Hacked!

Discussion in 'Windows Desktop Systems' started by Bman, Jan 15, 2008.

  1. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    So how do I find out if someone is hacking my computer or network?

    I have been having problems with downloading files and once in awhile firefox will act weird. As in, I click on anything, even refresh it wont do anything, no error no nothing. Then once clicking a million times it will load, oh wait then it wont. It's very weird and for reasons that are too hard to explain I know it's not Firefox itself, and its not the downloaded files themselves.

    All I want to know is, how can I find out if someone is in my network or computer, and how do I get rid of them.
     
  2. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    you on a wired or wireless network, have you ran anti virus, and search bot and destroy (or other spyware tools), get hijack this and give us a log of what it says are running, you could change your password, i have had issues with pages not loading here with firefox, or taking an age, it could just be sheer load on the website, or a dns issue, or sheer load at your isp
     
  3. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    Anti virus has not said anything to me about a virus. I didn't run Spybot, assumed Defender would of got it if anything. I will run a hijack now and post back. I watch my monthly usage so it's not my ISP or anything and its not that pages wont load and the internet isn't working its like it doesn't want too, other things are working with internet, but firefox just disables and does not allow me to click anything. Also the downloaded files are downloaded in a program, which it gives me an icon (tells you if its working or not) that I never saw before, very weird.

    Here is the log.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:14:34 PM, on 1/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVGANT~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Daemon Tools\daemon.exe
    C:\Program Files\LClock\lclock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVGANT~1\avgupsvc.exe
    C:\Program Files\CDBurner XP\NMSAccessU.exe
    C:\Program Files\AnyDVD\AnyDVD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\AVGANT~1\avgamsvr.exe
    C:\Documents and Settings\Brendon Wadey\My Documents\My Downloads\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVD.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Desktop List View.lnk = C:\Program Files\Desktop List View\desktopListView.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgupsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurner XP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 5399 bytes
     
  4. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing - has been known to cause issues, one of the first things i disable when i install any of the adobe CS3 products

    If using Windows XP...

    start -> run -> type 'cmd' to bring up a command prompt
    type 'sc stop "Bonjour Service"' (include the double quotes but not the single ones!)
    type 'sc delete "Bonjour Service"'

    Then go to the Bonjour folder and delete the .exe. There is also a dll that cannot be deleted. Change the name of the dll and reboot, and then delete it. AFter that, you need to run a free downloadable program called lspfix, because Bonjour fouls yet something else up that I don't completely understand, but the fix does, in fact, work. You may need Admin rights to do this; I'm not sure. BTW, deleting Bonjour has had no negative impact on my Adobe or ITunes apps that I have been able to discern; which raises yet MORE questions about why it is required in the first place.

    you could give that a go - with that lspfix - it should pick up the entry that needs to be removed, all you need to do is tick the box that says you know what you are doing and click ok

    Hopefuly that should help
     
    Last edited: Apr 12, 2012
  5. _kC_

    _kC_ Moderator

    Messages:
    514
  6. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    I removed the Bonjour service awhile go with some hack .exe file from adobe. But I never used that other thing, I just did that. I will see if I still get problems. I do not use my firewall either.
     
  7. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    you don't use a firewall ?????!!!!!
     
  8. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    I have found it gave problems in the past with certain programs and internet speeds.

    I just turned it on, for ****s and giggles. It has this in the exceptions "etqwded.exe"

    Is that something bad?
     
  9. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    which one(s) did you try ? - i think alot of them has that issue fixed now - i would seriously advise the use of a firewall unless you are running a router - which most have a firewall on there blocking incoming
     
  10. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    hahah I just turned on the Windows one, and I am using a router. So should I leave it off like I had it, or just keep it on.

    Besides the point. The weird problems seem to start (and internet extremely slow down) when I open my download program (uTorrent) now I have been using that for years without a problem. I have had it setup properly before and setup out of install as well. Now I seriously don't think it could be uTorrent but so far it seems like my internet and everything is normal when it is closed.

    This makes no sense, nothing has changed or anything. And how could that program effect firefox the way it has (if it will do it again, not sure yet).
     
  11. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    stable utorrent or a beta - and torrent progs do use a lot of connections - and some isps are throttling torrents now
     
  12. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    I just read through this thread
    http://forum.utorrent.com/viewtopic.php?id=14407&p=1

    and seems now that the settings I changed in uTorrent worked. My internet seems to be normal with it open now. Now I don't know if that weird thing with firefox once I download something will start again or not, so I will update on that once I know.
     
  13. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
  14. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    Oh and Carpo, you are on OSNN to often lol, I think you have solved or helped on all my problems in the last 2 months ahhaa
     
  15. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    suppose i could get ep to del my account if ya want - but who will help you solve your problems :p
     
  16. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    So I tried a few new downloads with uTorrent and the same problem. The downloads wont get a connection and give error and my internet slows to a hault. I read through the forums but its alot of blah blah blah.

    For ****s to see if it's my computer or if somehow (even though I have been using it over a year now without any problems) if it is uTorrent. I installed Aszureus and tired downloading the same files and all that good stuff. And guess what, internet is fine and I am getting great speeds and all is normal.

    So whats the deal? After I think it might be even 2 years of using uTorrent without a hitch, even when I customized the settings it was fine. All of a sudden, and I mean that, it was fine a week ago, it does not work>???? ANY ideas?
     
  17. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Download and install Comodo firewall.



    It is a bit of a pain at first but it can really save your bacon.
     
  18. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,932
    Location:
    Seattle
    Make sure your upload in utorrent is only 80% of what your ISP gives you. May help to delete the setting and start over.

    Not sure where they are located in Vista but in XP they are in:

    Documents and Settings\username\Application Data\uTorrent\

    Just delete all the files in there then launch utorrent and setup again.

    edit: also change the port you are using in utorrent
     
    Last edited: Jan 16, 2008
  19. Bman

    Bman OSNN Veteran Original

    Messages:
    8,799
    Location:
    Ottawa, Ontario
    I have changed the port many times, and did all that port fowarding and blah blah. This time I can't remember if I tweaked settings or not. I will try deleting those files and starting over.
     
  20. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    there was a tweak in xp where it limited the number of tcp/ip connections you could try highering that up, or like others have said - if your uploading at full speed this will affect the download speed - least on cable - not too sure on asdl