Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know someone had control of my puter, is it done/gone?


  • Please log in to reply
1 reply to this topic

#1 Buckinsteel

Buckinsteel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 29 June 2005 - 10:51 AM

Excellent forum by the way!!!

Background: Windows XP, Norton products, cable, was SP1 but now SP2.

I am an avid gamer, but a novice to computer language. I joined a gaming clan and had to download IRC. Unfortunately (and this is where my gullibility comes in), I was told to type in several things into the IRC chat. I thought it was needed to hook up with their IRC channel. Um no. They were values and with IRC's help we think I pretty much gave them the way in. I was also told to just idle in the channel since that was our method of communication. I did so overnight many a time, despite my thoughts against leaving the puter on all night.

When I played with them, it always seemed as though the leader could see my every move. In the game, Call of Duty, you can follow others while dead only. In the 2 matches I played with them, right before it would start, I would get some crazy lag for a bit and then my ping sucked, but not horribly. Eventually, after my Cvar rates were changed one time and I was booted by the cheat protection (I'm 36 and don't need to win that bad), I knew someone had did something. I quit.

I deleted all values out of IRC per their Admin's and ran Norton, but found this recently in my Owner/Doc and Settings file (named tempdiff):

Comparing files ml1.srt and ML2.SRT
***** ml1.srt
; OPK: EN_US
; Date: Tue May 11 2004 16:00:19 PST
; Type: Customer Build
; Build ID: 43NAheBLU6
; Build ID: 43NAheBLU6
; Created by: Soyoung Ahn
***** ML2.SRT
; OPK: EN_US
; Date: Tue Apr 27 2004 20:16:12 PST
; Type: Customer Build
; Build ID: 43NAheBLU5
; Build ID: 43NAheBLU5
; Created by: Soyoung Ahn
*****

***** ml1.srt
; Created by: ZZZ
; Date: Tue May 11 23:01:51 2004
BlocksXP\34\BuildTools\51speakers\fiveonespeakers_all_ww_0000-06
***** ML2.SRT
; Created by: ZZZ
; Date: Wed Apr 28 03:27:19 2004
BlocksXP\34\BuildTools\51speakers\fiveonespeakers_all_ww_0000-06
*****

***** ml1.srt
BlocksXP\41\BuildTools\Windex\windex_all_ww_0000-06
BlocksXP\41\HP\SafetyAndConfort\Safety_and_Comfort_Guide_BLU_ALL_WW_6776-03
***** ML2.SRT
BlocksXP\41\BuildTools\Windex\windex_all_ww_0000-06
BlocksXP\41\HP\Recovery\RecoveryToolsCD\RecoveryToolsCD_ALL_WW_6420-01
BlocksXP\41\HP\SafetyAndConfort\Safety_and_Comfort_Guide_BLU_ALL_WW_6776-03
*****

***** ml1.srt
BlocksXP\43\Application\BTB\WeatherBug\AWS_Weather_503_ALL_EN_7046-01
BlocksXP\43\Application\DVD_CD_MEDIA\RecordNow\Veritas_RecordNow_7_1_Preload_ALL_EN_7356-01
BlocksXP\43\Application\DVD_CD_MEDIA\WinDVD\InterVideo_WinDVD_4_0_11_412_ALL_WW_7337-05
BlocksXP\43\Application\ENTERTAINMENT\iTunes\HP-iTunesEulaPatch_ALL_WW_7325-01
***** ML2.SRT
BlocksXP\43\Application\BTB\WeatherBug\AWS_Weather_503_ALL_EN_7046-01
BlocksXP\43\Application\DVD_CD_MEDIA\RecordNow\Veritas_RecordNow_6_7_Preload_ALL_EN_7059-01
BlocksXP\43\Application\DVD_CD_MEDIA\WinDVD\InterVideo_WinDVD_4_0_11_412_ALL_WW_7337-03
BlocksXP\43\Application\ENTERTAINMENT\iTunes\HP-iTunesEulaPatch_ALL_WW_7325-01
*****

***** ml1.srt
BlocksXP\43\Application\ENTERTAINMENT\WildTangent\WildTangent_HPCMPQ0602_ALL_WW_7188-01
BlocksXP\43\Application\Imaging\WinDVD_Creator\WinDVD_Creator_ALL_WW_7415-01
BlocksXP\43\Application\productivity\ADOBEReader\Adobe_Acrobat_Reader_6_0_1_ALL_EN_7045-02
***** ML2.SRT
BlocksXP\43\Application\ENTERTAINMENT\WildTangent\WildTangent_HPCMPQ0602_ALL_WW_7188-01
BlocksXP\43\Application\Imaging\WinDVD_Creator\WinDVD_Creator_ALL_WW_7386-01
BlocksXP\43\Application\productivity\ADOBEReader\Adobe_Acrobat_Reader_6_0_1_ALL_EN_7045-02
*****

***** ml1.srt
BlocksXP\43\Application\Security\NORTONFIREWALL\nortonpf2004_7_0_all_en_7016-02
BlocksXP\43\BuildTools\BurnBoot\BurnBoot_ALL_WW_7261-06
BlocksXP\43\BuildTools\EndBuild\HP_EndBuild_ALL_WW_0000-01
***** ML2.SRT
BlocksXP\43\Application\Security\NORTONFIREWALL\nortonpf2004_7_0_all_en_7016-02
BlocksXP\43\BuildTools\BurnBoot\BurnBoot_ALL_WW_7261-05
BlocksXP\43\BuildTools\EndBuild\HP_EndBuild_ALL_WW_0000-01
*****

***** ml1.srt
BlocksXP\43\BuildTools\Motherboardname\summer04_all_boards_all_ww_0000-02
BlocksXP\43\BuildTools\NVidia_NForce_Chipset\NVidia_NForce_Chipset_Sysprep_Clean_ALL_WW_0000-01
BlocksXP\43\BuildTools\Pleasewait\FullScreen_ALL_WW_0000-04
BlocksXP\43\BuildTools\PrepBlock\OPK_HP_Build_PrepBlock_ALL_WW_0000-01
***** ML2.SRT
BlocksXP\43\BuildTools\Motherboardname\summer04_all_boards_all_ww_0000-02
BlocksXP\43\BuildTools\Pleasewait\fullscreen_all_ww_0000-03
BlocksXP\43\BuildTools\PrepBlock\OPK_HP_Build_PrepBlock_ALL_WW_0000-01
*****

***** ml1.srt
BlocksXP\43\Driver\Audio\Realtek\Realtek_Audio_5_10_00_5480_ALL_WW_7197-01
BlocksXP\43\Driver\Chipset\Intel\Intel_Chipset_6_0_0_ALL_WW_7385-01
***** ML2.SRT
BlocksXP\43\Driver\Audio\Realtek\Realtek_Audio_5_10_00_5480_ALL_WW_7197-01
BlocksXP\43\Driver\Audio\Realtek\Realtek_Azalia_HD_Audio_5_10_0_5019_ALL_WW_7403-01
BlocksXP\43\Driver\Chipset\Intel\Intel_Chipset_6_0_0_ALL_WW_7385-01
*****

***** ml1.srt
BlocksXP\43\Driver\modem\Conexant\Stinger_Modem_7_04_05_51A_ALL_WW_XP_7091-01
BlocksXP\43\Driver\Monitor\Monitor_INF_2_63_C_ALL_WW_7441-01
BlocksXP\43\Driver\NIC\Arcadyan\Arcadyan_Accton_WN4201B_1_5_09_ALL_WW_7185-02
***** ML2.SRT
BlocksXP\43\Driver\modem\Conexant\Stinger_Modem_7_04_05_51A_ALL_WW_XP_7091-01
BlocksXP\43\Driver\Monitor\Monitor_INF_2_63_B_ALL_WW_XP_7294-01
BlocksXP\43\Driver\NIC\Arcadyan\Arcadyan_Accton_WN4201B_1_5_09_ALL_WW_7185-02
*****

***** ml1.srt
BlocksXP\43\Driver\RaidATA\Promise\Raid_Utility_3_3_30_18_ALL_WW_XP_7190-01
BlocksXP\43\Driver\video\ATI\Video_ATI_RV370_RV380_8_003_1_ALL_WW_7413-01
BlocksXP\43\Driver\video\Intel\Intel_GMA_6_14_10_3818_ALL_WW_7407-01
***** ML2.SRT
BlocksXP\43\Driver\RaidATA\Promise\Raid_Utility_3_3_30_18_ALL_WW_XP_7190-01
BlocksXP\43\Driver\video\ATI\Video_ATI_RV370_RV380_8_00_1_ALL_WW_7400-01
BlocksXP\43\Driver\video\Intel\Intel_GMA_6_14_10_3818_ALL_WW_7407-01
*****

***** ml1.srt
BlocksXP\43\Driver\video\VIA_S3\VIA_UniChrome_Video_6_14_10_0113_ALL_WW_XP_7161-02
BlocksXP\43\HP\eHelp\eHelp_2_8_0_ALL_WW_7455-01
BlocksXP\43\HP\Kahuna\HPIZ350_ALL_WW_XP_7200-01
***** ML2.SRT
BlocksXP\43\Driver\video\VIA_S3\VIA_UniChrome_Video_6_14_10_0113_ALL_WW_XP_7161-02
BlocksXP\43\HP\eHelp\eHelp_2_8_0_ALL_WW_7347-01
BlocksXP\43\HP\Kahuna\HPIZ350_ALL_WW_XP_7200-01
*****

***** ml1.srt
BlocksXP\43\HP\Kahuna\KahunaComboPatch_ALL_WW_XP_7364-01
BlocksXP\43\HP\Kahuna\KahunaComboPatch_ALL_WW_XP_7445-01
BlocksXP\43\HP\Kahuna\KahunaComboPatch2_ALL_EN_XP_1_7434-01
BlocksXP\43\HP\Organize\HP_Organize_HOM_BLU_EN_US_7266-01
***** ML2.SRT
BlocksXP\43\HP\Kahuna\KahunaComboPatch_ALL_WW_XP_7364-01
BlocksXP\43\HP\Organize\HP_Organize_HOM_BLU_EN_US_7266-01
*****

***** ml1.srt
BlocksXP\43\HP\Recovery\RecoverySoftwareSuite\recoveryswsuite_all_ww_7168-02
BlocksXP\43\HP\Recovery\RecoveryToolsCD\RecoveryToolsCD_ALL_WW_7464-01
BlocksXP\43\HP\Recovery\RepairWizard\repairwizard_all_ww_6934-04
***** ML2.SRT
BlocksXP\43\HP\Recovery\RecoverySoftwareSuite\recoveryswsuite_all_ww_7168-02
BlocksXP\43\HP\Recovery\RepairWizard\repairwizard_all_ww_6934-04
*****

***** ml1.srt
BlocksXP\43\InternetShortcut\HTMLpage\Patch_PCTuneandRepair_ALL_EN_7375-01
BlocksXP\43\InternetShortcut\HTMLpage\PCTuneandRepair_ALL_EN_7326-01
BlocksXP\43\InternetShortcut\HTMLpage\SSC_ALL_WW_7116-01
***** ML2.SRT
BlocksXP\43\InternetShortcut\HTMLpage\Patch_PCTuneandRepair_ALL_EN_7375-01
BlocksXP\43\InternetShortcut\HTMLpage\SSC_ALL_WW_7116-01
*****

***** ml1.srt
BlocksXP\43\InternetShortcut\SoftwareOffers\FileShare_Offer_ALL_WW_7170-01
BlocksXP\43\InternetShortcut\WalMart\HP_WalMartMusicDownloads_ALL_WW_7383-02
BlocksXP\43\Online\EN_CA\AOLBB_ALL_EN_CA_7081-01
***** ML2.SRT
BlocksXP\43\InternetShortcut\SoftwareOffers\FileShare_Offer_ALL_WW_7170-01
BlocksXP\43\InternetShortcut\WalMart\HP_WalMartMusicDownloads_ALL_WW_7383-01
BlocksXP\43\Online\EN_CA\AOLBB_ALL_EN_CA_7081-01
*****

***** ml1.srt
BlocksXP\43\Online\EN_US\MSN90_ALL_EN_US_7006-01
BlocksXP\43\Online\EN_US\MSNBuildPatch_ALL_EN_US_7381-02
BlocksXP\43\Online\EN_US\NON-ISP-content4US_ALL_EN_US_7071-01
***** ML2.SRT
BlocksXP\43\Online\EN_US\MSN90_ALL_EN_US_7006-01
BlocksXP\43\Online\EN_US\MSNBuildPatch_ALL_EN_US_7381-01
BlocksXP\43\Online\EN_US\NON-ISP-content4US_ALL_EN_US_7071-01
*****

***** ml1.srt
BlocksXP\43\OS\QFE\QFE814078\QFE814078_Windows_Script_Engine_ALL_WW_7259-01
BlocksXP\43\OS\QFE\QFE821431\QFE821431_IPOD_S3_Fix_ALL_WW_7189-04
BlocksXP\43\OS\QFE\QFE824105\qfe824105_security_patch_netbios_all_ww_7262-02
***** ML2.SRT
BlocksXP\43\OS\QFE\QFE814078\QFE814078_Windows_Script_Engine_ALL_WW_7259-01
BlocksXP\43\OS\QFE\QFE821431\qfe821431_ipod_s3_fix_all_ww_7189-03
BlocksXP\43\OS\QFE\QFE824105\qfe824105_security_patch_netbios_all_ww_7262-02
*****

A) What is it and is it just part of everyday stuff or maybe leftovers?
:thumbsup: Am I just being paranoid?
C) Am I done with their bull?

Thanks for your help!!!!

BC AdBot (Login to Remove)

 


m

#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:12 PM

Posted 29 June 2005 - 03:05 PM

Hello Buckinsteel and welcome to BC.

I would say you were hacked pretty good. I did a little reading and .srt files seem to be associated with bridging Token Ring and Ethernet networks. Yours would be ethernet.

If you have only used Norton I would suggest you download and run the trial version of a-squared Personal. Follow that up with Ad-Aware and SpyBot S&D and then post a HiJack This Log in our forum here. See How to submit a Hijackthis Log. When you post a log, put a link in your post to refer to this topic so the team is aware of what went on.

Is tempdiff a file or a folder? In the interim I would suggest moving and renaming it rather than deleting it. If you can find ml1.srt and ML2.SRT rename them also.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users