[Inactive] I've been hacked

[Nikispice]

My yahoo messenger account has been hacked by someone...   My friends think i'm either gay or a prostitute since the hacker is sending messages with my profile asking for nude pics and inviting them to view (me) the hacker at an unknown site...  MY account is for personal friends , family and classmates.. So you can see how embarrassing this can be and how fatal this is tomy reputation ... Can you please help?


Note: I thanks for the info  here is the post that was previously requested...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_30
Run by Administrator at 13:12:29 on 2012-02-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.105 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BearShare Applications\BearShare\BearShare.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Bandoo\BndCore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\AllGamesHome Toolbar\tbunsr473.tmp\TbHelper2.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.allgameshome.com/
mStart Page = hxxp://home.allgameshome.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\allgameshome toolbar\tbunsr473.tmp\tbhelper.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\pogo games\iWinGamesHookIE.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbunsr473.tmp\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
TB: CieoNet Utilities: {8175e372-1ff1-4288-8e6e-addebd415d47} - c:\program files\cieonetutilities_0e\bar\1.bin\0ebar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbunsr473.tmp\tbcore3.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WeatherBugAlert] "c:\program files\aws\weatherbug alert\WeatherBugAlert.exe" /st
uRun: [AROReminder] c:\program files\aro 2011\ARO.exe -rem
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbunsr473.tmp\tbcore3.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 172.18.1.5 205.152.144.23
TCP: Interfaces\{6F7BAEEA-87CB-4186-81DF-A7482FADB881} : DhcpNameServer = 172.18.1.5 205.152.144.23
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\599pxmo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AllGamesHome Search
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-5-27 13696]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-10-9 54760]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [2011-10-7 37560]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-6-2 1374464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-27 167264]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-20 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-06 15:22:53   --------   d-----w-   c:\documents and settings\all users\application data\358C
2012-02-03 13:19:43   626688   ----a-w-   c:\program files\mozilla firefox\msvcr80.dll
2012-02-03 13:19:43   548864   ----a-w-   c:\program files\mozilla firefox\msvcp80.dll
2012-02-03 13:19:43   479232   ----a-w-   c:\program files\mozilla firefox\msvcm80.dll
2012-02-03 13:19:43   45016   ----a-w-   c:\program files\mozilla firefox\mozutils.dll
2012-01-29 23:09:09   --------   d-----w-   c:\documents and settings\administrator\application data\BrokenHearts
2012-01-29 15:33:27   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-28 14:30:44   --------   d-----w-   c:\documents and settings\all users\application data\MyPlayCity
2012-01-28 12:58:29   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2012-01-28 12:58:29   60032   ----a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2012-01-28 12:56:47   6656   ----a-w-   c:\windows\system32\CoInst_070614.dll
2012-01-28 12:56:47   457856   ----a-w-   c:\windows\system32\drivers\PAC7302.SYS
2012-01-28 12:56:47   --------   d-----w-   c:\program files\common files\Eye 312
2012-01-28 12:56:45   14336   ----a-w-   c:\windows\system32\P7302USD.dll
2012-01-28 12:56:45   129024   ----a-w-   c:\windows\system32\SP7302.ax
2012-01-28 12:56:44   --------   d-----w-   c:\program files\common files\Pac7302
2012-01-27 19:17:55   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-01-27 19:17:55   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-27 19:17:28   --------   d-----w-   c:\program files\The Great Tree
2012-01-27 19:15:14   --------   d-----w-   c:\documents and settings\administrator\Incomplete
2012-01-27 19:14:07   --------   d-----w-   C:\TDDownload
2012-01-26 01:56:44   --------   d-----w-   c:\documents and settings\all users\application data\2C242
2012-01-25 19:29:13   --------   d-----w-   c:\program files\VideoLAN
2012-01-25 16:44:40   --------   d-----w-   c:\documents and settings\all users\application data\28CB
2012-01-24 21:53:51   --------   d-----w-   c:\documents and settings\administrator\application data\MyPlayCity
2012-01-24 17:14:42   --------   d-----w-   c:\program files\EA GAMES
2012-01-24 17:07:48   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Ilivid Player
2012-01-24 16:51:34   --------   dc----w-   c:\documents and settings\all users\application data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-01-24 16:51:07   --------   d-----w-   c:\program files\iLivid
2012-01-24 16:34:00   --------   d-----w-   c:\program files\PLUS!
2012-01-24 03:07:37   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-01-24 03:05:05   --------   d-----w-   c:\documents and settings\administrator\application data\ZiggyTV
2012-01-24 03:04:58   --------   d-----w-   c:\program files\ZiggyTV
2012-01-23 23:11:14   --------   d-----w-   c:\documents and settings\all users\application data\NannyMania
2012-01-23 23:05:32   --------   d-----w-   c:\documents and settings\all users\application data\Farm Frenzy
2012-01-23 20:24:01   --------   d-----w-   c:\documents and settings\all users\application data\Thunder Network
2012-01-23 02:27:24   --------   d-----w-   c:\program files\BigFishGames
2012-01-21 23:52:49   --------   d-----w-   c:\windows\system32\Adobe
2012-01-21 22:40:13   --------   dc-h--w-   c:\documents and settings\all users\application data\{A6407055-0AD9-4188-BF59-D278031D3689}
2012-01-21 17:59:25   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Secunia PSI
2012-01-19 20:15:28   --------   d-----w-   c:\program files\common files\xing shared
2012-01-19 15:51:07   --------   d-----w-   c:\documents and settings\administrator\application data\Maxthon3
2012-01-19 15:50:34   --------   d-----w-   c:\program files\Maxthon3
2012-01-19 15:17:56   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Google Translator (2)
2012-01-19 10:38:56   --------   d-----w-   c:\windows\system32\cache
2012-01-19 10:35:01   --------   d-----w-   c:\documents and settings\administrator\application data\Sammsoft
2012-01-19 10:35:00   --------   d-----w-   c:\program files\Ask.com
2012-01-19 10:35:00   --------   d-----w-   c:\program files\ARO 2011
2012-01-19 10:35:00   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\AskToolbar
2012-01-19 10:34:54   --------   d-----w-   c:\documents and settings\all users\application data\UAB
2012-01-19 10:34:54   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\PC_Drivers_Headquarters
2012-01-19 10:34:53   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\ManyCam
2012-01-18 17:21:01   --------   d-----w-   c:\documents and settings\all users\application data\12CE
2012-01-18 12:46:44   --------   d-----w-   c:\program files\BrowserCompanion
2012-01-18 12:26:55   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Urban Dictionary
2012-01-18 12:25:12   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Galaxy Fighter
2012-01-18 12:24:37   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\River IQ Game
2012-01-18 12:24:16   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\FunAquarium
2012-01-18 12:23:35   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Biolab Disaster
2012-01-18 12:20:37   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Stay Secure
2012-01-18 12:20:03   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Google Translator
2012-01-18 12:19:24   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Torus
2012-01-18 12:04:16   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Opera
2012-01-18 02:59:15   --------   d-----w-   c:\program files\Secunia
2012-01-09 12:28:16   3584   ----a-r-   c:\documents and settings\administrator\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2012-01-09 12:28:08   --------   d-----w-   c:\program files\Windows Installer Clean Up
2012-01-09 11:58:54   --------   d-----w-   c:\program files\MSECACHE
.
==================== Find3M  ====================
.
2012-01-21 18:44:23   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-19 20:14:24   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-01-19 20:14:24   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-12-10 19:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21:44   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ----a-w-   c:\windows\system32\schannel.dll
.
============= FINISH: 13:14:16.31 ===============

[Hoov]

Since I have helped you before, I am going to skip all the preliminaries.

The first thing to do is to take back control of your yahoo account. On a computer that you have no problems with, contact yahoo. I have sent you an PM with an e-mail that you need to contact. Tell them what your problem is.

Are you having any problems with this computer, other than the yahoo issue? Could you please post the other log generated by DDS. It is named attach.txt

[Nikispice]

Actually the computer still works great... I took your advice and downloaded a new browser Maxthon3 works beautifully..  And Secunia updates all of my software regularly!  It's just the hacker issue right now, here is the other dds that you requested:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2011 10:58:07 PM
System Uptime: 2/7/2012 9:28:05 PM (0 hours ago)
.
Motherboard: BIOSTAR Group |  | N61PC-M2S
Processor: AMD Sempron(tm) Processor LE-1250 | Socket AM2  | 2210/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 400.387 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP262: 1/17/2012 4:57:27 PM - System Checkpoint
RP263: 1/17/2012 5:02:03 PM - Cleanpc
RP264: 1/18/2012 6:53:37 AM - Removed Ask Toolbar.
RP265: 1/18/2012 6:56:34 AM - Removed Bonjour
RP266: 1/18/2012 7:00:22 AM - Removed CrazyTalk Cam Suite
RP267: 1/18/2012 7:02:09 AM - Removed Driver Whiz.
RP268: 1/19/2012 6:33:40 AM - Restore Operation
RP269: 1/20/2012 6:40:37 AM - System Checkpoint
RP270: 1/20/2012 8:03:31 PM - Software Distribution Service 3.0
RP271: 1/21/2012 3:03:30 PM - Software Distribution Service 3.0
RP272: 1/22/2012 5:17:54 PM - System Checkpoint
RP273: 1/23/2012 10:33:27 PM - System Checkpoint
RP274: 1/24/2012 7:12:22 AM - Software Distribution Service 3.0
RP275: 1/25/2012 1:22:57 PM - System Checkpoint
RP276: 1/25/2012 4:46:20 PM - 24th January 2012
RP277: 1/25/2012 4:46:53 PM - Restore Operation
RP278: 1/25/2012 5:00:34 PM - Installed Java(TM) 6 Update 30
RP279: 1/26/2012 6:20:21 PM - System Checkpoint
RP280: 1/27/2012 3:04:30 PM - Restore Operation
RP281: 1/27/2012 3:12:55 PM - Restore Operation
RP282: 1/28/2012 8:56:43 AM - Installed Eye 312
RP283: 1/29/2012 10:23:56 AM - System Checkpoint
RP284: 1/29/2012 11:32:41 AM - Installed Java(TM) 6 Update 30
RP285: 1/30/2012 1:52:36 PM - System Checkpoint
RP286: 1/31/2012 3:23:52 PM - System Checkpoint
RP287: 2/1/2012 3:29:57 PM - System Checkpoint
RP288: 2/2/2012 6:24:36 PM - System Checkpoint
RP289: 2/3/2012 6:29:57 PM - System Checkpoint
RP290: 2/4/2012 7:25:05 PM - System Checkpoint
RP291: 2/5/2012 7:43:09 PM - System Checkpoint
RP292: 2/6/2012 10:22:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
AllGamesHome Toolbar
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Processor Driver
Anka (remove only)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2011
Ask Toolbar
AVG 2011
AVG PC Tuneup
Bandoo
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Bar
Bonjour
Broken Hearts - A Soldier's Duty
Burger Bustle (remove only)
Burglar's Adventure
CCleaner
CDBurnerXP
CieoNet Utilities
CrazyTalk Cam Suite PRO
Deep Voyage (remove only)
Driver Whiz
Empress of the Deep 2: Song of the Blue Whale Collector's Edition (remove only)
Eye 312
Farm Frenzy
Farm Frenzy 3 (remove only)
Fishdom: Spooky Splash (remove only)
fTalk
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Translator
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Update
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Kelly Green - Garden Queen
Malwarebytes Anti-Malware version 1.60.0.1800
ManyCam 2.6.65 (remove only)
Maxthon 3
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nanny Mania
Nero 8
neroxml
NVIDIA Drivers
Opera 11.60
Peggle (remove only)
Platform
Platypus
Pogo Games (remove only)
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.5
Safari
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Segoe UI
Skype Click to Call
Skype™ 5.5
Stranded II 1.0.0.1
swMSM
The Great Tree
Tumblebugs 2
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
UpdateMyDrivers
VCRedistSetup
VIA Platform Device Manager
Virtual Villagers - A New Home
Virtual Villagers - The Lost Children
Virtual Villagers (remove only)
WeatherBug Alert
WebFldrs XP
Willing Webcam
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZiggyTV
.
==== End Of File ===========================

[Hoov]

In the future please paste the log in the response instead of attaching it, unless we ask for it to be attached. Its for everyone's protection and it makes it easier to research.

Go ahead and update Malwarebytes' Anti-Malware and then run a full scan with it. If it finds anything, fix it and post the log. If not, go ahead and post that log.

I apologize right now if any response seems terse or a little strange. I am suffering from a mild case of something that has me all messed up. I am not feeling entirely well today.

[Nikispice]

I understand, I'm sorry about your health.. hope you get better soon..  I contacted Yahoo through the email you sent...  Changed my password like they requested and viewed recent login activity.. I saw that on three occasions someone from the US logged into my account...  Unfortunately all i can identify of this person are IP addresses and all are different...  I do not know how else to proceed..

About the MBAM logs here is the results:



Database version: v2012.02.08.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER [administrator]

2/8/2012 8:28:53 AM
mbam-log-2012-02-08 (08-28-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317315
Time elapsed: 1 hour(s), 48 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Administrator\Desktop\TASH 2011\Retrogamer.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\oi_installer.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\installer_nero_general_clean_tool_English.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E25E19AD-7B11-4614-B853-9E86318BEC43}\RP277\A0133896.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)

[Hoov]

I don't think that the problem was with your computer. While you did have some malware installed, it was fairly minor.

Please check your activity log in yahoo again and see if anyone is still in your account. Let me know.

[Nikispice]

I checked recent activity tonight and there has not been any activity since yesterday morning... All i received from Yahoo was an email requesting i change passwords and to contact them again if i should ever have any suspicions that the hacker has returned...  Do you have any info that i can read to protect myself from another attack?  I will truly appreciate it if you will send me the link... Thanks Hoov..

[Hoov]

The best thing to do is better password usage / management. That is not saying you did anything wrong. But the more complex your password is, and the more often you change it the better off you will be. For instance I run my own e-mail server. But my passwords for my e-mail accounts are somewhere in the neighborhood of 20 characters long, and I change them frequently. I use KeePass to keep all my passwords straight, and to generate new passwords. To be honest I only know the password to my password file in KeePass, and the rest are in there and it reminds me when to change them.

You may want to read this, Safe and Secure Use of E-Mail

Let me know if you have any questions about that.

[Nikispice]

Thanks for the info Hoov, recently AVG detected a threat called Adware Generic4. CNRQ and sent it to vault. So far everything is fine no hackers no computer problems....

I scan my computer with MBAM at least once per week and update AVG regularly ...  Yep, i learned , had a good teacher....

[Hoov]

Something I recommend if you can afford it, purchase a copy of Malwarebytes' Anti-Malware. That will give you the live scanning just like an Antivirus. Even as careful as I am, Malwarebytes' Anti-Malware still pops up occasionally and tells me it blocked something. It is definitely worth the money.

Do you have any other questions or concerns? If not you can go ahead and delete DDS. There is no uninstall of it, just delete the file.

[Nikispice]

Actually there is one question...

Is Java dangerous?  Sometimes when i run certain software a pop up from AVG appears and blocks java  .....  In order to continue i am prompted to unblock or keep blocking...

I somehow installed a software called Ziggy TV that uses Java, when i saw it on my computer i inspected the software and found it had some games that my daughter now plays so I kept it....

[Hoov]

Java itself is not dangerous. But there are some applets that are. As long as you allow Java only on sites that you trust, you are OK. On the other hand Ziggy TV appears to be malware. See if you can uninstall it, and then run a full scan with Malwarebytes' Anti-Malware.

[Hoov]

Nikispice, do you still need help?

[Hoov]

This thread is being closed due to inactivity. If you need it reopened send me a PM. This applies to the originator only. Anyone else please start a new thread.