Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm being hacked somehow[CLOSED]


  • This topic is locked This topic is locked

#1
Unoxis2002

Unoxis2002

    Member

  • Member
  • PipPip
  • 24 posts
I'm being hacked. I think my pyscho ex installed a keylogger or something on my computer...Can you see by looking at my HJT log? :mad: :cheers: ;)


Logfile of HijackThis v1.99.0
Scan saved at 2:07:26 PM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alyssa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

:cheers: :thumbsup: :tazz:
  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Log looks clean here. :tazz:
  • 0

#3
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Log looks clean here. :tazz:

View Post



Grr...When I typed in msconfig then run, I found I had these running:

ccEvtMgr.exe
svchost.exe
lsass.exe
winlogon.exe
services.exe
csrss.exe
smss.exe

All of which could be worms...I'm running Norton now... :mad:
  • 0

#4
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
All of them files are legit windows files.

None of them are bad.
  • 0

#5
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

All of them files are legit windows files.

None of them are bad.

View Post



I looked it up on google. It said that they could have worms...? :tazz:
  • 0

#6
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
They could of been worms but they are not worms on your PC as they are running from the right dir on your PC. :tazz:

You have nothing to worry about.
  • 0

#7
mpfeif101

mpfeif101

    Member 1K

  • Retired Staff
  • 1,411 posts
Like the rock247uk said, those files are legit. They can be bad if they are not running from the right location, however they are in the right, legitimate location.

I recommend you get a firewall, either Sygate or Zone Alarm.
  • 0

#8
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Also, just want to add a quick thing in here. I do not recommend using MSConfig to disable any services or processes, as it can cause possible memory leaks. Which is a bad thing. If you want to disable any services in XP, go to start, run, type: services.msc That will bring up the services list in XP. To disable processes in Windows, I recommend using the task manager to do that. (Ctrl + Alt + Del)

Want to learn more about XP services look here.

Services Config for XP

Hope that helps. :tazz:

B
  • 0

#9
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

They could of been worms but they are not worms on your PC as they are running from the right dir on your PC. ;)

You have nothing to worry about.

View Post



I have Norton's Firewall. I think I know what happened. Either way I'm uber pissed. My ex is a nutjob, and I can't tell you how many times I've had to change my passwords, screen names, phone numbers etc. I'm constantly paranoid because he knows far more about PCs than me.. :mad:

Thanks for your input :tazz:
  • 0

#10
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Also, just want to add a quick thing in here.  I do not recommend using MSConfig to disable any services or processes, as it can cause possible memory leaks.  Which is a bad thing.  If you want to disable any services in XP, go to start, run, type: services.msc  That will bring up the services list in XP.  To disable processes in Windows, I recommend using the task manager to do that.  (Ctrl + Alt + Del)

Want to learn more about XP services look here.

Services Config for XP

Hope that helps.  ;)

B

View Post



Ack...Really? :tazz: That's what my ex always did to disable stuff. What little I know I learned from him

Thanks for the tip B, I will check it out. :thumbsup:
  • 0

Advertisements


#11
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
No problem, glad to help. :tazz:

That link I posted is full of information about XP services, etc. Make sure you check that out for more info. I'm sure it will be able to help a lot.

Have a great day!

B

Edited by Besttechie, 05 February 2005 - 03:01 PM.

  • 0

#12
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
No problem :tazz:
  • 0

#13
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OK....I've tried to run Norton twice and both times my computer rebooted itself...I don't have the time to sit here and monitor the whole scan. I'm trying again now.

Any guesses as to why Norton is causing my PC to reboot? :tazz:
  • 0

#14
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Ok,

Open Control Panel\System\Advanced tab\startup & recovery box\settings button, and take the check out of Automatically restart box. Then check the Write a system event, and the Admin alert boxes.
This will force a BSOD on the next crash (thats why it restarts...its crashing) that posts the Stop Error Code.

Post that here word-4-word including punctuation and letter case. We can research that.

Also, retick any entries you unticked with msconfig. :tazz:

B

Edited by Besttechie, 05 February 2005 - 03:47 PM.

  • 0

#15
Unoxis2002

Unoxis2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OK...I got the blue screen of death lol. Word for word, this is what it said:

A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in this Stop message, disable the driver or check with the maunfacturer for driver updates. Try changing the video adapters.

Check with your hardware vendor for and BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe MOde to remove or disable components, restart your computer, press F8 tp se;eved Advanced Startup Options, and then select Safe Mode.

Technical information:

*** STOP: 0x0000008E (0xC0000005, 0x804E411C, 0xF33E5C8C, 0x000000)

Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator or technical support group for further assistance
:tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP