Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 · (Edited)
Hi
I play world of warcraft and a guy keep hacking me stealing my pass and info and destroying my in game stuff while i had mcafee antivirus and malwarebytes both registered that wat idid so far :

1. i setuped a new Operating system
2. i setuped malwayre bytes again and scaned
After this step i loged in the game and i think the guy had access still cuz i might have been hacked again but i am not 100% sure
then
3. i setuped Zone alarm
4. i setuped AVG virus scanner

and now i did all the instruction and i posting my logs :

DDS LOG :


DDS (Ver_09-10-26.01) - NTFSx86
Run by Medo at 17:55:38.59 on Sat 11/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1919.1252 [GMT 2:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Documents and Settings\Medo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\medo\applic~1\mozilla\firefox\profiles\bup8waqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-21 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-21 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-21 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-11-21 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-11-21 231704]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-18 170640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-18 15504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2009-11-21 15:12:31 0 d-----w- c:\windows\system32\LogFiles
2009-11-21 11:53:11 12936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-21 11:53:11 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-21 11:53:10 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-21 11:53:07 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-21 11:53:04 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-21 11:52:44 0 d-----w- c:\program files\AVG
2009-11-21 11:52:43 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-11-20 23:38:10 0 d-----w- c:\program files\Shutdown Timer
2009-11-20 22:33:47 0 d-----w- c:\program files\VideoLAN
2009-11-20 17:11:04 0 d-----w- c:\program files\Trend Micro
2009-11-20 00:47:03 0 d-----w- c:\program files\Zone Labs
2009-11-20 00:46:33 0 d-----w- c:\windows\Internet Logs
2009-11-20 00:09:08 0 d-----w- c:\documents and settings\medo\Tracing
2009-11-20 00:07:50 0 d-----w- c:\program files\Microsoft
2009-11-20 00:07:30 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-20 00:00:33 0 d-----w- c:\program files\common files\Windows Live
2009-11-19 23:37:38 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-19 23:34:22 0 d-----w- c:\documents and settings\medo\Contacts
2009-11-19 23:30:37 0 d-----w- c:\windows\system32\appmgmt
2009-11-19 04:27:58 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-19 04:27:55 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-19 01:13:57 63 ----a-w- c:\windows\wininit.ini
2009-11-18 19:34:15 0 d-----w- c:\program files\common files\ODBC
2009-11-18 19:34:11 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-18 19:33:10 0 d-----r- c:\documents and settings\all users\Documents
2009-11-18 18:45:54 0 d-----w- c:\program files\Lavasoft
2009-11-18 18:35:42 0 d-----w- c:\program files\Ask.com
2009-11-18 18:34:55 0 d-----w- c:\program files\uTorrent
2009-11-18 18:34:44 0 d-----w- c:\docume~1\medo\applic~1\uTorrent
2009-11-18 18:12:59 0 d-----w- c:\program files\Broadcom
2009-11-18 18:09:04 0 d-----w- c:\docume~1\medo\applic~1\Malwarebytes
2009-11-18 18:09:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 18:09:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-18 17:57:30 0 d-----w- c:\program files\Analog Devices
2009-11-18 17:52:36 0 d-----w- c:\program files\ATI Technologies
2009-11-18 17:43:37 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-18 17:43:12 0 d--h--w- c:\program files\WindowsUpdate
2009-11-18 17:43:08 0 d-----w- c:\program files\Online Services
2009-11-18 17:42:01 0 d-----w- c:\program files\common files\MSSoap
2009-11-18 17:39:24 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-21 14:50:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-11-18 18:12:56 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-11-18 18:12:56 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-11-18 17:40:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 17:56:10.17 ===============


Thank you very much and pls tell me if formating my entire Pc will help or not cuz i dont want 2 go in so much trouble in gettin my data back
and pls tell me if it safe to open the account again on my pc atm
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top