1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I been told I have been hijacked

Discussion in 'Virus & Other Malware Removal' started by klmark, Feb 19, 2013.

Thread Status:
Not open for further replies.
  1. klmark

    klmark Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    1
    Here is what I got

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16482
    Run by Brentwood Shop at 10:07:41 on 2013-02-19
    Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.4095.2652 [GMT -6:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\dwm.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\WINDOWS\system32\svchost.exe -k apphost
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\dashost.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe -k iissvcs
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\sdclt.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Defender\MpCmdRun.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\BRENTW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 2.0\program\quickstart.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    TCP: NameServer = 66.128.169.236 66.231.7.27
    TCP: Interfaces\{267A5F1E-B87C-4C8B-85AC-851B58ACBDA4} : DHCPNameServer = 66.128.169.236 66.231.7.27
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-02-19 15:12:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-02-19 14:16:02 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36CEFEA7-89D1-4F2A-8B39-654CEABF1036}\mpengine.dll
    2013-02-18 22:37:38 -------- d-----w- C:\Users\Brentwood Shop\AppData\Local\LogMeIn Rescue Applet
    2013-02-18 20:18:34 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
    2013-02-18 17:20:02 9161176 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-02-14 16:06:53 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
    2013-02-14 16:06:51 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
    2013-02-14 16:06:47 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 16:06:46 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 14:32:48 206016 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10193.bin
    2013-02-12 18:40:34 -------- d-----w- C:\Users\Brentwood Shop\Wizards
    2013-02-12 18:40:34 -------- d-----w- C:\Program Files (x86)\Wizards
    2013-01-26 15:55:46 -------- d-----w- C:\Program Files\Common Files\3D Systems
    2013-01-26 15:55:40 -------- d-----w- C:\Program Files\Alibre Design
    2013-01-24 14:46:16 -------- d-----w- C:\Wizards
    .
    ==================== Find3M ====================
    .
    2013-02-06 23:06:14 78176 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-06 23:06:14 692576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2013-01-30 10:53:22 273840 ------w- C:\WINDOWS\System32\MpSigStub.exe
    2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
    2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
    2013-01-16 00:25:17 1437696 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
    2013-01-16 00:23:19 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
    2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
    2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
    2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
    2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
    2013-01-10 01:39:22 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
    2013-01-10 01:29:56 91880 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
    2013-01-10 01:29:54 1934056 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
    2013-01-10 01:29:21 785504 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
    2013-01-09 23:26:53 83968 ----a-w- C:\WINDOWS\SysWow64\wiaacmgr.exe
    2013-01-09 23:26:46 1611776 ----a-w- C:\WINDOWS\SysWow64\mmc.exe
    2013-01-09 23:26:35 410624 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
    2013-01-09 23:26:35 261120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
    2013-01-09 23:26:25 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll
    2013-01-09 23:26:25 202752 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll
    2013-01-09 23:26:23 1752064 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll
    2013-01-09 23:26:20 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll
    2013-01-09 23:26:08 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
    2013-01-09 23:26:04 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
    2013-01-09 23:26:03 436736 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL
    2013-01-09 23:25:55 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll
    2013-01-09 23:23:32 95232 ----a-w- C:\WINDOWS\System32\wiaacmgr.exe
    2013-01-09 23:23:25 2094592 ----a-w- C:\WINDOWS\System32\mmc.exe
    2013-01-09 23:23:18 256000 ----a-w- C:\WINDOWS\System32\WSDMon.dll
    2013-01-09 23:23:16 1964544 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
    2013-01-09 23:23:14 594944 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
    2013-01-09 23:23:14 406016 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
    2013-01-09 23:23:09 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll
    2013-01-09 23:23:08 279040 ----a-w- C:\WINDOWS\System32\srm.dll
    2013-01-09 23:23:07 1886208 ----a-w- C:\WINDOWS\System32\setupapi.dll
    2013-01-09 23:23:05 728064 ----a-w- C:\WINDOWS\System32\samsrv.dll
    2013-01-09 23:22:53 464384 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
    2013-01-09 23:22:53 151040 ----a-w- C:\WINDOWS\System32\netprofm.dll
    2013-01-09 23:22:43 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
    2013-01-09 23:22:41 666112 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL
    2013-01-09 23:22:35 438272 ----a-w- C:\WINDOWS\System32\lsm.dll
    2013-01-09 23:22:29 894464 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll
    2013-01-09 23:22:29 159232 ----a-w- C:\WINDOWS\System32\inetpp.dll
    2013-01-09 23:22:26 49152 ----a-w- C:\WINDOWS\System32\drivers\UMDF\HidBthLE.dll
    2013-01-09 23:22:25 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll
    2013-01-09 23:22:05 1918464 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
    2013-01-09 03:59:47 341504 ----a-w- C:\WINDOWS\System32\drivers\HdAudio.sys
    2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
    2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
    2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
    2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
    2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
    2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
    2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
    2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
    2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
    2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
    2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
    2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
    2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
    2012-12-16 08:28:20 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
    2012-12-06 04:23:00 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
    2012-12-06 04:22:59 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
    2012-12-04 04:21:42 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
    2012-11-29 05:05:57 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:57 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
    2012-11-27 06:59:13 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
    2012-11-27 06:39:46 1122768 ----a-w- C:\WINDOWS\System32\Taskmgr.exe
    2012-11-27 04:49:20 1027152 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe
    2012-11-27 04:20:50 1048064 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe
    2012-11-27 04:20:42 179200 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll
    2012-11-27 04:20:35 891904 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
    2012-11-27 04:20:31 798208 ----a-w- C:\WINDOWS\SysWow64\WebcamUi.dll
    2012-11-27 04:20:29 46592 ----a-w- C:\WINDOWS\SysWow64\vds_ps.dll
    2012-11-27 04:20:28 560128 ----a-w- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:23 1217536 ----a-w- C:\WINDOWS\SysWow64\storagewmi.dll
    2012-11-27 04:20:15 680960 ----a-w- C:\WINDOWS\System32\vds.exe
    2012-11-27 04:20:07 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
    2012-11-27 04:20:07 1123840 ----a-w- C:\WINDOWS\System32\mstsc.exe
    2012-11-27 04:19:52 5088256 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
    2012-11-27 04:19:50 244736 ----a-w- C:\WINDOWS\System32\wpnapps.dll
    2012-11-27 04:19:48 1096704 ----a-w- C:\WINDOWS\System32\wmpmde.dll
    2012-11-27 04:19:42 1145856 ----a-w- C:\WINDOWS\System32\winmde.dll
    2012-11-27 04:19:37 955904 ----a-w- C:\WINDOWS\System32\WebcamUi.dll
    2012-11-27 04:19:33 631808 ----a-w- C:\WINDOWS\System32\UserLanguagesCpl.dll
    2012-11-27 04:19:32 245248 ----a-w- C:\WINDOWS\System32\usbmon.dll
    2012-11-27 04:19:25 173568 ----a-w- C:\WINDOWS\System32\storewuauth.dll
    2012-11-27 04:19:25 1536512 ----a-w- C:\WINDOWS\System32\storagewmi.dll
    2012-11-27 04:19:22 245248 ----a-w- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
    2012-11-27 04:19:09 3245568 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
    2012-11-27 04:19:02 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
    2012-11-27 04:18:59 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
    2012-11-27 04:18:39 5974528 ----a-w- C:\WINDOWS\System32\mstscax.dll
    2012-11-27 04:18:25 1146880 ----a-w- C:\WINDOWS\System32\mcmde.dll
    2012-11-27 04:18:13 1071104 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
    2012-11-27 04:18:06 378880 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
    .
    ============= FINISH: 10:08:02.40 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro with Media Center
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/4/2013 2:12:15 PM
    System Uptime: 2/19/2013 8:47:42 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 699 GiB total, 659.926 GiB free.
    D: is FIXED (NTFS) - 38 GiB total, 36.717 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP11: 2/2/2013 1:18:31 PM - Scheduled Checkpoint
    RP12: 2/8/2013 8:41:32 AM - Windows Update
    RP13: 2/14/2013 10:42:21 AM - Windows Update
    RP14: 2/18/2013 1:05:39 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Reader XI (11.0.01)
    Alibre Design
    GIMP 2.8.2
    Google Chrome
    Google Chrome Frame
    Google Earth Plug-in
    Google Update Helper
    HijackThis 2.0.2
    Inkscape 0.48.2
    Microsoft Silverlight
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenOffice.org 2.0
    SheetCam TNG Development V4.1.31
    Skype Click to Call
    Skype¬ô 6.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2013 5:40:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user BrentwoodShop\Brentwood Shop SID (S-1-5-21-3425701940-2193528787-2319698956-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    2/18/2013 5:38:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/18/2013 5:36:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/18/2013 5:35:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2013 5:29:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/18/2013 5:05:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "Unavailable" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    2/18/2013 4:58:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    2/18/2013 4:58:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2013 4:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/18/2013 4:49:50 PM, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2013 12:53:18 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
    2/18/2013 12:52:20 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
    2/15/2013 4:51:03 PM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.
    2/15/2013 3:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user BrentwoodShop\Brentwood Shop SID (S-1-5-21-3425701940-2193528787-2319698956-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    2/13/2013 1:23:55 PM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
    .
    ==== End Of File ===========================
    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-19 10:14:38
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7501AALS-00J7B0 rev.05.00K05 698.64GB
    Running: 64dzxdf5.exe; Driver: C:\Users\BRENTW~1\AppData\Local\Temp\awtyyfow.sys

    ---- User code sections - GMER 2.1 ----
    .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f755177a 4 bytes [55, F7, F8, 07]
    .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f7551782 4 bytes [55, F7, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[928] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f2411532 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[928] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f241153a 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[928] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f241165a 4 bytes [41, F2, F8, 07]
    .text C:\WINDOWS\system32\nvvsvc.exe[960] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007f8f2411532 4 bytes [41, F2, F8, 07]
    .text C:\WINDOWS\system32\nvvsvc.exe[960] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007f8f241153a 4 bytes [41, F2, F8, 07]
    .text C:\WINDOWS\system32\nvvsvc.exe[960] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007f8f241165a 4 bytes [41, F2, F8, 07]
    .text C:\WINDOWS\system32\nvvsvc.exe[960] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f755177a 4 bytes [55, F7, F8, 07]
    .text C:\WINDOWS\system32\nvvsvc.exe[960] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f7551782 4 bytes [55, F7, F8, 07]
    .text C:\WINDOWS\system32\mqsvc.exe[1680] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f8ef861b32 4 bytes [86, EF, F8, 07]
    .text C:\WINDOWS\system32\mqsvc.exe[1680] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f8ef861b3a 4 bytes [86, EF, F8, 07]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[816] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f8f755177a 4 bytes [55, F7, F8, 07]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[816] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f8f7551782 4 bytes [55, F7, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f2411532 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f241153a 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f241165a 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2460] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f2411532 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2460] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f241153a 4 bytes [41, F2, F8, 07]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2460] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f241165a 4 bytes [41, F2, F8, 07]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[880] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f8f755177a 4 bytes [55, F7, F8, 07]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[880] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f8f7551782 4 bytes [55, F7, F8, 07]
    ---- Threads - GMER 2.1 ----
    Thread C:\WINDOWS\system32\csrss.exe [496:532] fffff960008065e8
    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\[email protected] 972463312
    ---- EOF - GMER 2.1 ----
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:28:28 , on 5/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.100.100.17:8080/dspace/password-login;jsessionid=27C70F18CC9AB5A85EAAD7A8A8AF4E81
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272015962546
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CE037684-D3E9-4EE8-A2E0-451BACC75057}: NameServer = 164.100.80.2,164.100.9.7
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    --
    End of file - 6762 bytes
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090190

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice