Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan or hack??


  • Please log in to reply
5 replies to this topic

#1 indikid

indikid

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 04 March 2014 - 03:01 AM

Hi all,

 

My laptop has been behaving funny for the last few days. I had lent the machine to a friend as he had to do some Autocad work (he istalled the software and worked on it - mostly might be pirated.) When I got my pc back the software was still there, I ignored it and used the system for my normal emailing and catching up on my TV series... Everything seemed fine.. A day after that I noticed my net connection had slowed down drastically, I have a 4 MB connection but it seemed to behave like a below 256kbps connection..! I use a wireless modem... Checked with my service provider and everything seemed fine at their end, checked the router and everything seems to be fine there too... I turned off all my other programs (DAP, Windows Update, itunes, Skype and teamviewer) and opened firefox alone and still couldn't surf properly... Checked the internet connection and everything seemed ok except for one strange behaviour.

 

My 'Wireless Network Connection Status' window showed the amount of packets sent and recieved were high - like it should normally be when i watch my TV serials... I disabled the adaptor and enabled it again.. as soon as the adaptor is enabled I start to recieve a huge amount of packets... reaching around 20,000,000 odd bytes in a minute... this jus keeps increasing... sent shows around 100000 odd bytes or so in a few minutes... It now takes a long time for me to open webpages or download stuff... I downloaded and installed zonealarm firewall, but this still had no effect...

 

Any idea what i'm dealing with here? I can't watch videos now and webpages load completely only after 4 or 5 refreshes... Googled the problem but not much help there.... Need you help to get my system back in shape... I'm running windows 7 home basic on a Acer laptop with a Nvidia gforce graphics card (1GB)...

 

Thanks!

 

cheers - inidkid



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:11 PM

Posted 04 March 2014 - 06:28 AM

Hello -
Please start by reading a few of these tutorials -
First - Tracing a Hacker =>
http://www.bleepingcomputer.com/tutorials/tracing-a-hacker/
This is a very important section. - - Using TCPView in Windows to see who is connected to your computer
Next - Have I been Hacked =>
http://www.bleepingcomputer.com/tutorials/have-i-been-hacked/

Leave Skype and teamviewer both turned off and run a few programs for me -

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
 Click Go and Copy and Paste the result (Result.txt).



#3 indikid

indikid
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 04 March 2014 - 12:14 PM

Thanks Noknojon for the quick response. I forgot to mention this in my first query, once i noticed my laptop behaving funny I did a system restore to a previous point before autocad was installed... After the restore restared the sys I got a message saying that some stuff could not be restored... Anways, I've done as you asked to... Ran the two programs, here are the logs:

 

 

======== Security Check by Screen317 ==============

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Duplicate Cleaner Free 3.1.5  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast setup instup.exe
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

=========== Mini Tool Box ==========

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by The Boys! (administrator) on 04-03-2014 at 22:30:40
Running from "C:\Users\The Boys!\Desktop"
Microsoft Windows 7 Home Basic  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: socks=76.25.29.199:23089

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "https://mediahint.com/default.pac"
"network.proxy.type", 2

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Broadcom 802.11n Network Adapter = Wireless Network Connection (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 6 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?#G subinterface=ethernet_13 mtu=1477
set subinterface interface=?#G subinterface=ethernet_14 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : indikid-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-D6-C4-FF-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 64-27-37-4D-20-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-53-00-54
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C2FDCFE4-3990-459D-AB31-E8BF9266DAE1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{517712D9-4623-4DB9-A313-EEECB8311AB7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D6C4FFB4-2411-4DDB-9168-F2D355A6ADC5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 25...00 ff d6 c4 ff b4 ......TAP-Win32 Adapter V9
 12...64 27 37 4d 20 a8 ......Broadcom 802.11n Network Adapter
 11...dc 0e a1 53 00 54 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/04/2014 06:34:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 11:47:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 11:46:00 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0xc0000022.

Error: (03/03/2014 10:40:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 08:37:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 07:55:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9417531

Error: (03/03/2014 07:55:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9417531

Error: (03/03/2014 07:55:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/03/2014 05:18:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19937

Error: (03/03/2014 05:18:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19937


System errors:
=============
Error: (03/04/2014 06:36:05 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/04/2014 06:36:05 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/04/2014 06:34:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hola_net

Error: (03/04/2014 00:48:17 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (03/04/2014 00:01:22 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/03/2014 11:53:44 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
%%1053

Error: (03/03/2014 11:53:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

Error: (03/03/2014 11:53:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/03/2014 11:48:44 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/03/2014 11:48:44 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
7 Sticky Notes
7-Zip 9.20
Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.5.2904.00)
Acer ePower Management (Version: 6.00.3008)
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3504)
Acer ScreenSaver (Version: 1.1.0519.2011)
Acer Updater (Version: 1.02.3502)
Adobe AIR (Version: 3.6.0.6090)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator CS6 (Version: 16.0)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.9) MUI (Version: 10.1.9)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Any Video Converter 3.5.1
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 9.0.2011)
Backup Manager V3 (Version: 3.0.0.99)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BitTorrent (Version: 7.7.3.28706)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
CCleaner (Version: 3.28)
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2024.00)
clear.fi (Version: 9.0.8026)
clear.fi Client (Version: 1.00.3500)
Corel Graphics - Windows Shell Extension (Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - BR (Version: 15.0)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (Version: 15.0)
CorelDRAW Graphics Suite X5 - ES (Version: 15.0)
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - FR (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW® Graphics Suite X5 (Version: 15.0.0.486)
Correctif pour Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
Crazy Chicken Kart 2 (Version: 2.2.0.97)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.24)
Dolby Advanced Audio v2 (Version: 7.2.7000.7)
Download Accelerator Plus (DAP) (Version: 10052 (Build 2547))
Duplicate Cleaner Free 3.1.5 (Version: 3.1.5)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Evernote v. 4.5.1 (Version: 4.5.1.5451)
FATE (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
FLV to MP3 Free Converter 3.2.20
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64)
Google Chrome (Version: 33.0.1750.117)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.22.5)
Identity Card (Version: 1.00.3501)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2418)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
iTunes (Version: 10.6.3.25)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Jewel Match 3 (Version: 2.2.0.97)
Jewel Quest Solitaire (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 9.2.0 (Full) (Version: 9.2.0)
Launch Manager (Version: 5.1.7)
MagicDisc 2.7.106
Mesh Runtime (Version: 15.4.5722.2)
MFC RunTime files (Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - FRA (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - FRA (Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFreeCodec
Mystery of Mortlake Mansion (Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.19)
Nexon Game Manager
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.9002)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Paragon Partition Manager™ 12 Free (Version: 90.00.0003)
PDF Settings CS6 (Version: 11.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Bowler (Version: 2.2.0.97)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6438)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung Kies (Version: 2.6.0.13064_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Shredder (Version: 2.0.8.9)
Skype Click to Call (Version: 7.0.14735.1561)
Skype™ 6.2 (Version: 6.2.106)
Slingo Deluxe (Version: 2.2.0.95)
Spotify (Version: 0.9.6.72.ge389c074)
SuddenAttack
swMSM (Version: 12.0.0.1)
TeamViewer 9 (Version: 9.0.26297)
Torchlight (Version: 2.2.0.97)
TunnelBear 2.0.16.0 (Version: 2.0.16.0)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core - French (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
VoiceOver Kit (Version: 1.42.128.0)
WD Drive Utilities (Version: 1.0.4.11)
WD Security (Version: 1.0.4.11)
WD SmartWare (Version: 2.0.1.2)
Wedding Dash (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3504)
WIDCOMM Bluetooth Software (Version: 6.5.0.2200)
WildTangent Games App (Acer Games) (Version: 4.0.5.14)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
Xilisoft Download YouTube Video (Version: 3.3.0.20120525)
ZoneAlarm Firewall (Version: 12.0.121.000)
ZoneAlarm Free Firewall (Version: 12.0.121.000)
ZoneAlarm Security (Version: 12.0.121.000)
ZoneAlarm Security Toolbar  (Version: 1.8.28.13)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 1899.86 MB
Available physical RAM: 760.1 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 1778.58 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.78 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:312.5 GB) (Free:246.91 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:58.59 GB) (Free:58.42 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:94.66 GB) (Free:91.92 GB) NTFS

========================= Users: ========================================

User accounts for \\INDIKID-PC

Administrator            Guest                    indikid                  
The Boys!                UpdatusUser              


**** End of log ****
 

 

 

 

 

So what do we do now....?

 

Thanks - indikid



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:11 PM

Posted 04 March 2014 - 05:41 PM

Unless you need any of these programs and versions for your work Delete all of them from Control Panel > Programs and Features
 

Corel Graphics - Windows Shell Extension (Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - BR (Version: 15.0)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (Version: 15.0)
CorelDRAW Graphics Suite X5 - ES (Version: 15.0)
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - FR (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW® Graphics Suite X5 (Version: 15.0.0.486)

 

 

You have errors that The Windows Update service hung on starting.
To check for Windows updates
1. Open Windows Update by clicking the Start Orb. In the search box, type Update, and then, in the list of results, click Windows Update.
2.In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
3.If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
4.In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.
5.Click Install updates.

If there are updates there but will not install, please tell me.

 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Pro Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* NOTE :Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
Copy and Paste the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt



#5 indikid

indikid
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 05 March 2014 - 10:15 AM

Hey Noknojon,

 

Sorry for the late response, its been a crazy day at work! :(

 

I use Corel Draw now and then... So would like to keep the software... Thats an orginal version so no chances of viruses being packed into it... Will start to update windows now... My system has become slow, does not respond quickly like before, must be a result of all the data that's flowing through cause as soon as I turn off the internet my comp is back to normal speeds... I did a Malwarebytes scan and it indicated a few viruses... cleaned them all. The scan log is pasted below...

 

===============================================================

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
The Boys! :: INDIKID-PC [administrator]

3/5/2014 7:43:45 PM
mbam-log-2014-03-05 (19-43-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271717
Time elapsed: 24 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.Vaudix.A) -> Quarantined and deleted successfully.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.Vaudix.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.searchboxes.info/?pid=320&r=2013/07/29&hid=171868034&lg=EN&cc=IN&unqvl=28) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.searchboxes.info/?pid=320&r=2013/07/29&hid=171868034&lg=EN&cc=IN&unqvl=28) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\VauuDix (PUP.Optional.Vaudix.A) -> Quarantined and deleted successfully.

Files Detected: 4
C:\ProgramData\InstallMate\{54100055-37D0-4C63-AE88-7FF28FF322A3}\Custom.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\VauuDix\51f69a6a08e52.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\VauuDix\51f69a6a08e52.tlb (PUP.Optional.Vaudix.A) -> Quarantined and deleted successfully.
C:\ProgramData\VauuDix\settings.ini (PUP.Optional.Vaudix.A) -> Quarantined and deleted successfully.

(end)
 

 

Should I run this again after I've installed the updates?

 

 

Cheers - indikid



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:11 PM

Posted 05 March 2014 - 06:11 PM

Should I run this again after I've installed the updates?

Yes please -

 

But this time when you are about to hit Scan, please hit Full Scan for a deeper look -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users