in desparate need of help

Discussion in 'adware, spyware & hijack cleaning' started by langdonleatherwork, Jun 10, 2004.

Thread Status:
Not open for further replies.
  1. langdonleatherwork

    langdonleatherwork Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    5
    hi there i have been hacked and hacked,, found my network set up as a servers..both computers
    had my admin privledges tampered with , currently i cannot search hidden files,,that has been removed from the search abilities
    these hacks have cost me my family.. while a lot of circumstantial stuff was pointing to the x having affairs,,i have found the index.dat file tampered with..
    entries there , then gone,,
    i run a very small ebay business and these hacks are costing me computer time,,
    the x says she has nothing to do with any of this but i was finding lavalife stuff in index.dat on her account
    i found a bunch of links to override admin then lost all my admin priveledges
    i feel rather embarrassed asking for help but really have no idea what else to do ..
    i found a wireless connection loaded on my computer,(this was an internal thing .. the screw in the back of my machine was changed .. a piece of coax was running from the internal usb port ) employee watcher loaded , i am trying to keep my family together ,we have a beautiful 7 month old . Unless i can get this straightened out, or get to the bottom of this mess i can/t get my family back together ..i am paranoid beyond reason..
    i have tried to disable messenger and while it says disabled it is running !
    i have installed norton securities ,been to sheilds up! but need help in straightening this out,,
    is their anyone who has any info on stuff like this..??am i insane?? i have spent a month of my life reformatting..3 times..searching google etc..
    can anyone make sense of my woes??i pray that i can get some answers ..

    HELP!!!!


    Logfile of HijackThis v1.97.7
    Scan saved at 6:29:49 AM, on 6/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SpyKiller\spykiller.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\mmc.exe
    C:\Documents and Settings\Admin\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38135.7312268519
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi langdonleatherwork,

    The only thing in your log I don't care for is SpyKiller.

    About hidden files. Do you have them set to show or not?

    Regards,

    Pieter
     
  3. langdonleatherwork

    langdonleatherwork Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    5
    thank you,,,
    i had to go to task manager to end process , then remove it , gone now,,,
    what is behind these hacks ??
    help...
     
  4. langdonleatherwork

    langdonleatherwork Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    5
    hidden files are set to show but the search used to include hidden files as an option .. i no longer have this ability
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    I could be wrong, but I think when Hidden files are set to show the search includes them anyway, so that would explain why the option no longer shows.
    I have no XP computer available to test that theory.

    Regards,

    Pieter
     
  6. langdonleatherwork

    langdonleatherwork Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    5
    any ideas on the hacks .. having my network set up as servers??
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    How did you find out that this was done?
    Can you install firewalls on them?

    Regards,

    Pieter
     
  8. langdonleatherwork

    langdonleatherwork Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    5
    yes i have installed norton securities...
    i noticed the machines where working when no tasks where running...i would unplug them at first it would stop.. but evertime they where pluged in stuff was running.. after the x moved out i found a wireless connection on one of the computers and checked connections downstairs and fopund the server set up ...
    i shredded everything.. closed off the file sharing , re formatted installed norton..
    i blamed everything on the x .. but i am learning more as i go,,,
    and need to figure this for my daughter sake,,if i can piece this together
    maybe i can pice my relationship together as well...
    i know this isn/t a dear abby column
    but i don/t know how this happened,,
    ted,,
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    So you are not sure if this is still that way now.

    You will need some pretty nifty software to find such a professional setup.

    For starters, download TDS-3 from http://tds.diamondcs.com.au/index.php?page=download
    and update it following the instructions here:
    http://tds.diamondcs.com.au/index.php?page=update
    Then click System Testing > Full System scan.

    But, as dear Abby would say: we can run a million tests. As soon as we find something you will say AHA. But you will never be completely sure that the computers are clean. It is like when someone broke into your house or stole your car. It will never be the same again.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.