in desparate need of help

hi there i have been hacked and hacked,, found my network set up as a servers..both computers
had my admin privledges tampered with , currently i cannot search hidden files,,that has been removed from the search abilities
these hacks have cost me my family.. while a lot of circumstantial stuff was pointing to the x having affairs,,i have found the index.dat file tampered with..
entries there , then gone,,
i run a very small ebay business and these hacks are costing me computer time,,
the x says she has nothing to do with any of this but i was finding lavalife stuff in index.dat on her account
i found a bunch of links to override admin then lost all my admin priveledges
i feel rather embarrassed asking for help but really have no idea what else to do ..
i found a wireless connection loaded on my computer,(this was an internal thing .. the screw in the back of my machine was changed .. a piece of coax was running from the internal usb port ) employee watcher loaded , i am trying to keep my family together ,we have a beautiful 7 month old . Unless i can get this straightened out, or get to the bottom of this mess i can/t get my family back together ..i am paranoid beyond reason..
i have tried to disable messenger and while it says disabled it is running !
i have installed norton securities ,been to sheilds up! but need help in straightening this out,,
is their anyone who has any info on stuff like this..??am i insane?? i have spent a month of my life reformatting..3 times..searching google etc..
can anyone make sense of my woes??i pray that i can get some answers ..

HELP!!!!


Logfile of HijackThis v1.97.7
Scan saved at 6:29:49 AM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38135.7312268519

 

Hi langdonleatherwork,

The only thing in your log I don't care for is SpyKiller.

About hidden files. Do you have them set to show or not?

Regards,

Pieter

 

thank you,,,
i had to go to task manager to end process , then remove it , gone now,,,
what is behind these hacks ??
help...

 

hidden files are set to show but the search used to include hidden files as an option .. i no longer have this ability

 

I could be wrong, but I think when Hidden files are set to show the search includes them anyway, so that would explain why the option no longer shows.
I have no XP computer available to test that theory.

Regards,

Pieter

 

any ideas on the hacks .. having my network set up as servers??

 

How did you find out that this was done?
Can you install firewalls on them?

Regards,

Pieter

 

yes i have installed norton securities...
i noticed the machines where working when no tasks where running...i would unplug them at first it would stop.. but evertime they where pluged in stuff was running.. after the x moved out i found a wireless connection on one of the computers and checked connections downstairs and fopund the server set up ...
i shredded everything.. closed off the file sharing , re formatted installed norton..
i blamed everything on the x .. but i am learning more as i go,,,
and need to figure this for my daughter sake,,if i can piece this together
maybe i can pice my relationship together as well...
i know this isn/t a dear abby column
but i don/t know how this happened,,
ted,,

 

So you are not sure if this is still that way now.

You will need some pretty nifty software to find such a professional setup.

For starters, download TDS-3 from http://tds.diamondcs.com.au/index.php?page=download
and update it following the instructions here:
http://tds.diamondcs.com.au/index.php?page=update
Then click System Testing > Full System scan.

But, as dear Abby would say: we can run a million tests. As soon as we find something you will say AHA. But you will never be completely sure that the computers are clean. It is like when someone broke into your house or stole your car. It will never be the same again.

Regards,

Pieter