Hacked -

Hi I registered for some help. Ok here is my problem:

I came home from work 3.5 hrs ago and all my desktop icons were deleted. There was an open notepad document on my desktop that was titled [Owned]
and contained the text [ HAHAHAHAHAHA ]. Now I am no computer expert but I think I might have been hacked. I checked my Norton Internet Security reports and it stated there was an intrusion about 6 min before I walked in the door.

I have never had this happen to me before so I came here for help. I was not going to post until I followed all the steps in your cleanup thread, but I am just too freaked out to wait until I finish. by the way, I am currently scanning my comp with BitDefender in safe mode.

I ran Spybot and it found a registry entry, maybe a hack? I don't know. which it said was: WINDOWS.SECURITY.CENTER_DISABLED and I fixed it.

I ran CounterSpy and it found 965 reg entries infected which all had something to do with WildTangent. I removed all of those along with WildTangent too. I would post my CS log but it has apparently disappeared! I guess I will have to run it again after scanning online.

Anyway I think this whole mess has something to do with a process called SVCHOST.EXE which only shows up in my process list in normal mode. There might be another C in there at the beginning of the process name, I can't remember and I do not want to even boot up in normal mode to find out when there is someone writing freaking notepad memos on my desktop. When I try to end it a system alert saying I was denied access pops up.

Any thoughts at this point would really ease my mind here.

Thanks!

 

I did 1-7 on the list and here are my logs. Only thing is I was super tired last night so I accidentally saved the BitDefender scan results in html format . I copy and pasted the results into notepad so I could upload them anyway. I hope you can still use them. I still have the html results saved on my comp though.

Thanks

 

The thing is I didn't even know that I had a problem so I have no idea what to look for.

I am connecting to the internet via cable modem. No one has access to my computer except me. This is the only computer in my place. And I am using Norton Internet Security for protection.

I have to get ready for work now. I will check back in 10 hrs when I get home from work. I think I will just shut my internet off while I go.

Thanks!

 

Sorry posted the wrong hijackthis log ...

Here is the right one with the renamed exe used.

Thanks!

 

Hi chaslang, and thank you for taking the time to reply to my posts.

See the whole thing is I don't even know how to tell if I still have a problem. How can I even tell? I could wait for another taunting notepad document to pop up on my desktop I suppose .

like I said in my first post:

I guess what I am asking for is your advice here chaslang .

Seriously, I am worried that I might be monitored right now. How can I be sure it is even safe to continue paying my bills online or accessing my bank account online?

Any thoughts would be helpful chaslang.

Thanks!

 

You were right about the blbeta scan, it found nothing.

I use Norton Internet Security (the newest Version), and it does have a firewall included.

No I do not use a router for my cable modem. I am just connected to it through an ethernet cable.

I had no previous antispyware (realtime) program installed and running before CS. But I have CS running now even though the sunThreatEngine.exe eats up a lot of memory usage.

My Desktop icons are gone and to tell you the truth I cannot even remember all of them anyway. And, well, I just decided to leave my desktop bare for the moment until I can figure this out.

By the way, now I know I have a problem because every time I turn off my cable modem or disconnect it from my computer something that does not show up on my running processes list in the Windows Task Manager instantly eats up 50% of my CPU until I reconnect (and turn on) my cable modem .

So now I am worried. Please help

Here is my blbeta log: