Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Chinese IP addresses trying to connect with my PC


  • This topic is locked This topic is locked
40 replies to this topic

#16 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 04:03 PM

I deleted those Mozilla default profiles since I don't use that program anymore anyway. Ran TFC. Ran DDS. Here is the DDS log and attached attach.txt. I've not had anything trying to connect to my PC now - but it's intermittent. However I have deleted those files and nothing else was found so in theory my PC should be okay...... --------------------------------------------------------------------------------------------------------------- DDS (Ver_09-06-26.01) - NTFSx86 Run by Karen at 8:26:09.22 on 08/10/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2038.1148 [GMT 10.5:30] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SpywareBot *disabled* (Updated) {02EC97B4-CA62-456B-817F-536582F038EB} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\FileZilla Server\FileZilla Server.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WinService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Apoint\Apoint.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\QUICKENW\qagent.exe C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Windows\sttray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Wclock\wclock.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\CSR\Vista Profile Pack\HidSw.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\mrtMngr.EXE C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\TechSmith\Jing\Jing.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\mobsync.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE C:\Windows\system32\taskeng.exe C:\PROGRAM FILES\NETGEAR\WG111V2\WG111V2.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Windows\system32\wbem\wmiprvse.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Karen\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bigpond.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [Wclock] c:\program files\wclock\Wclock.exe uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Jing] c:\program files\techsmith\jing\Jing.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [BtHidUi] c:\program files\csr\vista profile pack\BtHidUi.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe mRun: [CnxDslTaskBar] "c:\program files\zyxel\zyxel usb adsl\cnxdsltb.exe" "zyxel\ZyXEL USB ADSL" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [QAGENT] c:\quickenw\QAGENT.EXE mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [SigmatelSysTrayApp] sttray.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [avp] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe" mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 1 (0x1) IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\fj4yi24a.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.hotmail.com FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_19.dll FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2008-7-10 21728] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-6 128888] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-6 29520] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-29 2235760] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312] R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-8 127488] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-29 47504] R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2007-7-7 34712] R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2008-7-10 180224] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-29 121136] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-29 673872] R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2007-6-30 13824] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-7-6 131072] S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-7-6 614272] S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2007-7-6 53248] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2008-7-10 288768] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-7-5 15576] =============== Created Last 30 ================ 2009-10-07 18:36 <DIR> --d----- c:\program files\ESET 2009-10-07 11:28 <DIR> --d----- C:\$RECYCLE.BIN 2009-10-06 16:36 229,888 a------- c:\windows\PEV.exe 2009-10-06 16:36 161,792 a------- c:\windows\SWREG.exe 2009-10-06 16:36 98,816 a------- c:\windows\sed.exe 2009-10-05 09:11 <DIR> --d----- c:\users\karen\.thumbnails 2009-10-05 09:08 <DIR> --d----- c:\users\karen\.gimp-2.6 2009-10-05 09:07 <DIR> --d----- c:\program files\GIMP-2.0 2009-10-04 11:46 <DIR> --d----- c:\program files\FileZilla Server 2009-10-04 06:28 <DIR> --d----- c:\users\karen\appdata\roaming\Malwarebytes 2009-10-04 06:28 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-04 06:28 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-04 06:28 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-04 06:27 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-04 06:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-03 18:29 <DIR> --d----- c:\users\karen\appdata\roaming\Artisteer 2009-10-03 18:26 <DIR> --d----- c:\program files\Artisteer 2 2009-10-03 18:21 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-03 08:50 <DIR> --d----- c:\program files\Trend Micro 2009-10-02 07:25 <DIR> --d----- c:\programdata\Office Genuine Advantage 2009-10-02 07:06 72,704 a------- c:\windows\system32\admparse.dll 2009-10-02 06:27 270,848 a------- c:\windows\system32\schannel.dll 2009-10-02 06:27 499,712 a------- c:\windows\system32\kerberos.dll 2009-10-02 06:27 213,504 a------- c:\windows\system32\msv1_0.dll 2009-10-02 06:27 175,104 a------- c:\windows\system32\wdigest.dll 2009-10-02 06:27 1,256,448 a------- c:\windows\system32\lsasrv.dll 2009-10-02 06:27 439,896 a------- c:\windows\system32\drivers\ksecdd.sys 2009-10-02 06:27 72,704 a------- c:\windows\system32\secur32.dll 2009-10-02 06:27 9,728 a------- c:\windows\system32\lsass.exe 2009-10-02 04:11 97,800 a------- c:\windows\system32\infocardapi.dll 2009-10-02 04:11 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-10-02 04:11 622,080 a------- c:\windows\system32\icardagt.exe 2009-10-02 04:11 43,544 a------- c:\windows\system32\PresentationHostProxy.dll 2009-10-02 04:11 37,384 a------- c:\windows\system32\infocardcpl.cpl 2009-10-02 04:11 11,264 a------- c:\windows\system32\icardres.dll 2009-10-02 04:11 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll 2009-10-02 04:11 326,160 a------- c:\windows\system32\PresentationHost.exe 2009-10-02 04:01 96,760 a------- c:\windows\system32\dfshim.dll 2009-10-02 04:01 282,112 a------- c:\windows\system32\mscoree.dll 2009-10-02 04:01 41,984 a------- c:\windows\system32\netfxperf.dll 2009-10-02 04:01 158,720 a------- c:\windows\system32\mscorier.dll 2009-10-02 04:00 83,968 a------- c:\windows\system32\mscories.dll 2009-10-01 21:50 <DIR> --d----- c:\program files\MochaSoft 2009-10-01 16:02 428,544 a------- c:\windows\system32\EncDec.dll 2009-10-01 16:02 217,088 a------- c:\windows\system32\psisrndr.ax 2009-10-01 16:02 293,376 a------- c:\windows\system32\psisdecd.dll 2009-10-01 16:02 177,664 a------- c:\windows\system32\mpg2splt.ax 2009-10-01 16:02 80,896 a------- c:\windows\system32\MSNP.ax 2009-10-01 15:48 <DIR> --d----- c:\users\karen\appdata\roaming\Wclock 2009-10-01 15:48 <DIR> --d----- c:\program files\Wclock 2009-10-01 15:33 253 a------- c:\windows\MYOBP.INI 2009-10-01 15:33 42 a------- c:\windows\MYOB.INI 2009-10-01 15:29 663 a------- c:\windows\openrda.ini 2009-10-01 15:29 <DIR> --d----- C:\MYOBODBC 2009-10-01 15:29 0 a------- c:\windows\drvxl32.INI 2009-10-01 15:29 0 a------- c:\windows\drvwd32.INI 2009-10-01 15:27 <DIR> --d----- c:\program files\common files\MSSoap 2009-10-01 15:25 <DIR> --d----- c:\program files\MYOB 2009-10-01 15:25 <DIR> --d----- C:\Premier11 2009-10-01 14:55 <DIR> --d----- c:\users\karen\BACKUPS 2009-09-24 16:13 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-24 15:46 2,033,152 a------- c:\windows\system32\win32k.sys 2009-09-24 15:46 289,792 a------- c:\windows\system32\atmfd.dll 2009-09-24 15:46 156,672 a------- c:\windows\system32\t2embed.dll 2009-09-24 15:46 72,704 a------- c:\windows\system32\fontsub.dll 2009-09-24 15:46 10,240 a------- c:\windows\system32\dciman32.dll 2009-09-24 15:45 2,868,224 a------- c:\windows\system32\mf.dll 2009-09-24 15:45 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat 2009-09-24 15:42 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-24 15:42 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-09-24 15:14 <DIR> --d----- c:\program files\VS Revo Group 2009-09-24 00:15 2,048 a------- c:\windows\system32\tzres.dll 2009-09-23 23:35 376,832 a------- c:\windows\system32\winhttp.dll 2009-09-23 23:35 71,680 a------- c:\windows\system32\atl.dll 2009-09-23 23:35 562,176 a------- c:\windows\system32\msdtcprx.dll 2009-09-23 23:35 38,912 a------- c:\windows\system32\xolehlp.dll 2009-09-23 23:35 160,256 a------- c:\windows\system32\wkssvc.dll 2009-09-23 23:35 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-09-23 23:35 24,064 a------- c:\windows\system32\amxread.dll 2009-09-23 23:35 13,824 a------- c:\windows\system32\apilogen.dll 2009-09-23 23:35 636,928 a------- c:\windows\system32\localspl.dll 2009-09-23 23:35 91,136 a------- c:\windows\system32\avifil32.dll 2009-09-23 22:24 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-09-23 22:24 7,680 a------- c:\windows\system32\spwmp.dll 2009-09-23 22:24 4,096 a------- c:\windows\system32\msdxm.ocx 2009-09-23 22:24 4,096 a------- c:\windows\system32\dxmasf.dll 2009-09-23 22:24 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-09-23 22:23 43,520 a------- c:\windows\system32\msdxm.tlb 2009-09-23 22:23 18,432 a------- c:\windows\system32\amcompat.tlb 2009-09-23 22:23 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-09-23 22:23 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-23 22:23 784,896 a------- c:\windows\system32\rpcrt4.dll 2009-09-23 22:14 2,516 a------- c:\windows\system32\drivers\default.bin 2009-09-23 22:14 2,516 a------- c:\windows\system32\default.bin 2009-09-23 22:11 <DIR> --d----- c:\program files\CheckPoint ==================== Find3M ==================== 2009-09-24 16:32 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-24 16:32 86,016 a------- c:\windows\inf\infpub.dat 2009-09-24 16:32 86,016 a------- c:\windows\inf\infstor.dat 2009-09-24 16:31 179,792 a------- c:\windows\system32\guard32.dll 2009-09-24 16:31 128,888 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-24 16:31 29,520 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-08-28 23:09 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 23:08 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 23:08 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 23:08 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-15 03:37 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-08-15 02:59 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-15 02:59 17,920 a------- c:\windows\system32\netevent.dll 2009-08-15 00:46 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-15 00:46 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-15 00:46 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-15 00:46 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-15 00:46 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-15 00:46 10,240 a------- c:\windows\system32\finger.exe 2009-08-15 00:46 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-03 16:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 16:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 16:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-22 08:22 915,456 a------- c:\windows\system32\wininet.dll 2009-07-22 08:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-22 08:17 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-22 06:43 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-12 06:02 513,024 a------- c:\windows\system32\wlansvc.dll 2009-07-12 06:02 302,592 a------- c:\windows\system32\wlansec.dll 2009-07-12 06:02 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-07-12 05:59 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-01-24 07:07 56 a---h--- c:\programdata\ezsidmv.dat 2009-01-24 07:07 56 a---h--- c:\progra~2\ezsidmv.dat 2008-12-12 19:07 174 a--sh--- c:\program files\desktop.ini 2008-12-12 18:54 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-02 23:10 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 23:10 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 23:10 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 23:10 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 19:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 19:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 19:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 19:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-07-11 13:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-07-11 13:48 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-07-11 13:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2007-06-30 03:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT ============= FINISH: 8:28:18.11 ===============

Attached Files


    Advertisements

Register to Remove


#17 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 October 2009 - 04:21 PM

Hi,

Please do the following:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


    C:\Windows\System32\WinService.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#18 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 04:25 PM

I'm about to follow your latest instructions but I just got several Chinese popup requests again :pullhair:

#19 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 October 2009 - 04:28 PM

are you able to show me a screen shot of what they actually are?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 October 2009 - 04:30 PM

Run this file:

Please download HostsXpert
  • Unzip HostsXpert to it's own folder in a convenient place such as C:\HostsXpert
  • Run: HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Restore MS Hosts File
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.


Then do this:

  • Click the Microsoft Vista Start logo in the bottom left corner of the screen
  • Click All Programs
  • Click Accessories
  • RIGHT-click on Command Prompt
  • Select Run As Administrator
  • In the command window type the following and then hit enter:


    ipconfig /flushdns


  • You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 04:34 PM

are you able to show me a screen shot of what they actually are?


I've got Jing loaded now so I'll try that the next time one pops up.

Do you want me to continue with the winservice.exe scan?

#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 October 2009 - 04:36 PM

yes please

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 05:38 PM

Here are some screen prints of the connections.... The virus scan through virscan is taking ages - the upload has slowed to 14 bytes and it estimates over 2.5 hours to go. Regards, Karen

Attached Images

  • 2009_10_08_1004.png
  • 2009_10_08_1005.png
  • 2009_10_08_1005.png
  • 2009_10_08_1000.png

Edited by kaz101, 07 October 2009 - 05:40 PM.


#24 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 07 October 2009 - 10:02 PM

The virus scan seems to get stuck at 32%. It's been running for hours then I stopped it and re-started it but the same thing happens. Here's another example of a connection....

Attached Images

  • 2009_10_08_1430.png


#25 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 08 October 2009 - 12:23 AM

It just dawned on me why the virus scanner isn't working - I've had problems uploading files to websites - any file and any website but I wasn't going to try to get that sorted until the comodo connections were sorted. For example I can't upload themes to any of my wordpress sites - it simply hangs. Sorry I should have thought of it earlier. Is there any other scan I can try? Regards, Karen P.S It's weird that I can upload the attachments to this website. I did try to upload a theme to one of my wordpress sites but couldn't do it.

    Advertisements

Register to Remove


#26 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 October 2009 - 03:12 AM

I do believe that file is probably bad, but I am curious as to what it is.

Try scanning it at the following site:

disable comodo just while the scan is in progress, then turn it back in,


  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Windows\System32\WinService.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results

Make sure you have copied and saved the results before continuing.

If you are still unable to upload it then delete it:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Windows\System32\WinService.exe"


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#27 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 08 October 2009 - 12:51 PM

You mentioned "try scanning it at the following site" but nothing was mentioned. Was that the previous site or another one?

#28 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 October 2009 - 01:03 PM

My apologies:


Please go to Virus Total
  • Copy paste the following full path into the empty box under 'Upload a file'

    C:\Windows\System32\WinService.exe

  • Click 'Send File'
Copy/paste the results into Notepad and save it to your desktop. Please post the results in your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#29 kaz101

kaz101

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts
  • Interests:Property investing, share option trading, financial freedom

Posted 08 October 2009 - 01:18 PM

Here is the result from VirusTotal and another screen print ------------------------------------------------------- Antivirus Version Last Update Result a-squared 4.5.0.41 2009.10.08 - AhnLab-V3 5.0.0.2 2009.10.08 - AntiVir 7.9.1.35 2009.10.08 - Antiy-AVL 2.0.3.7 2009.10.05 - Authentium 5.1.2.4 2009.10.08 - Avast 4.8.1351.0 2009.10.08 - AVG 8.5.0.420 2009.10.04 - BitDefender 7.2 2009.10.08 - CAT-QuickHeal 10.00 2009.10.08 - ClamAV 0.94.1 2009.10.08 - Comodo 2539 2009.10.08 - DrWeb 5.0.0.12182 2009.10.08 - eSafe 7.0.17.0 2009.10.08 - eTrust-Vet 35.1.7057 2009.10.08 - F-Prot 4.5.1.85 2009.10.07 - F-Secure 8.0.14470.0 2009.10.08 - Fortinet 3.120.0.0 2009.10.08 - GData 19 2009.10.08 - Ikarus T3.1.1.72.0 2009.10.08 - Jiangmin 11.0.800 2009.10.08 - K7AntiVirus 7.10.865 2009.10.08 - Kaspersky 7.0.0.125 2009.10.08 - McAfee 5765 2009.10.08 - McAfee+Artemis 5765 2009.10.08 - McAfee-GW-Edition 6.8.5 2009.10.08 - Microsoft 1.5101 2009.10.08 - NOD32 4491 2009.10.08 - Norman 6.01.09 2009.10.08 - nProtect 2009.1.8.0 2009.10.08 - Panda 10.0.2.2 2009.10.08 - PCTools 4.4.2.0 2009.10.08 - Prevx 3.0 2009.10.08 - Rising 21.49.22.00 2009.09.30 - Sophos 4.45.0 2009.10.08 - Sunbelt 3.2.1858.2 2009.10.08 - Symantec 1.4.4.12 2009.10.08 - TheHacker 6.5.0.2.033 2009.10.07 - TrendMicro 8.950.0.1094 2009.10.08 - VBA32 3.12.10.11 2009.10.08 - ViRobot 2009.10.8.1976 2009.10.08 - VirusBuster 4.6.5.0 2009.10.08 - Additional information File size: 180224 bytes MD5...: 42660bbed859ac22dfd12ae598a8ffaa SHA1..: 00f16d37ccbcb737442dfe8d42d975c6644f87cd SHA256: 64f7bf25ae82b62691ccdafc077d64cfadd7884be30438ff1ffd88472a9f84e2 ssdeep: 3072:uDzTLTb4+SB7lJMdy6AvK373j+wg7R8NonC11LOwgc5sF:874+SB7lgydK3 3+l7RYaGghF PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xf692 timedatestamp.....: 0x469c743e (Tue Jul 17 07:48:14 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f6e5 0x20000 6.62 f97802cc627a8f31dd846cc5b9dd365f .rdata 0x21000 0x7592 0x8000 4.75 c12a41f71d6a1fcbd72edba6d8eeb54e .data 0x29000 0x6558 0x2000 3.77 e1089985e8e922df07af3e7cc0c276be .rsrc 0x30000 0x51c 0x1000 4.28 eb8c9ebf83ceb76ce3974c1ca875dc00 ( 9 imports ) > Wlanapi.dll: WlanOpenHandle, WlanEnumInterfaces, WlanCloseHandle, WlanFreeMemory > IPHLPAPI.DLL: GetAdaptersInfo > KERNEL32.dll: InterlockedDecrement, FreeLibrary, InterlockedIncrement, GlobalGetAtomNameA, GetThreadLocale, GetVersionExA, lstrcmpW, LoadLibraryA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalFlags, GetLocaleInfoA, GetCPInfo, GetOEMCP, TlsFree, SetEndOfFile, GetCurrentProcess, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, ExitThread, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, ExitProcess, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetFileType, GetStartupInfoA, GetACP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, GetCurrentProcessId, CreateEventA, SuspendThread, SetEvent, WaitForSingleObject, GetCurrentThreadId, ResumeThread, SetThreadPriority, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, SetLastError, InitializeCriticalSection, DeleteCriticalSection, GetExitCodeProcess, lstrcmpA, GlobalAlloc, GlobalFree, lstrcpynA, lstrlenA, CompareStringA, CreateNamedPipeA, ConnectNamedPipe, CreateThread, ReadFile, Sleep, lstrcpyA, WriteFile, FlushFileBuffers, DisconnectNamedPipe, DeleteFileA, CreateFileA, DeviceIoControl, TerminateThread, CloseHandle, GetModuleFileNameA, EnterCriticalSection, GetLocalTime, LeaveCriticalSection, GetVersion, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, SetStdHandle, GetProcAddress, SetFilePointer > USER32.dll: TabbedTextOutA, DrawTextA, DrawTextExA, GrayStringA, PostQuitMessage, SetWindowTextA, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, PostMessageA, CreateWindowExA, GetClassInfoExA, DestroyMenu, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetWindowTextA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, SendMessageA, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, ClientToScreen, UnregisterClassA, ShowWindow, GetClassInfoA, GetWindowThreadProcessId > ADVAPI32.dll: RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceCtrlDispatcherA, RegOpenKeyA, RegQueryValueExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegSetValueExA, RegCreateKeyExA, RegCloseKey, RegDeleteKeyA, RegOpenKeyExA, DeleteService, CreateServiceA, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService > OLEACC.dll: CreateStdAccessibleObject, LresultFromObject > GDI32.dll: GetStockObject, GetClipBox, SetTextColor, SetBkColor, DeleteObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, TextOutA, RectVisible, PtVisible, ExtTextOutA, SaveDC, RestoreDC, DeleteDC, CreateBitmap, GetDeviceCaps, SetMapMode > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > OLEAUT32.dll: -, -, - ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) sigcheck: publisher....: n/a copyright....: Copyright © 2007 product......: n/a description..: n/a original name: n/a internal name: n/a file version.: 1, 0, 0, 5 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Attached Images

  • 2009_10_09_0428.png


#30 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 October 2009 - 05:56 PM

Hi, The address 65.65.65.65 belongs to AT&T Internet Services is that your own ISP? are you ab;e to right click on the chinese symbols and give me the properties that are listed? what activity are you doing when you get these alerts from comodo?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users