CnxDslTaskBar] "c:\program files\zyxel\zyxel usb adsl\cnxdsltb.exe" "zyxel\ZyXEL USB ADSL"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [QAGENT] c:\quickenw\QAGENT.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
LSA: Notification Packages = scecli CPNP

================= FIREFOX ===================

FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\fj4yi24a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2008-7-10 21728]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-6 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-6 29520]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-29 2235760]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-8 127488]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-29 47504]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2007-7-7 34712]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2008-7-10 180224]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-29 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-29 673872]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2007-6-30 13824]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-7-5 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-7-5 614272]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2007-7-5 53248]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2008-7-10 288768]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-7-5 15576]

=============== Created Last 30 ================

2009-10-02 06:25 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-02 06:06 72,704 a------- c:\windows\system32\admparse.dll
2009-10-02 05:27 270,848 a------- c:\windows\system32\schannel.dll
2009-10-02 05:27 499,712 a------- c:\windows\system32\kerberos.dll
2009-10-02 05:27 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-02 05:27 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-02 05:27 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-10-02 05:27 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-02 05:27 72,704 a------- c:\windows\system32\secur32.dll
2009-10-02 05:27 9,728 a------- c:\windows\system32\lsass.exe
2009-10-02 03:11 97,800 a------- c:\windows\system32\infocardapi.dll
2009-10-02 03:11 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-02 03:11 622,080 a------- c:\windows\system32\icardagt.exe
2009-10-02 03:11 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-10-02 03:11 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-10-02 03:11 11,264 a------- c:\windows\system32\icardres.dll
2009-10-02 03:11 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-10-02 03:11 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-10-02 03:01 96,760 a------- c:\windows\system32\dfshim.dll
2009-10-02 03:01 282,112 a------- c:\windows\system32\mscoree.dll
2009-10-02 03:01 41,984 a------- c:\windows\system32\netfxperf.dll
2009-10-02 03:01 158,720 a------- c:\windows\system32\mscorier.dll
2009-10-02 03:00 83,968 a------- c:\windows\system32\mscories.dll
2009-10-01 20:50 <DIR> --d----- c:\program files\MochaSoft
2009-10-01 15:02 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-01 15:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-01 15:02 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-01 15:02 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-01 15:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-01 14:48 <DIR> --d----- c:\users\karen\appdata\roaming\Wclock
2009-10-01 14:48 <DIR> --d----- c:\program files\Wclock
2009-10-01 14:33 253 a------- c:\windows\MYOBP.INI
2009-10-01 14:33 42 a------- c:\windows\MYOB.INI
2009-10-01 14:29 663 a------- c:\windows\openrda.ini
2009-10-01 14:29 <DIR> --d----- C:\MYOBODBC
2009-10-01 14:29 0 a------- c:\windows\drvxl32.INI
2009-10-01 14:29 0 a------- c:\windows\drvwd32.INI
2009-10-01 14:27 <DIR> --d----- c:\program files\common files\MSSoap
2009-10-01 14:25 <DIR> --d----- c:\program files\MYOB
2009-10-01 14:25 <DIR> --d----- C:\Premier11
2009-10-01 13:55 <DIR> --d----- c:\users\karen\BACKUPS
2009-09-24 15:13 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-24 14:46 2,033,152 a------- c:\windows\system32\win32k.sys
2009-09-24 14:46 289,792 a------- c:\windows\system32\atmfd.dll
2009-09-24 14:46 156,672 a------- c:\windows\system32\t2embed.dll
2009-09-24 14:46 72,704 a------- c:\windows\system32\fontsub.dll
2009-09-24 14:46 10,240 a------- c:\windows\system32\dciman32.dll
2009-09-24 14:45 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-24 14:45 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-09-24 14:42 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-24 14:42 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-09-24 14:14 <DIR> --d----- c:\program files\VS Revo Group
2009-09-23 23:15 2,048 a------- c:\windows\system32\tzres.dll
2009-09-23 22:35 376,832 a------- c:\windows\system32\winhttp.dll
2009-09-23 22:35 71,680 a------- c:\windows\system32\atl.dll
2009-09-23 22:35 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-09-23 22:35 38,912 a------- c:\windows\system32\xolehlp.dll
2009-09-23 22:35 160,256 a------- c:\windows\system32\wkssvc.dll
2009-09-23 22:35 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-23 22:35 24,064 a------- c:\windows\system32\amxread.dll
2009-09-23 22:35 13,824 a------- c:\windows\system32\apilogen.dll
2009-09-23 22:35 636,928 a------- c:\windows\system32\localspl.dll
2009-09-23 22:35 91,136 a------- c:\windows\system32\avifil32.dll
2009-09-23 21:24 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-09-23 21:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-09-23 21:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-09-23 21:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-09-23 21:24 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-09-23 21:23 43,520 a------- c:\windows\system32\msdxm.tlb
2009-09-23 21:23 18,432 a------- c:\windows\system32\amcompat.tlb
2009-09-23 21:23 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-23 21:23 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-23 21:23 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-09-23 21:14 2,516 a------- c:\windows\system32\drivers\default.bin
2009-09-23 21:14 2,516 a------- c:\windows\system32\default.bin
2009-09-23 21:11 <DIR> --d----- c:\program files\CheckPoint

==================== Find3M ====================

2009-09-24 15:32 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-24 15:32 86,016 a------- c:\windows\inf\infpub.dat
2009-09-24 15:32 86,016 a------- c:\windows\inf\infstor.dat
2009-09-24 15:31 179,792 a------- c:\windows\system32\guard32.dll
2009-09-24 15:31 128,888 a------- c:\windows\system32\drivers\cmdguard.sys
2009-09-24 15:31 29,520 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-28 22:09 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:08 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:08 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 22:08 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-15 02:37 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-15 01:59 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-15 01:59 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 23:46 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 23:46 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 23:46 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 23:46 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 23:46 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 23:46 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 23:46 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-22 07:22 915,456 a------- c:\windows\system32\wininet.dll
2009-07-22 07:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-22 07:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-22 05:43 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-12 05:02 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-12 05:02 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-12 05:02 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-12 04:59 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-01-24 06:07 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-24 06:07 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-12 18:07 174 a--sh--- c:\program files\desktop.ini
2008-12-12 17:54 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 22:10 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:10 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:10 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:10 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-11 12:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-11 12:48 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-11 12:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-06-30 02:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 7:35:55.15 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 07:39
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8FDAA000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x83A8C000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x83408000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x90F22000 Size: 294912 File Visible: - Signed: -
Status: -

Name: Apfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys
Address: 0x8FDCB000 Size: 163840 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0xABDC4000 Size: 36864 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x83BD8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x83BE0000 Size: 122880 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x83B1C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\Windows\system32\DRIVERS\bcm4sbxp.sys
Address: 0x8F3DB000 Size: 65536 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x90600000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80683000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x91140000 Size: 102400 File Visible: - Signed: -
Status: -

Name: BrSerIf.sys
Image Path: C:\Windows\System32\Drivers\BrSerIf.sys
Address: 0x9122A000 Size: 69632 File Visible: - Signed: -
Status: -

Name: BrUsbSer.sys
Image Path: C:\Windows\System32\Drivers\BrUsbSer.sys
Address: 0x91227000 Size: 11904 File Visible: - Signed: -
Status: -

Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x911FE000 Size: 40960 File Visible: - Signed: -
Status: -

Name: BthFilt.sys
Image Path: C:\Windows\system32\DRIVERS\BthFilt.sys
Address: 0xABDD6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x9124D000 Size: 106496 File Visible: - Signed: -
Status: -

Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0x90963000 Size: 237568 File Visible: - Signed: -
Status: -

Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0xABDDE000 Size: 49152 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x98B30000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xABDAE000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x84398000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x806CC000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x895CA000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8068B000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8435A000 Size: 14208 File Visible: - Signed: -
Status: -

Name: cmdguard.sys
Image Path: C:\Windows\System32\DRIVERS\cmdguard.sys
Address: 0x907CB000 Size: 139264 File Visible: - Signed: -
Status: -

Name: cmdhlp.sys
Image Path: C:\Windows\System32\DRIVERS\cmdhlp.sys
Address: 0x90877000 Size: 40960 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x83B19000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x91282000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x895EB000 Size: 36864 File Visible: - Signed: -
Status: -

Name: csc.sys
Image Path: C:\Windows\system32\drivers\csc.sys
Address: 0x908D1000 Size: 368640 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x9092B000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x895B9000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x9032E000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\Windows\system32\DRIVERS\dsunidrv.sys
Address: 0xABC54000 Size: 5376 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x9129A000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9128F000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x912A2000 Size: 69632 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x912B3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8FCAE000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8956E000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xABC5E000 Size: 163840 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807DE000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x807AC000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x907ED000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fvevol.sys
Image Path: C:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x89595000 Size: 147456 File Visible: - Signed: -
Status: -

Name: fw.sys
Image Path: C:\Windows\system32\DRIVERS\fw.sys
Address: 0x8FE0C000 Size: 2235488 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x842F1000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x843B0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x837C1000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8FD5A000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x9094B000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x903E2000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x90942000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x9070A000 Size: 737280 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x90607000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x90353000 Size: 249856 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x910B8000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8FDB8000 Size: 77824 File Visible: - Signed: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8F600000 Size: 7004160 File Visible: - Signed: -
Status: -

Name: inspect.sys
Image Path: C:\Windows\system32\DRIVERS\inspect.sys
Address: 0x90FB9000 Size: 86016 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x83B7F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x84342000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x84369000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8060A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: kl1.sys
Image Path: C:\Windows\system32\DRIVERS\kl1.sys
Address: 0x90A02000 Size: 5373952 File Visible: - Signed: -
Status: -

Name: klbg.sys
Image Path: C:\Windows\system32\drivers\klbg.sys
Address: 0x807EE000 Size: 45056 File Visible: - Signed: -
Status: -

Name: klif.sys
Image Path: C:\Windows\system32\DRIVERS\klif.sys
Address: 0x90390000 Size: 299008 File Visible: - Signed: -
Status: -

Name: klim6.sys
Image Path: C:\Windows\system32\DRIVERS\klim6.sys
Address: 0x90FB2000 Size: 28672 File Visible: - Signed: -
Status: -

Name: klmouflt.sys
Image Path: C:\Windows\system32\DRIVERS\klmouflt.sys
Address: 0x8FDF3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x843B7000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x84009000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x913AA000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x912CC000 Size: 110592 File Visible: - Signed: -
Status: -

Name: LVPr2Mon.sys
Image Path: C:\Windows\system32\DRIVERS\LVPr2Mon.sys
Address: 0xABDA9000 Size: 18944 File Visible: - Signed: -
Status: -

Name: LVUSBSta.sys
Image Path: C:\Windows\system32\drivers\LVUSBSta.sys
Address: 0x91211000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80612000 Size: 393216 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xABC56000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x907BE000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x912BD000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8435E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x9095B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x83BC8000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x91159000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrtRate.SYS
Image Path: C:\Windows\System32\Drivers\mrtRate.SYS
Address: 0xABC5A000 Size: 13504 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9116E000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9118E000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x911AD000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x911E6000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x9083F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x83ADB000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x90039000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x84185000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x901DE000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8955F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8407A000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x900BF000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x913E4000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x900CA000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x90242000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x90FCE000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x90F6A000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x841B0000 Size: 237568 File Visible: - Signed: -
Status: -

Name: NETw3v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw3v32.sys
Address: 0x8F200000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x9084A000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x90FEF000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8940F000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x83408000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x907F6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x913BA000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8F3EB000 Size: 61952 File Visible: - Signed: -
Status: -

Name: omdrv.sys
Image Path: C:\Windows\System32\drivers\omdrv.sys
Address: 0x9139E000 Size: 47232 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x90F9C000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x83B0A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x83AE3000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\DRIVERS\pciide.sys
Address: 0x83B94000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x83B86000 Size: 57344 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys
Address: 0x83B9B000 Size: 184320 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xABC86000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x83408000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x90301000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80672000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x80600000 Size: 35648 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x90858000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x900A8000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x900ED000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x900FC000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x90110000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x83408000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x90895000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x9082F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys
Address: 0x90143000 Size: 561152 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x90837000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0xABDEA000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x91267000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x91000000 Size: 77824 File Visible: - Signed: -
Status: -

Name: scmndisp.sys
Image Path: C:\Windows\system32\DRIVERS\scmndisp.sys
Address: 0x8430C000 Size: 36864 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xABD64000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8438E000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x84374000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x90881000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x89557000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x912EF000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xABC08000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x909D2000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x91123000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x90067000 Size: 266240 File Visible: - Signed: -
Status: -

Name: stwrt.sys
Image Path: C:\Windows\system32\drivers\stwrt.sys
Address: 0x9025E000 Size: 667648 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x901DC000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x84208000 Size: 954368 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xABD6E000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x9002E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x90861000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x901CC000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x98B10000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x84339000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8432E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x901E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x909B1000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x90FF9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8F3CC000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x9020E000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8FD6C000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0x909C8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\Windows\system32\DRIVERS\usbscan.sys
Address: 0x9121A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x9123B000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8F3C1000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x903E9000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x9080E000 Size: 135168 File Visible: - Signed: -
Status: -

Name: vnasc.sys
Image Path: C:\Windows\system32\DRIVERS\vnasc.sys
Address: 0x90125000 Size: 120864 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x83B26000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x83B35000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8951E000 Size: 233472 File Visible: - Signed: -
Status: -

Name: vpn.sys
Image Path: C:\Windows\System32\drivers\vpn.sys
Address: 0x91013000 Size: 673600 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x90FDC000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8FD4D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x83A03000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x83A7F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x988F0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x988F0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x84351000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x83AD2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x83408000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xABD97000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xABD82000 Size: 83328 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xABD7A000 Size: 32768 File Visible: - Signed: -
Status: -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:47, on 03/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\QUICKENW\qagent.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Wclock\wclock.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\mrtMngr.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE
C:\PROGRAM FILES\NETGEAR\WG111V2\WG111V2.EXE
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BtHidUi] C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe" "ZyXEL\ZyXEL USB ADSL"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Wclock] C:\Program Files\Wclock\Wclock.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic..../multidownx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10482 bytes

----------------------------------------------------

Thanks for taking the time to help - it is really appreciated!

Regards,
Karen

Attached Files


Edited by kaz101, 03 October 2009 - 05:42 PM.

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 05 October 2009 - 08:50 PM

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 06 October 2009 - 12:37 AM

I saved combofix to my desktop (disabled anti virus and anti spyware) and ran it. It seemed to say that it deleted a file and I had to restart my laptop since everything vanished from the desktop - I'm not sure if I did something wrong since I didn't get any prompts other than to run it (after a disclaimer). There wasn't an option for a report for example. I restarted my laptop and I have a new auto start program detected - I've said yes to it hoping that it's something to do with Combofix and I can't see anything out of place in Winpatrol start up. I've found the Combo report file but it doesn't seem to be text (it seems to be folders of my system) and I can't upload it either since it says I don't have permission and I have admin rights. Any suggestions to what I should do now or what I've done wrong? Regards, Karen

#4 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 06 October 2009 - 12:53 AM

The connections from the Chinese websites are still appearing so whatever Combofix deleted (it was a .tmp file) doesn't seem to have made a difference. Regards, Karen

#5 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 October 2009 - 03:14 AM

Hi, Go to C:\Combofix and see if you can locate a Combofic.txt = should be able to open it with notepad

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#6 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 06 October 2009 - 07:20 AM

I wish I could do a screen print of what my directories look like now but I can't get Jing to work even though I've put it as a trusted application in both Windows firewall and Comodo. Here is what my directories now look like from Windows explorer for Combofix.... Computer -> OS (C:) -> Combofix directory - so far so good Click on Combofix directory -> OS (C:) / D: / E: / F Click on OS (C:) -> Combofix directory Click on Combofix directory -> OS (C:) / D: / E: / F And this keeps on repeating. All the directories are saying that they have been replicated and when I look inside the folders I can see the files. So I'm very confused whether Combofix has really replicated these directories or not! At no time do I actually see a file combofix.txt. I did a search and left it running for about 30 minutes and it didn't find combofix.txt but the search didn't finish. I did a search on combofix (without a file prefix) and it found over 46 entries of Combofix all with the same time and date on them (when I ran the combofix program today). Are those other directories real or is it somehow pointing to itself? Any suggestions what to do now? Regards, Karen

#7 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 October 2009 - 08:35 AM

Hi, It appears that the Combofix run was interfered with in someway. I don't believe those directories have been replicated. Delete the copy you have from your desktop and download a fresh copy. Make certain your security programs are disabled, then run it again. Allow it to run to completion. It will generate a log. If it appears to be hung, give it at least 30 minutes to complete, then look in taskmanager for any processes such as Pev, cfxxx, sed and end task on them...cf should then complete. Post the resulting log

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#8 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 06 October 2009 - 07:17 PM

Okay I did it again this time with all anti virus and firewalls switched off and not just disabled and I have a log!

------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-10-06.03 - Karen 07/10/2009 11:13.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2038.1325 [GMT 10.5:30]
Running from: c:\users\Karen\Desktop\ComboFix.exe
SP: SpywareBot *disabled* (Updated) {02EC97B4-CA62-456B-817F-536582F038EB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1663819663-2835008902-2856250938-500
c:\$recycle.bin\S-1-5-21-312049137-879986074-1763654025-500
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\~GLHTTP1.TMP

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 00:51 . 2009-10-07 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-06 12:21 . 2009-10-06 12:21 -------- d-----w- c:\users\Karen\AppData\Local\TechSmith
2009-10-06 12:20 . 2009-10-06 12:20 -------- d-----w- c:\program files\TechSmith
2009-10-06 06:18 . 2009-10-07 00:58 -------- d-----w- c:\users\Karen\AppData\Local\temp
2009-10-04 22:41 . 2009-10-06 23:17 -------- d-----w- c:\users\Karen\AppData\Roaming\gtk-2.0
2009-10-04 22:41 . 2009-10-04 22:41 -------- d-----w- c:\users\Karen\.thumbnails
2009-10-04 22:38 . 2009-10-06 23:52 -------- d-----w- c:\users\Karen\.gimp-2.6
2009-10-04 22:37 . 2009-10-04 22:37 -------- d-----w- c:\program files\GIMP-2.0
2009-10-04 01:16 . 2009-10-04 01:16 -------- d-----w- c:\program files\FileZilla Server
2009-10-03 19:58 . 2009-10-03 19:58 -------- d-----w- c:\users\Karen\AppData\Roaming\Malwarebytes
2009-10-03 19:58 . 2009-09-10 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 19:58 . 2009-10-03 19:58 -------- d-----w- c:\programdata\Malwarebytes
2009-10-03 19:57 . 2009-10-03 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 19:57 . 2009-09-10 04:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 07:59 . 2009-10-03 07:59 -------- d-----w- c:\users\Karen\AppData\Roaming\Artisteer
2009-10-03 07:56 . 2009-10-03 07:56 -------- d-----w- c:\program files\Artisteer 2
2009-10-03 07:51 . 2009-09-30 23:59 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 22:20 . 2009-10-02 22:20 -------- d-----w- c:\program files\Trend Micro
2009-10-02 21:53 . 2009-10-02 21:53 -------- d-----w- c:\program files\ERUNT
2009-10-01 20:55 . 2009-10-01 20:55 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-01 20:36 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-01 19:57 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-01 19:57 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-01 19:57 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-01 19:57 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-01 19:57 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-01 19:57 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-01 19:57 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-01 19:57 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-01 17:41 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-10-01 17:41 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-01 17:41 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-01 17:41 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-10-01 17:41 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-10-01 17:41 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-10-01 17:41 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-01 17:31 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-10-01 17:31 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-10-01 17:31 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-01 17:31 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-10-01 17:30 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-10-01 11:58 . 2005-07-25 02:29 28672 ----a-w- c:\users\Karen\AppData\Roaming\Mozilla\Sunbird\Profiles\t36knhx9.default\extensions\{31513E58-F253-47ad-86DB-D5F21E901234}\components\mintray-9178506d-2005072516-trunk.dll
2009-10-01 11:21 . 2009-10-01 11:21 -------- d-----w- c:\users\Karen\AppData\Local\MochaSoft
2009-10-01 11:20 . 2009-10-01 11:20 -------- d-----w- c:\program files\MochaSoft
2009-10-01 05:32 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-01 05:32 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-01 05:18 . 2009-10-01 05:18 -------- d-----w- c:\users\Karen\AppData\Roaming\Wclock
2009-10-01 05:18 . 2009-10-01 05:18 -------- d-----w- c:\program files\Wclock
2009-10-01 04:59 . 2009-10-01 04:59 -------- d-----w- C:\MYOBODBC
2009-10-01 04:55 . 2009-10-01 08:11 -------- d-----w- C:\Premier11
2009-10-01 04:55 . 2009-10-01 04:55 -------- d-----w- c:\program files\MYOB
2009-10-01 04:25 . 2009-10-01 04:29 -------- d-----w- c:\users\Karen\BACKUPS
2009-09-24 06:01 . 2009-09-24 06:01 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-24 05:43 . 2009-09-24 05:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 05:16 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-24 05:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-24 05:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-24 05:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-24 05:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-24 05:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-24 05:15 . 2009-09-24 05:15 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-24 05:12 . 2009-09-24 05:25 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-24 05:12 . 2009-09-24 05:25 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-24 04:44 . 2009-09-24 04:49 -------- d-----w- c:\program files\VS Revo Group
2009-09-23 13:45 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-23 13:05 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-23 13:05 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-23 13:05 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-23 13:05 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-23 13:05 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-23 13:05 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-23 13:05 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-09-23 13:05 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-09-23 13:05 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-23 13:05 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-23 11:54 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-23 11:54 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-23 11:54 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-23 11:54 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-23 11:53 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-23 11:53 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-23 11:53 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-09-23 11:44 . 2008-01-29 06:45 2516 ----a-w- c:\windows\system32\drivers\default.bin
2009-09-23 11:44 . 2008-01-29 06:45 2516 ----a-w- c:\windows\system32\default.bin
2009-09-23 11:41 . 2009-09-23 11:44 -------- d-----w- c:\program files\CheckPoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 00:53 . 2007-06-29 09:06 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-07 00:40 . 2007-07-04 16:18 -------- d-----w- c:\users\Karen\AppData\Roaming\Skype
2009-10-06 21:38 . 2009-01-23 20:37 -------- d-----w- c:\users\Karen\AppData\Roaming\skypePM
2009-10-06 19:17 . 2007-07-05 06:50 -------- d-----w- c:\programdata\Kaspersky Lab
2009-10-02 00:05 . 2007-07-03 17:34 99944 ----a-w- c:\users\Karen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-01 20:34 . 2007-06-29 09:27 -------- d-----w- c:\programdata\Microsoft Help
2009-10-01 20:30 . 2007-06-29 09:30 -------- d-----w- c:\program files\Microsoft Works
2009-10-01 18:06 . 2007-09-16 08:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 17:51 . 2007-06-29 09:32 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-01 11:49 . 2007-07-05 06:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-01 11:46 . 2007-09-16 08:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-01 05:02 . 2007-06-29 09:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 06:05 . 2008-02-11 00:43 -------- d-----w- c:\programdata\comodo
2009-09-24 06:01 . 2008-12-06 06:26 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-24 06:01 . 2008-12-06 06:26 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-24 06:01 . 2008-12-06 06:26 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-24 05:42 . 2007-06-29 09:17 -------- d-----w- c:\program files\Java
2009-09-24 05:11 . 2007-07-05 06:50 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-24 05:09 . 2008-12-06 05:45 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-23 20:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 17:07 . 2009-09-24 05:18 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-24 05:18 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-24 05:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-24 05:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-24 05:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-24 05:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-24 05:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-24 05:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-24 05:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-24 05:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-03 05:37 . 2009-08-03 05:37 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 05:37 . 2009-08-03 05:37 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 05:37 . 2009-08-03 05:37 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-10-01 20:38 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-10-01 20:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-10-01 20:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-10-01 20:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 19:32 . 2009-09-24 05:18 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-24 05:18 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-24 05:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-24 05:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2007-06-29 16:57 . 2007-06-29 16:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Wclock"="c:\program files\Wclock\Wclock.exe" [2009-04-24 58880]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-01 160592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2009-06-30 2893064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-20 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280]
"BtHidUi"="c:\program files\CSR\Vista Profile Pack\BtHidUi.exe" [2006-11-15 1298432]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"CnxDslTaskBar"="c:\program files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe" [2005-01-26 233472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"QAGENT"="c:\quickenw\QAGENT.EXE" [2001-05-24 94208]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-06 1797880]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{18316F89-D251-49C8-B03C-764DF71D15BA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{45348DBC-6938-46DC-B12D-FDE605D7671E}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{A289957E-5274-43EE-9F8D-5EDC72DBEEE4}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{41D77ECB-E706-43D3-AEB8-808AD577F607}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F4321F0A-8978-4756-A0EA-2A3E1E924EA9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7F5CBF42-396E-4B68-84B0-B1370A504CE2}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{91A177BC-28D1-4E74-B417-5504A5798D32}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DAB790F-BB6C-418B-99BD-522263D30B4F}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{66AC520C-8B8E-467B-85AE-5C8244186973}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2B2855BA-FE03-4C2C-8018-43C949A67A9B}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1358A11E-35EE-49EE-AD38-5A0BD8226CD5}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{06DC3D79-605D-4894-BADD-2A3AFDE67416}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{18A4F58D-056E-4862-B92F-658AF72AF518}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{15C69B64-B53C-476B-8FC3-5A644201FF73}"= c:\program files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:VPN-1 SecuRemote/SecureClient service
"{48685F1D-93C4-4A4F-A20F-59E96E922414}"= c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:VPN-1 SecuRemote/SecureClient application
"{A090A12A-D19C-4155-89AD-33A5677D2844}"= c:\program files\CheckPoint\SecuRemote\bin\SCC.EXE:VPN-1 SecuRemote/SecureClient command line
"{223629AF-DC5B-4D71-945E-9F3742CC0CE9}"= c:\program files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE:VPN-1 SecuRemote/SecureClient diagnostics
"{6AE6284A-07FF-4A82-812E-3DAC7CA47E29}"= UDP:c:\program files\TechSmith\Jing\Jing.exe:Jing.exe
"{8BD7CC29-97DE-4C83-AF02-0F324ED43C17}"= TCP:c:\program files\TechSmith\Jing\Jing.exe:Jing.exe

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 21:41 33808]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [10/07/2008 19:01 21728]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [06/12/2008 16:56 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [06/12/2008 16:56 29520]
R1 FW1;SecuRemote Miniport;c:\windows\System32\drivers\fw.sys [29/01/2008 17:15 2235760]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 19:50 21008]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 17:50 30312]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [08/11/2006 02:56 127488]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\System32\drivers\omdrv.sys [29/01/2008 17:15 47504]
R2 mrtRate;mrtRate;c:\windows\System32\drivers\MrtRate.sys [07/07/2007 15:31 34712]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [10/07/2008 19:01 180224]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\System32\drivers\vnasc.sys [29/01/2008 17:15 121136]
R2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [29/01/2008 17:15 673872]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\System32\drivers\BthFilt.sys [30/06/2007 03:25 13824]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 21:59 19472]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\System32\drivers\CnxEtP.sys [06/07/2007 00:18 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\System32\drivers\CnxEtU.sys [06/07/2007 00:18 614272]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\System32\drivers\CnxTgNW.sys [06/07/2007 00:17 53248]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [10/07/2008 19:01 288768]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\System32\drivers\usbbc.sys [05/07/2007 01:22 15576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{61C6B02D-6FAA-4F3F-A339-E1772E821E83}.job
- c:\windows\system32\msfeedssync.exe [2009-10-01 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\fj4yi24a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HDMI - c:\windows\system32\igxpun.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 11:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Karen\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\System32\audiodg.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
.
**************************************************************************
.
Completion time: 2009-10-07 11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 01:03

Pre-Run: 59,178,192,896 bytes free
Post-Run: 58,646,413,312 bytes free

300 --- E O F --- 2009-10-05 23:03

#9 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 October 2009 - 07:46 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#10 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 02:40 AM

MalwareBytes AntiMalware ran okay and didn't find anything (and I did do the update).

The log:

Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 6.0.6001 Service Pack 1

07/10/2009 18:30:51
mbam-log-2009-10-07 (18-30-51).txt

Scan type: Quick Scan
Objects scanned: 90994
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------

I have a problem when trying to run ESET

I have Windows Defender turned off, Kaspersky anti-virus disabled and Comodo disabled and shut down but I can't get ESET to update the database.

I get error message "Can not get update. Is proxy configured?".


I've checked their help and FAQ and can't see what the issue is.

It says other antivirus software detected - Comodo Internet Security and Windows Defender but they are both turned off.

I even tried using FF after trying IE8 in case that would make any difference but it didn't.

How do I get this to work?

I seriously appreciate your patience with this since I'm losing mine so I wouldn't be surprised if you were losing yours too :pullhair:

Regards,
Karen

    Advertisements

Register to Remove


#11 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 02:52 AM

I'm still getting connections to the internet but they are varying.... Wireless USB devices, IP addresses 0.0.0.0 etc. They come in spurts... I tend to click in the application to see where it's from on my PC and it always says not found so I don't allow it. No Chinese ones at the moment but they don't always appear.... Regards, Karen

#12 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 02:56 AM

Good news - I rebooted the PC, turned all anti virus off again and re-tried and the database update is working.....

#13 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 01:17 PM

I didn't realise it would take sooo long to run.... Log.txt is strange since it doesn't say much.... ------------------------------------------------------------------------ ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=41217 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=41217 ----------------------------------------------------- However it did find 4 threats - this is the exported file of the scan results --------------------------------------------------------------------------- C:\Users\Karen\AppData\Roaming\Mozilla\Profiles\New default\8k2300n6.slt\Mail\kljltd.com\Inbox multiple threats C:\Users\Karen\AppData\Roaming\Mozilla\Profiles\New default\8k2300n6.slt\Mail\kljltd.com\Junk multiple threats C:\Users\Karen\AppData\Roaming\Mozilla\Profiles\New default\8k2300n6.slt\Mail\pop.demon.co.uk\Inbox multiple threats C:\Users\Karen\AppData\Roaming\Mozilla\Profiles\New default\8k2300n6.slt\Mail\pop.demon.co.uk\Junk Win32/TrojanDownloader.Small.ZL trojan ----------------------------------------------------------------------------------------------------------------------------------------------------------- I'm actually glad it found something since nothing else had appeared to. How do I get rid of it? Regards, Karen

#14 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 01:34 PM

I checked those files and the date modified was over 4 years ago. I use Thunderbird now and those aren't even Thunderbird files. Regards, Karen

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 October 2009 - 02:28 PM

Hi,

I would delete those emails anyway, just to be on the safe side. They are in the inbox and the junk mail,

just empty them, then empty your recycle bin.

Run the following tool also:

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

Please run a fresh DDS and ATTACH.txt and advise how your computer is running now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users