|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
09-20-2009, 02:51 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2005
Posts: 14
OS: winxp
|
im hacked
im being hacked by someone and im sure of it. these are my logs
DDS (Ver_09-07-30.01) - NTFSx86 NETWORK Run by user at 5:00:28.20 on 2009-09-20 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1500 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Desktop\gmer\gmer.exe C:\Documents and Settings\user\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [Steam] "c:\program files\steam\steam.exe" -silent uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nvdisplay] c:\windows\system32:logonui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\gamers.irc\mirc.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\user\start menu\programs\absolute poker\Absolute Poker.lnk IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229996026125 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\7wxaaj7t.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\7wxaaj7t.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\7wxaaj7t.default\extensions\ustreampublisher@ustream.tv\platform\winnt_x86-msvc\plugins\npustreampublisher.dll FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\octoshape streaming services\user\octoprogram-l03-nms0905250_sua_000\npoctoshape.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-2 11608] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-2 108289] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-2 185089] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-2 55640] S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-12-27 941784] S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-5 604488] S3 IOIDDEV;IOIDDEV;\??\c:\program files\survivalproject\config\ioid.sys --> c:\program files\survivalproject\config\ioid.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revolution1;Revolution1;\??\c:\documents and settings\user\desktop\revolution engine 8.3 shak3\shak3.sys --> c:\documents and settings\user\desktop\revolution engine 8.3 shak3\SHAK3.sys [?] S3 tapgamerail;GameRail Adapter;c:\windows\system32\drivers\tapgamerail.sys [2007-5-25 26368] S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?] S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?] S4 Stormser;Stormser;c:\progra~1\ringzs~1\stormc~1\stormser.exe --> c:\progra~1\ringzs~1\stormc~1\Stormser.exe [?] S4 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-4-3 53307] =============== Created Last 30 ================ 2009-09-20 04:37 388,608 a------- c:\windows\system32\CF29480.exe 2009-09-20 04:37 <DIR> --d----- C:\ComboFix 2009-09-15 22:50 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-09-15 22:50 <DIR> --d----- c:\program files\OpenAL 2009-09-15 22:50 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-09-15 14:48 <DIR> --d----- c:\program files\common files\Insight Software Solutions 2009-09-15 14:48 <DIR> --d----- c:\program files\ShortKeys2 2009-09-05 20:39 19,495 a------- c:\windows\system32\nvdisp.nvu 2009-09-05 20:39 485,920 a------- c:\windows\system32\nvudisp.exe 2009-09-05 20:38 <DIR> --d----- C:\NVIDIA 2009-09-05 17:39 604,488 a------- c:\windows\system32\TUProgSt.exe 2009-09-05 17:38 29,000 a------- c:\windows\system32\uxtuneup.dll 2009-09-05 17:38 361,288 a------- c:\windows\system32\TuneUpDefragService.exe 2009-09-05 17:38 <DIR> --d----- c:\docume~1\user\applic~1\TuneUp Software 2009-09-05 17:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-09-05 17:38 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-09-05 17:38 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-04 15:04 <DIR> --dsh--- c:\documents and settings\user\PrivacIE 2009-09-04 15:03 <DIR> --dsh--- c:\documents and settings\user\IETldCache 2009-09-04 14:51 <DIR> --d----- c:\windows\ie8updates 2009-09-04 14:48 <DIR> -cd-h--- c:\windows\ie8 2009-09-04 14:38 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-09-04 14:38 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-09-04 14:38 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-09-04 01:22 524 a------- c:\windows\system\CMCNFGU.INI 2009-09-03 22:09 <DIR> --d----- c:\program files\NVIDIA Corporation 2009-09-03 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2009-09-03 20:58 <DIR> a-dshr-- C:\cmdcons 2009-09-03 20:56 229,888 a------- c:\windows\PEV.exe 2009-09-03 20:28 <DIR> --d----- C:\Diskeeper 2009-09-03 19:16 766 a------- c:\windows\win98Logo.ico 2009-09-03 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Diskeeper Corporation 2009-09-03 17:00 <DIR> --d----- c:\program files\Diskeeper Corporation 2009-08-26 10:01 <DIR> --d----- C:\Garmin 2009-08-26 09:58 <DIR> --d----- c:\docume~1\user\applic~1\GARMIN 2009-08-26 09:57 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-08-26 09:57 <DIR> --d----- c:\program files\Garmin ==================== Find3M ==================== 2009-08-17 03:04 2,173,472 a------- c:\windows\system32\nvcplui.exe 2009-08-17 03:04 81,920 a------- c:\windows\system32\nvwddi.dll 2009-08-17 03:03 3,170,304 a------- c:\windows\system32\nvwss.dll 2009-08-17 03:03 4,026,368 a------- c:\windows\system32\nvvitvs.dll 2009-08-17 03:03 1,286,144 a------- c:\windows\system32\nvmobls.dll 2009-08-17 03:03 188,416 a------- c:\windows\system32\nvmccss.dll 2009-08-17 03:03 3,547,136 a------- c:\windows\system32\nvgames.dll 2009-08-17 03:03 4,923,392 a------- c:\windows\system32\nvdisps.dll 2009-08-17 03:03 13,877,248 a------- c:\windows\system32\nvcpl.dll 2009-08-17 03:03 168,004 a------- c:\windows\system32\nvsvc32.exe 2009-08-17 03:03 143,360 a------- c:\windows\system32\nvcolor.exe 2009-08-17 03:03 86,016 a------- c:\windows\system32\nvmctray.dll 2009-08-17 03:02 229,376 a------- c:\windows\system32\nvmccs.dll 2009-08-17 00:57 10,457,088 a------- c:\windows\system32\nvoglnt.dll 2009-08-17 00:57 7,729,568 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 00:57 5,845,760 a------- c:\windows\system32\nv4_disp.dll 2009-08-17 00:57 2,189,856 a------- c:\windows\system32\nvcuvid.dll 2009-08-17 00:57 2,002,944 a------- c:\windows\system32\nvcuda.dll 2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll 2009-08-17 00:57 1,597,690 a------- c:\windows\system32\nvdata.bin 2009-08-17 00:57 868,352 a------- c:\windows\system32\nvapi.dll 2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcodins.dll 2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll 2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll ============= FINISH: 5:01:04.39 =============== Last edited by amateur; 09-20-2009 at 03:34 AM. Reason: DDS.txt pasted in |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
