Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have a problem with someone hacking in computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have a problem with someone hacking in computer

Unread postby E T Brother » April 11th, 2013, 6:37 pm

I don`t know if Im posting this in the right place or not, if Im putting it in the wrong place Im sorry.

I have a Dell Optiplex 755 with Vista on it. I got Dragon Naturally Speaking Software Home Version 12 last week, uploaded it, and began to use it. I used it for about three hours working on a story and it worked great. A little bit after that, it began to act up. A line was added to what I was writing, it was something like, "this guy is using voice recognition software, Im going to make him stop using it, even though it is supposed to be pretty good, Im going to make him stop using it." Dragon began to go haywire, by adding lines, deleting lines, and moving the cursor around. I have been trying to use it for the last week, some times I can use it, sometimes I can`t. I have run Norton, Spybot, Malwarebytes and none of that shows a problem with my computer.

I decided to do a restore on my computer, so I restored it to a date before I added Dragon, then I installed Dragon, and then took my computer offline. I began to use Dragon, it worked fine for awhile, then they took it over again even with the computer off line, the computer still showed it was offline.

The way I hook my computer to the internet is I use a wireless device hooked into a usb port and that picks up the router. I pulled that out, used Dragon and it worked. Several boxes popped up on the screen,one trying to get me back online and the other one was from Dragon telling me my smartphone capability was disabled. I don`t use a smartphone to use Dragon, I use the headset that came with it. I have been wondering if maybe someone close around was using a smartphone but I have no clue how to check that and see.

Can someone give me advice, please and thanks?


I have now removed Dragon from this computer and put it onto another computer that I know was fine. I took that computer off line, turned the internet off, and they still got into it and took Dragon over







DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by User at 7:39:50 on 2013-04-12
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2013.671 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\FixBee\FBDefragSrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Online Armor\oaui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAA.EXE
C:\Program Files\Ginger\GingerClient.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Ginger\GingerServices\GingerServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - c:\program files\ginger\gingerieaddin\adxloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - c:\program files\nuance\naturallyspeaking12\program\ieShim.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatihaa.exe /ept "epltarget\P0000000000000000" /M "Epson Stylus NX330"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking12\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking12\Ereg.ini"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ginger.lnk - c:\windows\installer\{4715760f-af61-494c-a699-7df5d29a03a8}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{66354205-02B0-40C0-A016-18510A9793DA} : DHCPNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.0.0\ViProtocol.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-9 33624]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-4-10 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-4-10 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-4-10 27648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2013-2-11 311184]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FBDiskOptimizer;FBDiskOptimizer;c:\program files\fixbee\FBDefragSrv.exe [2013-4-9 609136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-10 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-10 701512]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2013-4-10 216072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2013-4-10 4463864]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2011-9-7 2519040]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.0.0\ToolbarUpdater.exe [2013-4-9 990896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-10 22856]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2013-4-10 31768]
R3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\drivers\rtwlanu.sys [2012-12-7 865896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-11 00:16:49 -------- d-----w- c:\users\user\appdata\roaming\OnlineArmor
2013-04-11 00:16:49 -------- d-----w- c:\programdata\OnlineArmor
2013-04-10 23:30:48 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2013-04-10 23:30:48 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-04-10 23:30:48 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2013-04-10 23:30:48 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2013-04-10 23:30:45 -------- d-----w- c:\program files\Online Armor
2013-04-10 23:27:14 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2013-04-10 23:27:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 23:27:08 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 23:27:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-10 23:18:55 -------- d-----w- c:\users\user\appdata\roaming\WinPatrol
2013-04-10 23:18:53 -------- d-----w- c:\program files\BillP Studios
2013-04-10 23:18:52 -------- d-----w- c:\programdata\InstallMate
2013-04-10 23:12:41 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2013-04-10 23:12:41 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2013-04-10 23:12:41 -------- d-----w- c:\program files\MyDefrag v4.3.1
2013-04-09 23:55:30 -------- d-----w- c:\users\user\appdata\roaming\Nico Mak Computing
2013-04-09 23:55:22 17224 ----a-w- c:\windows\system32\roboot.exe
2013-04-09 23:55:18 -------- d-----w- c:\program files\WinZip Registry Optimizer
2013-04-09 23:54:39 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-09 23:54:28 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-04-09 23:42:47 -------- d-----w- c:\users\user\appdata\roaming\FixBee
2013-04-09 23:42:47 -------- d-----w- c:\programdata\FixBee
2013-04-09 23:42:39 -------- d-----w- c:\program files\FixBee
2013-04-09 21:11:31 -------- d-----w- c:\program files\common files\IVA
2013-04-09 21:10:56 -------- d-----w- c:\program files\common files\Nuance
2013-04-09 20:59:24 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{37df73ef-32f6-4f56-8414-ebce42f747eb}\mpengine.dll
2013-04-09 20:55:19 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 20:55:17 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-09 20:55:16 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-09 20:55:16 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 20:55:16 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 20:55:11 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 20:55:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-09 20:55:03 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-08 23:25:10 -------- d-----w- c:\users\user\appdata\local\CrashDumps
2013-04-07 03:05:09 -------- d-----w- c:\users\user\appdata\local\NPE
2013-04-06 21:11:25 -------- d-----w- c:\programdata\PCPitstop
2013-04-06 21:11:24 -------- d-----w- c:\program files\PCPitstop
2013-04-06 09:49:17 -------- d-----w- c:\users\user\appdata\roaming\AVG
2013-04-06 09:46:40 -------- d-----w- c:\programdata\AVG
2013-04-06 09:13:21 -------- d-----w- c:\users\user\appdata\local\AVG SafeGuard toolbar
2013-04-06 09:12:01 -------- d-----w- c:\users\user\appdata\roaming\TuneUp Software
2013-04-06 09:11:53 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-04-06 09:11:10 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-04-06 09:04:42 -------- d--h--w- C:\$AVG
2013-04-06 09:04:42 -------- d-----w- c:\programdata\AVG2013
2013-04-06 09:00:24 -------- d-----w- c:\program files\AVG
2013-04-06 08:48:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-06 08:48:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-04-06 08:38:40 -------- d--h--w- c:\programdata\Common Files
2013-04-06 08:38:40 -------- d-----w- c:\users\user\appdata\local\MFAData
2013-04-06 08:38:40 -------- d-----w- c:\users\user\appdata\local\Avg2013
2013-04-06 08:38:40 -------- d-----w- c:\programdata\MFAData
2013-04-06 07:52:50 -------- d-----w- c:\program files\common files\Symantec Shared
2013-04-06 07:46:05 -------- d-----w- c:\program files\Norton 360
2013-04-06 07:46:01 -------- d-----w- c:\programdata\Norton
2013-04-06 07:43:56 -------- d-----w- c:\programdata\NortonInstaller
2013-04-06 07:43:56 -------- d-----w- c:\program files\NortonInstaller
2013-04-04 19:29:55 -------- d-----w- c:\users\user\appdata\roaming\FLEXnet
2013-04-04 19:28:36 -------- d-----w- c:\users\user\appdata\roaming\Nuance
2013-04-04 19:20:00 -------- d-----w- c:\programdata\Nuance
2013-04-04 19:20:00 -------- d-----w- c:\program files\Nuance
2013-03-31 09:06:00 -------- d-----w- c:\users\user\appdata\roaming\Acapela Group
2013-03-31 09:04:43 -------- d-----w- c:\program files\Ginger
2013-03-31 09:04:34 405360 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 20:01:23 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-03-12 05:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 22:10:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-15 22:10:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 7:40:21.94 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2012 4:08:25 PM
System Uptime: 4/12/2013 7:17:20 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0PU052
Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz | CPU | 2000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 56.806 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 374.407 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP178: 4/10/2013 7:20:41 AM - Windows Update
RP180: 4/10/2013 7:57:04 AM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP181: 4/10/2013 7:30:50 PM - Online Armor installation
RP182: 4/10/2013 7:44:31 PM - Device Driver Package Install: TLEM Network Service
RP183: 4/11/2013 7:22:20 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
AudibleManager
AVG SafeGuard toolbar
Avid Studio
Avid Studio Bonus Content
Avid Studio Plugins
Belkin N600 DB USB Wireless Adapter
Bonjour
Dragon NaturallySpeaking 12
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON NX330 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Final Draft
FixBee Disk Optimizer
Ginger
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections Drivers
Intel® Active Management Technology
iTunes
Knoll Light Factory EZ Studio
LTCM Client
Magic Bullet Looks Studio
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
Online Armor 6.0
OpenOffice.org 3.4
Philips Songbird
Pinnacle Creative Pack Volume 1
Pinnacle Video Driver
proDAD Vitascene 2.0
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Red Giant Holiday Pack
Red Giant ToonIt Studio
ScoreFitter Volume 1
ScoreFitter Volume 2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SoundMAX
SureThing Express Labeler
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
UMPlayer 0.98 [P4]
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
4/9/2013 7:04:49 PM, Error: Service Control Manager [7030] - The Dragon Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/9/2013 4:45:41 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.147.868.0 Loading engine version: 1.1.9302.0
4/9/2013 4:43:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 08863BCA506B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/9/2013 4:17:11 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
4/9/2013 3:30:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 08863BCA506B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/9/2013 10:02:16 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/6/2013 9:08:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
4/6/2013 9:06:53 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/6/2013 9:03:57 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/6/2013 8:00:55 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
4/6/2013 7:57:35 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
4/6/2013 7:57:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
4/10/2013 7:57:56 AM, Error: Service Control Manager [7034] - The FBDiskOptimizer service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
E T Brother
Active Member
 
Posts: 3
Joined: April 10th, 2013, 7:00 pm
Advertisement
Register to Remove

Re: I have a problem with someone hacking in computer

Unread postby deltalima » April 16th, 2013, 4:14 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have a problem with someone hacking in computer

Unread postby deltalima » April 16th, 2013, 4:27 pm

Hi E T Brother,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Please let me know if you use the computer for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have a problem with someone hacking in computer

Unread postby E T Brother » April 16th, 2013, 7:07 pm

Hi deltalima
Thanks for your reply. I do not use my computer for business, but I do use it when I write my novels and stories, so I use it for commercial purposes. I don`t know if that counts. The results of security check are below.





Results of screen317's Security Check version 0.99.62
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
E T Brother
Active Member
 
Posts: 3
Joined: April 10th, 2013, 7:00 pm

Re: I have a problem with someone hacking in computer

Unread postby deltalima » April 17th, 2013, 1:23 pm

but I do use it when I write my novels and stories, so I use it for commercial purposes


Unfortunately this would be considered business use.

Business Use / Business Networked Computer.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware