0

hi guys, got a big favour to ask the people in the know please.got major problems with people listening in to my pc.other day coudnt get in my belkin router as password kept changing,weird or what.spoke to belkin explained and also told them router was dropping dynamic connection,something as you well know it should never do as its always on.used to play a game called comanche 4 as i expliained in my introduction letter.i believe the idiots i used to play with a responsible for this,or atleast partiually.problems only startedoccuring after i went back to this game,silly me.coomon demoniator in this case is obviously the game.ive also got people listening in on my pc connection.got active ports and its reporting various ips being active and listening to my pc.none of the stemming form active programs or processes i know of.enclosed is my hijack this file.can some don have a look at it see whats going on and get back to me please.to say situation is grave is an understatement.this ip 194.158.114.102 keeps connecting to my pc!,among others.anyone recognise it? gonna tracert back to soource later and report as abuse to its isp.about all i can do.some please help.situation has become ridiculous and is totally beyond my pc skills to resolve.many many thanks to those that can help.and a big shout out to the rest of ya all.peace.log file attached.

Attachments
Logfile of HijackThis v1.99.1
Scan saved at 17:02:23, on 22/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Active Ports\aports.exe
D:\DOCUME~1\MIKEPR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] D:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140572158702
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
2
Contributors
3
Replies
4
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Hmm, I don't see anything wrong with the log.
Are ya still having problems?

Also, next time ya post a log, copy/paste it into the body of the message, don't enclose it as an attachment.

Thanks.

0

hi all, thanks jay for the reply.yes still having problems unforunately.did some reading on hacking on the net.seems with the right tools its very easy tobreak into someones router or pc and be able to view encrypted files and passwords.needless to say there is nothing i or i figure anyone can do about that.all this does is make me more determined to restart my msce engineering course.hopefully then ateast i will be better armed to prevent some hackers.good thing you replied as i deleted all replies in my hotmail without saving one and didnt know the adress for this site lol.if anyone can give me tips on how to stop this kind of hacking please do.but from scenarios ive read theres very little hope stopping someone telnetting my system and decodind passwords.like i said least its made me find out and read up more.have a good weekend all.damn missed the lottery.oh well gonna have to win it on wednesday instead.lmao.best wishes to every 1. :cool:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.