# Have i been hacked into?



## Shane

Whats the sighns of been hacked?

Im sure that somethings not right with my pc....internet loading slow...pages not loading at all,Programes & games opening by themselves and the whole system is just slow 

Spyware/antivirus free according to Kaspersky & spyware blaster.

Btw...im probably to blame if i have been hacked into because im just using standard windows xp firewall 

Im not realy concearned if i have been hacked into because i NEVER keep any personal information or anything of importance on my pc but obviusly if i have been hacked into i want to get rid of him.

Hijackthis log just incase anyone needs it....



> Logfile of HijackThis v1.99.1
> Scan saved at 21:36:24, on 31/01/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> 
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\VMware\VMware Workstation\vmTrayProcess.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
> C:\Program Files\Browser Mouse\mouse32a.exe
> C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
> C:\FRAPS\FRAPS.EXE
> C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
> C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
> C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
> C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
> C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
> C:\Program Files\iTunes\iTunes.exe
> C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
> C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
> C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
> C:\WINDOWS\system32\vmnat.exe
> C:\WINDOWS\system32\vmnetdhcp.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\WINDOWS\system32\notepad.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\DOCUME~1\Shane\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe
> 
> O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: VizController Class - {0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A} - C:\Program Files\Vyooh\DiskView\VizBHO.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O3 - Toolbar: DiskView - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - C:\Program Files\Vyooh\DiskView\VizBar.dll
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [vmTrayProcess] C:\Program Files\VMware\VMware Workstation\vmTrayProcess.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
> O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
> O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
> O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
> O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
> O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
> O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
> O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
> O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
> O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
> O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
> O23 - Service: VMware Agent Service (ufad-p2v) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
> O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
> O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
> O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


----------



## Kornowski

I'm no good with Hijack this logs, but I know you have Widgets, Those things are awesome!

I don't think you would of been hacked, There's no real reason somebody would hack you.

I suggest you try a registry cleaner and defrag... See if that does anbything?


----------



## K3rupt

Alright, Yu have alot of unneeded stuff. For Beginners, for your peice of mind. download Sygate Personal Firewall

http://www.tucows.com/preview/213160

 (windows Firewall couldn stop rain in the desert)

Now,

C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Browser Mouse\mouse32a.exe (unless thats a system thing)
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (looks suss)


O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE (unless you know this is safe)

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe (unless you know this is safe)

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab (unless you know this is safe, your computer shouldn be auto downloading .cab Files for you)

If your Really Really worried, Reformat, oh and something for the Future, some  virus's have been programmed to hide from hijackthis.exe, so next time, rename it to analyser.exe or something along those lines....

dont ask how i know that... lol

A Clean Re-Format would be nice, if not, free up unneeded crap, and De***g (defragment) your PC. 

Good Luck


----------



## Shane

Thanks K3rupt,

i think that im gonna do a fresh instal of windows so its nice and fast again...i cant be bothred tidying up my current install....just quicker for me to format and re-instal it all again.

Doesnt take me long as i have all my programes on disk


----------



## Kornowski

Yeah, It is nice when you have a nice clean machine 

Then you start putting everything back on, lol


----------



## K3rupt

Anytime mate.


----------



## Shane

Kornowski said:


> Yeah, It is nice when you have a nice clean machine
> 
> Then you start putting everything back on, lol



hehe yeah 

Just re-instaling the rest of my apps & games now


----------



## Kornowski

Wow! You've put XP back on already, that was quick!

Did you copy your save files? Don't want to loose them 

Especially if you've ever played Oblivion, lol!


----------



## Shane

Kornowski said:


> Wow! You've put XP back on already, that was quick!
> 
> Did you copy your save files? Don't want to loose them
> 
> Especially if you've ever played Oblivion, lol!



Mate i put xp back on about 2 clock this afternoon 
Didnt take long to install.
Got everything back on my system now and its nice and fast.

Yeah i save my files....my Call of duty files to my Usb pen drive


----------



## K3rupt

haha niiice, lol how big if your bloddy pen drive?? lol i just bought another 320gb hdd, so now i have 640 gb hdd haha.... beat that mate


----------



## Kornowski

Oh right, Nice one!

Beat this, I've got a 40GB HDD


----------



## Shane

Kornowski said:


> Oh right, Nice one!
> 
> Beat this, I've got a 40GB HDD



Your system only has a 40Gb hard drive? 

Dunno how you cope with that mate.

Btw...my Usb pen drive is 256Mb....Plenty just for some saved COD game files and stuff.


----------



## K3rupt

oww man, i got a 2gb flash disk Just for my work stuff, lol.  GO THE 40GB HDD GUY!!! YUR ROCK haha... lawl.


----------



## Buzz1927

K3rupt said:


> oww man, i got a 2gb flash disk Just for my work stuff


Who paid for that?


----------



## K3rupt

Work Mate Work. haha i wouldn pay for it...


----------



## Buzz1927

K3rupt said:


> Work Mate Work. haha i wouldn pay for it...


Finished school, then?


----------



## PohTayToez

Buzz1927 said:


> Who paid for that?



What are you trying to accuse him of?  2 giggers can be pretty cheap if you find them on a deal.


----------



## Buzz1927

PohTayToez said:


> What are you trying to accuse him of?  2 giggers can be pretty cheap if you find them on a deal.


I'm not accusing him of anything


----------



## K3rupt

dude, i work for an ISP. im a programmer. Yes at 16. (high school drop out) lol. thats what happens after years of VB 6.0....


----------



## Shane

Buzz1927 said:


> I'm not accusing him of anything



I didnt see him accuse anyone of anything either,Hes just simply asking Who paid for it?


----------



## PohTayToez

Buzz1927 said:


> I'm not accusing him of anything



Meh. Sorry.  It just seems like you were implying that it was expensive and that maybe his parents bought it for him or something.  Sorry, nevermind.


----------



## K3rupt

lol easy guys, its all Legit, im a Tech Support, Know when a lil kiddie gets hold of a computer, things tend to go hay wire...


----------



## Buzz1927

K3rupt said:


> lol easy guys, its all Legit, im a Tech Support, Know when a lil kiddie gets hold of a computer, things tend to go hay wire...


I hope that's not directed at me...


----------



## Shane

hmm okay,

This thread has gone off topic


----------



## PohTayToez

Well, he's reinstalling windows, so he really doesn't need any help anymore. Just go with the flow.  How 'bout them Bears?


----------



## Shane

I already re-instaled windows yesturday 

Bears?


----------



## Buzz1927

Nevakonaza said:


> This thread has gone off topic


Agreed, and closed.


----------

