Bman

So how do I find out if someone is hacking my computer or network?

I have been having problems with downloading files and once in awhile firefox will act weird. As in, I click on anything, even refresh it wont do anything, no error no nothing. Then once clicking a million times it will load, oh wait then it wont. It's very weird and for reasons that are too hard to explain I know it's not Firefox itself, and its not the downloaded files themselves.

All I want to know is, how can I find out if someone is in my network or computer, and how do I get rid of them.

---

Dark Atheist

you on a wired or wireless network, have you ran anti virus, and search bot and destroy (or other spyware tools), get hijack this and give us a log of what it says are running, you could change your password, i have had issues with pages not loading here with firefox, or taking an age, it could just be sheer load on the website, or a dns issue, or sheer load at your isp

Bman

Anti virus has not said anything to me about a virus. I didn't run Spybot, assumed Defender would of got it if anything. I will run a hijack now and post back. I watch my monthly usage so it's not my ISP or anything and its not that pages wont load and the internet isn't working its like it doesn't want too, other things are working with internet, but firefox just disables and does not allow me to click anything. Also the downloaded files are downloaded in a program, which it gives me an icon (tells you if its working or not) that I never saw before, very weird.

Here is the log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:34 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVGANT~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\Program Files\CDBurner XP\NMSAccessU.exe
C:\Program Files\AnyDVD\AnyDVD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVGANT~1\avgamsvr.exe
C:\Documents and Settings\Brendon Wadey\My Documents\My Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Desktop List View.lnk = C:\Program Files\Desktop List View\desktopListView.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurner XP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5399 bytes

---

Dark Atheist

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing - has been known to cause issues, one of the first things i disable when i install any of the adobe CS3 products

If using Windows XP...

start -> run -> type 'cmd' to bring up a command prompt
type 'sc stop "Bonjour Service"' (include the double quotes but not the single ones!)
type 'sc delete "Bonjour Service"'

Then go to the Bonjour folder and delete the .exe. There is also a dll that cannot be deleted. Change the name of the dll and reboot, and then delete it. AFter that, you need to run a free downloadable program called lspfix, because Bonjour fouls yet something else up that I don't completely understand, but the fix does, in fact, work. You may need Admin rights to do this; I'm not sure. BTW, deleting Bonjour has had no negative impact on my Adobe or ITunes apps that I have been able to discern; which raises yet MORE questions about why it is required in the first place.

you could give that a go - with that lspfix - it should pick up the entry that needs to be removed, all you need to do is tick the box that says you know what you are doing and click ok

Hopefuly that should help

_kC_

check in your firewall for any unknown ip's, or if you dont use a firewall and have no view of whats going on you could try http://technet.microsoft.com/en-us/s.../bb897437.aspx

Bman

I removed the Bonjour service awhile go with some hack .exe file from adobe. But I never used that other thing, I just did that. I will see if I still get problems. I do not use my firewall either.

---

Dark Atheist

you don't use a firewall ?????!!!!!

Bman

I have found it gave problems in the past with certain programs and internet speeds.

I just turned it on, for ****s and giggles. It has this in the exceptions "etqwded.exe"

Is that something bad?

---

Dark Atheist

which one(s) did you try ? - i think alot of them has that issue fixed now - i would seriously advise the use of a firewall unless you are running a router - which most have a firewall on there blocking incoming

Bman

hahah I just turned on the Windows one, and I am using a router. So should I leave it off like I had it, or just keep it on.

Besides the point. The weird problems seem to start (and internet extremely slow down) when I open my download program (uTorrent) now I have been using that for years without a problem. I have had it setup properly before and setup out of install as well. Now I seriously don't think it could be uTorrent but so far it seems like my internet and everything is normal when it is closed.

This makes no sense, nothing has changed or anything. And how could that program effect firefox the way it has (if it will do it again, not sure yet).

---

Dark Atheist

stable utorrent or a beta - and torrent progs do use a lot of connections - and some isps are throttling torrents now

Bman

I just read through this thread
http://forum.utorrent.com/viewtopic.php?id=14407&p=1

and seems now that the settings I changed in uTorrent worked. My internet seems to be normal with it open now. Now I don't know if that weird thing with firefox once I download something will start again or not, so I will update on that once I know.

---

Dark Atheist

Bman

Oh and Carpo, you are on OSNN to often lol, I think you have solved or helped on all my problems in the last 2 months ahhaa

---

Dark Atheist

suppose i could get ep to del my account if ya want - but who will help you solve your problems

Bman

So I tried a few new downloads with uTorrent and the same problem. The downloads wont get a connection and give error and my internet slows to a hault. I read through the forums but its alot of blah blah blah.

For ****s to see if it's my computer or if somehow (even though I have been using it over a year now without any problems) if it is uTorrent. I installed Aszureus and tired downloading the same files and all that good stuff. And guess what, internet is fine and I am getting great speeds and all is normal.

So whats the deal? After I think it might be even 2 years of using uTorrent without a hitch, even when I customized the settings it was fine. All of a sudden, and I mean that, it was fine a week ago, it does not work>???? ANY ideas?

---

Steevo

Download and install Comodo firewall.



It is a bit of a pain at first but it can really save your bacon.

---

American Zombie

Make sure your upload in utorrent is only 80% of what your ISP gives you. May help to delete the setting and start over.

Not sure where they are located in Vista but in XP they are in:

Documents and Settings\username\Application Data\uTorrent\

Just delete all the files in there then launch utorrent and setup again.

edit: also change the port you are using in utorrent

Bman

I have changed the port many times, and did all that port fowarding and blah blah. This time I can't remember if I tweaked settings or not. I will try deleting those files and starting over.

---

Dark Atheist

there was a tweak in xp where it limited the number of tcp/ip connections you could try highering that up, or like others have said - if your uploading at full speed this will affect the download speed - least on cable - not too sure on asdl