Jump to content

Recommended Posts

Hello,
please help,
this is my hubbys pc, and I just installed a firewall, and spotted it  blocks a lot of incoming connections when actually no programs that run on background. Plus this is newly freshly installed windows. Please help! A tons of connections from Russian and Ukrainian IPs and I dunno what these folks are doing on this pc, they are not supposed to do that :unsure:
 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by qwerty at 19:51:39 on 2014-03-07

Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3327.2616 [GMT 2:00]

.

FW: Look 'n' Stop 2.07 (Soft4Ever) *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Soft4Ever\looknstop\looknstop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

D:\Documents and Settings\www\Desktop\Zet 9\zet.exe

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.



BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [HDD Regenerator] c:\program files\hdd regenerator\HDD Regenerator.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Look 'n' Stop] "c:\program files\soft4ever\looknstop\looknstop.exe" -auto

StartupFolder: c:\docume~1\qwerty\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Экспорт в Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Добавить к существующему PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Добавить содержимое по ссылке в существующий файл PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Преобразовать в Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Преобразовать содержимое по ссылке в PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\qwerty\application data\mozilla\firefox\profiles\i8vstmyo.default\

FF - prefs.js: browser.startup.homepage - google.lv

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-5-9 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-5-9 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-5-9 13616]

R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [2012-5-9 100736]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-2-4 243128]

R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2014-3-7 82176]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-1-31 1399680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]

S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2014-1-31 3567]

S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2014-2-6 1076968]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2014-2-7 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

.

=============== Created Last 30 ================

.

2014-03-07 14:58:07 -------- d-----w- c:\documents and settings\qwerty\application data\Malwarebytes

2014-03-07 14:57:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2014-03-07 14:57:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-07 14:57:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-03-07 11:16:50 -------- d-----w- c:\documents and settings\qwerty\application data\NVIDIA

2014-03-07 11:14:41 -------- d-----w- c:\documents and settings\qwerty\local settings\application data\looknstop

2014-03-07 11:12:37 82176 ----a-w- c:\windows\system32\drivers\lnsfw1.sys

2014-03-07 11:12:37 59488 ----a-w- c:\windows\system32\drivers\lnsfw.sys

2014-03-07 11:12:37 36352 ----a-w- c:\windows\system32\fwapi.dll

2014-03-07 11:12:25 -------- d-----w- c:\program files\Soft4Ever

2014-03-07 11:06:08 -------- d-----w- c:\documents and settings\all users\application data\ALM

2014-03-01 19:32:12 -------- d-----w- c:\program files\THQ

2014-03-01 19:32:03 327168 ----a-w- c:\windows\IsUn0419.exe

2014-02-18 13:16:17 -------- d-----w- c:\program files\Classic Menu for Office

2014-02-18 12:29:17 -------- d-----w- c:\documents and settings\qwerty\local settings\application data\Skype

2014-02-18 12:29:05 -------- d-----r- c:\program files\Skype

2014-02-15 11:00:37 -------- d-----w- c:\documents and settings\qwerty\application data\ACD Systems

2014-02-15 10:53:13 -------- d-----w- c:\program files\common files\ACD Systems

2014-02-15 10:53:13 -------- d-----w- c:\program files\ACD Systems

2014-02-15 10:53:13 -------- d-----w- c:\documents and settings\all users\application data\ACD Systems

2014-02-15 10:51:58 -------- d-----w- c:\windows\Downloaded Installations

2014-02-12 06:24:51 -------- d-----w- c:\documents and settings\qwerty\application data\Foxit Software

2014-02-12 06:24:50 -------- d-----w- c:\program files\Foxit Software

2014-02-12 04:03:25 -------- d-----w- c:\windows\system32\LogFiles

2014-02-06 23:05:53 -------- d-----w- c:\program files\HDD Regenerator

2014-02-06 23:05:37 -------- d-----w- c:\documents and settings\qwerty\local settings\application data\Downloaded Installations

2014-02-06 22:48:05 -------- d-----w- c:\program files\Optimizer Pro

2014-02-06 22:46:20 -------- d-----w- c:\program files\Unlocker

2014-02-06 17:50:38 -------- d-----w- c:\windows\system32\appmgmt

2014-02-06 17:00:06 1076968 ----a-w- c:\windows\system32\rtl8192cu.sys

2014-02-06 17:00:06 1076968 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys

.

==================== Find3M ====================

.

2014-02-15 10:47:01 2828 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2014-02-15 10:46:49 88 --sh--r- c:\documents and settings\all users\application data\D420A8E9E1.sys

2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll

2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll

2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll

2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec

2014-02-05 06:55:36 1135320 ----a-w- c:\windows\system32\nvdrsdb1.bin

2014-02-05 06:55:36 1 ----a-w- c:\windows\system32\nvdrssel.bin

2014-02-05 06:55:34 1135320 ----a-w- c:\windows\system32\nvdrsdb0.bin

2014-02-04 20:23:32 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2014-01-31 20:21:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-31 20:21:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-12-19 20:17:40 9682944 ----a-w- c:\windows\system32\nvcuda.dll

2013-12-19 20:17:40 9637888 ----a-w- c:\windows\system32\nvopencl.dll

2013-12-19 20:17:40 893728 ----a-w- c:\windows\system32\nvdispgenco3233221.dll

2013-12-19 20:17:40 57344 ----a-w- c:\windows\system32\OpenCL.dll

2013-12-19 20:17:40 4085504 ----a-w- c:\windows\system32\nv4_disp.dll

2013-12-19 20:17:40 2952992 ----a-w- c:\windows\system32\nvcuvid.dll

2013-12-19 20:17:40 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-12-19 20:17:40 2635264 ----a-w- c:\windows\system32\nvapi.dll

2013-12-19 20:17:40 22188032 ----a-w- c:\windows\system32\nvoglnt.dll

2013-12-19 20:17:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll

2013-12-19 20:17:40 12708160 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2013-12-19 20:17:40 1049888 ----a-w- c:\windows\system32\nvdispco3233221.dll

2013-12-19 18:17:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2013-12-19 18:17:25 15708448 ----a-w- c:\windows\system32\nvcpl.dll

2013-12-19 18:17:25 156960 ----a-w- c:\windows\system32\nvsvc32.exe

2013-12-19 18:17:24 376096 ----a-w- c:\windows\system32\nvmctray.dll

2013-12-19 18:17:24 144160 ----a-w- c:\windows\system32\nvcolor.exe

.

============= FINISH: 19:51:58,23 ===============


 
 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2014.01.31. 7:49:31

System Uptime: 2014.03.07. 19:20:15 (0 hours ago)

.

Motherboard: ECS | | MCP61M-M3

Processor: AMD Phenom II X4 840 Processor | CPU 1 | 3214/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 225,434 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 171,494 GiB free.

E: is CDROM (CDFS)

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 2014.01.31. 8:05:59 - System Checkpoint

RP2: 2014.01.31. 8:08:24 - Update to an unsigned driver

RP3: 2014.01.31. 8:13:54 - Installed TP-LINK Wireless Configuration Utility and Driver

RP4: 2014.01.31. 8:14:52 - Installed TP-LINK Wireless Configuration Utility and Driver

RP5: 2014.01.31. 13:00:26 - Software Distribution Service 3.0

RP6: 2014.01.31. 3:38:50 - System Checkpoint

RP7: 2014.01.31. 13:26:39 - Installed Microsoft Visual C++ 2005 Redistributable

RP8: 2014.01.31. 13:26:53 - Installed Look 'n' Stop Installer

RP9: 2014.01.31. 22:14:18 - Installed Platform

RP10: 2014.02.01. 10:01:50 - Installed Microsoft Office Enterprise 2007

RP11: 2014.02.01. 10:05:21 - Printer Driver Send To Microsoft OneNote Driver Installed

RP12: 2014.02.01. 10:08:20 - Printer Driver Send To Microsoft OneNote Driver Installed

RP13: 2014.02.01. 10:31:42 - Installed Windows KB954550-v5.

RP14: 2014.02.01. 10:31:46 - Printer Driver Microsoft XPS Document Writer Installed

RP15: 2014.02.01. 10:31:50 - Printer Driver Microsoft XPS Document Writer Installed

RP16: 2014.02.01. 20:17:47 - Software Distribution Service 3.0

RP17: 2014.02.02. 10:58:56 - Software Distribution Service 3.0

RP18: 2014.02.03. 18:36:09 - System Checkpoint

RP19: 2014.02.05. 8:11:51 - Software Distribution Service 3.0

RP20: 2014.02.06. 17:53:51 - Software Distribution Service 3.0

RP21: 2014.02.06. 18:45:28 - Removed TP-LINK Wireless Configuration Utility and Driver

RP22: 2014.02.06. 19:00:06 - Installed TP-LINK Wireless Configuration Utility and Driver

RP23: 2014.02.06. 19:48:43 - Removed Adobe Acrobat X Pro - English, Russian.

RP24: 2014.02.06. 19:51:47 - Removed Adobe Community Help

RP25: 2014.02.06. 19:51:57 - Removed Adobe Content Viewer

RP26: 2014.02.06. 19:59:34 - Removed Microsoft Visual Studio Tools for Applications 2.0 - ENU

RP27: 2014.02.07. 1:05:52 - Installed HDD Regenerator.

RP28: 2014.02.07. 1:16:38 - Removed HDD Regenerator.

RP29: 2014.02.07. 1:17:55 - Installed HDD Regenerator.

RP30: 2014.02.07. 11:45:50 - Removed HDD Regenerator.

RP31: 2014.02.09. 1:09:34 - System Checkpoint

RP32: 2014.02.10. 1:40:06 - System Checkpoint

RP33: 2014.02.11. 2:07:26 - System Checkpoint

RP34: 2014.02.12. 3:07:26 - System Checkpoint

RP35: 2014.02.12. 8:25:27 - Printer Driver Foxit Reader PDF Printer Driver Installed

RP36: 2014.02.13. 3:00:20 - Software Distribution Service 3.0

RP37: 2014.02.14. 16:02:40 - System Checkpoint

RP38: 2014.02.15. 12:53:09 - Installed ACDSee 5.0 PowerPack

RP39: 2014.02.16. 18:48:52 - System Checkpoint

RP40: 2014.02.17. 18:58:55 - System Checkpoint

RP41: 2014.02.18. 16:03:26 - Installed Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish.

RP42: 2014.02.19. 17:02:30 - System Checkpoint

RP43: 2014.02.20. 18:02:30 - System Checkpoint

RP44: 2014.02.21. 19:20:08 - System Checkpoint

RP45: 2014.02.22. 19:33:50 - System Checkpoint

RP46: 2014.02.23. 21:31:29 - System Checkpoint

RP47: 2014.02.24. 21:49:36 - System Checkpoint

RP48: 2014.02.25. 23:27:14 - System Checkpoint

RP49: 2014.02.27. 0:14:47 - System Checkpoint

RP50: 2014.02.28. 16:29:56 - System Checkpoint

RP51: 2014.03.02. 15:04:30 - System Checkpoint

RP52: 2014.03.03. 23:15:08 - System Checkpoint

RP53: 2014.03.05. 1:21:47 - System Checkpoint

RP54: 2014.03.06. 9:23:40 - System Checkpoint

RP55: 2014.03.07. 9:44:56 - System Checkpoint

RP56: 2014.03.07. 13:12:08 - Installed Microsoft Visual C++ 2005 Redistributable

RP57: 2014.03.07. 13:12:24 - Installed Look 'n' Stop Installer

RP58: 2014.03.07. 19:43:47 - Configured Microsoft Office Enterprise 2007

.

==== Installed Programs ======================

.

Губка Боб

µTorrent

2007 Microsoft Office Suite Service Pack 3 (SP3)

ACDSee 5.0 PowerPack

Adobe Acrobat X Pro - English, Russian

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5.5 Design Premium

Adobe Flash Player 12 Plugin

Adobe Photoshop CS5

Classic Menu for Office 2007 v5.00

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang RU

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - RU

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW Graphics Suite X6

CorelDRAW Graphics Suite X6 - Capture

CorelDRAW Graphics Suite X6 - Common

CorelDRAW Graphics Suite X6 - Connect

CorelDRAW Graphics Suite X6 - Custom Data

CorelDRAW Graphics Suite X6 - Draw

CorelDRAW Graphics Suite X6 - EN

CorelDRAW Graphics Suite X6 - Filters

CorelDRAW Graphics Suite X6 - FontNav

CorelDRAW Graphics Suite X6 - IPM

CorelDRAW Graphics Suite X6 - PHOTO-PAINT

CorelDRAW Graphics Suite X6 - Photozoom Plugin

CorelDRAW Graphics Suite X6 - Redist

CorelDRAW Graphics Suite X6 - RU

CorelDRAW Graphics Suite X6 - Setup Files

CorelDRAW Graphics Suite X6 - VBA

CorelDRAW Graphics Suite X6 - VideoBrowser

CorelDRAW Graphics Suite X6 - VSTA

CorelDRAW Graphics Suite X6 - Writing Tools

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X5

DAEMON Tools Lite

Foxit Reader

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Inkscape 0.48.4

K-Lite Codec Pack 10.2.0 Full

Look 'n' Stop 2.07

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (Russian) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel 2007 Help Iaiiaeaiea (KB963678)

Microsoft Office Excel MUI (Russian) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Russian) 2007

Microsoft Office InfoPath MUI (Russian) 2007

Microsoft Office OneNote MUI (Russian) 2007

Microsoft Office Outlook 2007 Help Iaiiaeaiea (KB963677)

Microsoft Office Outlook MUI (Russian) 2007

Microsoft Office Powerpoint 2007 Help Iaiiaeaiea (KB963669)

Microsoft Office PowerPoint MUI (Russian) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Russian) 2007

Microsoft Office Proof (Ukrainian) 2007

Microsoft Office Proofing (Russian) 2007

Microsoft Office Publisher MUI (Russian) 2007

Microsoft Office Shared MUI (Russian) 2007

Microsoft Office Word 2007 Help Iaiiaeaiea (KB963665)

Microsoft Office Word MUI (Russian) 2007

Microsoft Software Update for Web Folders (Russian) 12

Microsoft Visual Basic for Applications 7.1 (x86)

Microsoft Visual Basic for Applications 7.1 (x86) English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 6.0 Parser

NVIDIA Control Panel 332.21

NVIDIA Drivers

NVIDIA Graphics Driver 332.21

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA nView 140.75

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.0725

PDF Settings CS5

Platform

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB2909210)

Security Update for Windows Internet Explorer 8 (KB2909921)

Security Update for Windows Media Player (KB2803821-v2)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB2916036)

Skype™ 6.13

TP-LINK TL-WN723N Driver

Unlocker 1.9.2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Windows XP (KB2749655)

Update for Windows XP (KB2904266)

VIA Platform Device Manager

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

WebFldrs XP

WinRAR 4.20 (32-разрядная)

.

==== Event Viewer Messages From Past Week ========

.

2014.03.07. 17:06:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2014.03.07. 17:06:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvlegacy

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hello pzz

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Hello gringo! Thanks! I did everything, looks like it haven't found much! Before posting on this forum, I scanned pc with mbam, an got here because after mbam found and removed some trojans, firewall still got a  lot of connection  from unknown IPs and it looked like somebody was running proxyserver on this pc. But today, it has none, log is clear. How do you think, maybe this is it and nothing to look for? :blush:

 

# AdwCleaner v3.021 - Report created 11/03/2014 at 14:47:31
# Updated 10/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : qwerty - 67890-B1B4DCEF7
# Running from : C:\Documents and Settings\qwerty\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Optimizer Pro
File Deleted : C:\Documents and Settings\qwerty\Application Data\Mozilla\Firefox\Profiles\i8vstmyo.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\qwerty\Application Data\Mozilla\Firefox\Profiles\i8vstmyo.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1411 octets] - [11/03/2014 14:41:28]
AdwCleaner[s0].txt - [1350 octets] - [11/03/2014 14:47:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1410 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by qwerty on 2014.03.11. at 14:51:43,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014.03.11. at 14:54:26,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello pzz

We will not know until we do some other testing.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.