[SOLVED] HELP!!!! somone has taken over my computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Moritz

Thread Starter
Joined
Sep 6, 2004
Messages
13
HELP!!! SOMEONE IS USING MY COMPUTER


Came in to my room and saw that my mousearrow was moving.
"Dameware mini remote control" was suddenly installed on my computer and
someone was using my computer.

Have taken virusscan and spy boot
Had to disconnect from internet while doing this cause my machine was
disconnected (shut down) by remote user.
When I send this he is probably "looking"

I was in contact with cookiegal two days ago with other proble(svchostss.exe

Regards Moritz





Logfile of HijackThis v1.98.2
Scan saved at 20:44:26, on 08.09.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Programfiler\Fellesfiler\Panda Software\PavShld\pavprsrv.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\pavsrv50.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\avciman.exe
C:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Pop-Up Zero] C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Do you see that program in add/remove?

C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE

Those two look like they may be associated.
 

Moritz

Thread Starter
Joined
Sep 6, 2004
Messages
13
What do I do, just delete them and go to Safemodus
Im new at this

Moritz
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
I'd do the removal as outlined in the link I posted from Pest Control.
 

Moritz

Thread Starter
Joined
Sep 6, 2004
Messages
13
Sorry for not replying sooner but Ive been off.
I.m fed up with windows 2000. Tried Pest control but could not remove everything.
Have had problems with 2000/viruses since I installed 2 months ago.

So what I did was install Windows Xp during the night. Hope this will be better for me.

Thank God for your FORUM so I did not install windows SP2, so hopefully no new problems there.

Thank u very much for your help and I will hopefullybe in touch again.

M
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Sorry I didn't see this sooner. But fyi Dameware records access both in your application log and in the registry. You could have figured out who was accessing your system.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Thanks CT. I was looking for someone to assist yesterday, but I couldn't track anyone down :(
 

Moritz

Thread Starter
Joined
Sep 6, 2004
Messages
13
Dont misunderstand, Im very grateful for all help and it looks like you guys take a lot of time/and patience to help everybody out.

Ive been thinking of changing to XP for a long time and Im really not that much in to computers and patience I dont have.
Once in awhile I think back to the good old days when we only used a typewriter.

I will probably be back to ask for your help in other issues, and I take a peak in here everyday. You can learn alot.

Moritz
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top