i think ive been hacked but unsure...

Human_Clay · February 3, 2006

my cousin was on the comp and she says she was surfing through the net and she messed around with the connection or proxy thing on internet options because she says the internet was slower than usual (she's not so smart on the computer u see..) so after that she closed everything down and opened IE again and went to google, it jumped to another site saying "u were hacked by..." she cant remember the name and a popup also popped up and said the same and the site was like in another language. so she closed it down and called me. i ran adaware and avg free scan and microsoft anti spyware and they all seemed to find nothing. so i shut down the comp and turned it back on and when i tried to connect to the net it said my pw is wrong (only happened once so far though). also while logged in, i was looking through this forum and all of a sudden i was logged out and required to log in again (happened once also). ive cleared all my cookies and internet files now and about to run spybot. is there anything else i should do? do you think a hijackthis log is neccesary? i havent loged into rs yet because im not sure if its safe or not. please try to help out. thanks

sycrat · February 3, 2006

first of all DEFINATLY DO NOT LOG INTO RUNESCAPE that is a must.

k next do you have a firewall of any kind if u do what is it?

i cant really help much unless i know.

Human_Clay · February 3, 2006

yea ive got zonealarm

sycrat · February 3, 2006

Ok then I have zonealarm aswell and this works for me when i get anything.

Open up the zone alarm main window. go to program control. set smartdefence adviser to manual. click the programs tab. turn all of the programs to the ? which means ask. then if anyone trys to send passwords or any info away they will have to get through u first (meaning it will ask you) if it says a program that your not sure of is trying to access the internet denie it as it could be a logger or anything else. hope this helps

Human_Clay · February 3, 2006

ok cool ive done that but i couldnt find the smartdefence thing, mines a free version. ive changed all the programs to a ? mark except for generic host, LSA shell, Run a DLL as an app, services and control and windows explorer because when i tried to change it, zonealarm said it is reccomended u leave it that way. is that wise? or should i have turned them all into ? marks aswell? also i know there are some programs that are not on the program list, does that mean they have no access to the internet? or would they pass it without zonealarm warning me about it because they arent on the list?

Phil · February 4, 2006

A HijackThis log would be helpful. :)

sycrat · February 4, 2006

yea they will just pass straight throuogh it

Human_Clay · February 12, 2006

ok ive got the hjt log. sorry it took so long i was on holiday :oops: . anyways thanks for taking a look and telling me if theres anything bad there. also if zonealarm lets pass programs that arent on the list... how do i get all programmes on the list? hope that made sense lol

Logfile of HijackThis v1.99.1



Scan saved at 5:26:55 PM, on 2/12/2006



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\csrss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile]



C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]



C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile]



C:\Program Files\necmfk\necmfk[Caution: ExecutableFile]



C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile]



C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile]



C:\Program Files\Analog Devices\SoundMAX\SMTray[Caution: ExecutableFile]



C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile]



C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile]



C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Apoint2K\Apntex[Caution: ExecutableFile]



C:\Program Files\Apoint2K\HidFind[Caution: ExecutableFile]



C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]



C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\Program Files\Winamp\winampa[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]



C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]



C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]



C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck[Caution: ExecutableFile]



C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]



C:\Program Files\SpywareGuard\sgbhp[Caution: ExecutableFile]



C:\WINDOWS\System32\alg[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqgalry[Caution: ExecutableFile]



C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]



C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]







O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll



O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll



O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll



O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: ExecutableFile]" /Spoil /RemAdvDef /Migration32



O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: ExecutableFile] /SYNC



O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: ExecutableFile] /IMEName



O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile]



O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk[Caution: ExecutableFile]



O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile]



O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile]



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP



O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]



O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q



O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08[Caution: ExecutableFile]



O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck[Caution: ExecutableFile]



O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm



O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm



O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm



O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm



O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll



O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll



O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll



O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab



O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab



O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]



O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]



O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: ExecutableFile]



O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]



O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]



O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]



O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]



O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]



O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

Mementh · February 12, 2006

this is what http://www.hijackthis.de came up with

C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]

Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL

Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852] - Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %

O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2

If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '60.234.1.1 60.234.2.2'? If not, fix this entry.

Chris · February 12, 2006

this is what http://www.hijackthis.de came up with

C:\Program Files\HP\HP Software Update\HPWuSchd2.e3e (CAUTION - executable file)

Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL

Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852] - Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %

O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2

If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '60.234.1.1 60.234.2.2'? If not, fix this entry.

This is the reason why you should CHECK automated sites like that...

Don't remove C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]

Also the BHO or Browser Helper Object is a part of the Download Accelerator Plus program. So if you use it don't remove it, if you don't use it I suggest looking in Add/Remove programs first. Removal with Add/Remove programs is always your best bet.

The other two I cannot comment on, it's really up to yourself.

Another thing you might want to do is choose one Anti-Virus program. :P Remove the other one, it has been known for two AV programs to tie each other up.

Just a small suggestion, use Spybot in Advanced mode (Mode menu -> Advanced Mode) and check out the Hosts file, BHOs and ActiveX controls pages. If you see anything out of the ordinary don't be afraid to ask what it is. Or better yet, google the filename and see what some pages say. :)

Mementh · February 12, 2006

this is what http://www.hijackthis.de came up with

C:\Program Files\HP\HP Software Update\HPWuSchd2.e3e (CAUTION - executable file)

Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL

Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852] - Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %

O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2

If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '60.234.1.1 60.234.2.2'? If not, fix this entry.

This is the reason why you should CHECK automated sites like that...

Don't remove C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]

Also the BHO or Browser Helper Object is a part of the Download Accelerator Plus program. So if you use it don't remove it, if you don't use it I suggest looking in Add/Remove programs first. Removal with Add/Remove programs is always your best bet.

The other two I cannot comment on, it's really up to yourself.

Another thing you might want to do is choose one Anti-Virus program. :P Remove the other one, it has been known for two AV programs to tie each other up.

Just a small suggestion, use Spybot in Advanced mode (Mode menu -> Advanced Mode) and check out the Hosts file, BHOs and ActiveX controls pages. If you see anything out of the ordinary don't be afraid to ask what it is. Or better yet, google the filename and see what some pages say. :)

of course he shoudl google.. but considering that the site shows pretty good things its pretty good..

i shoulda put that he should have a backup to restore to if needed

taquar · February 12, 2006

my cousin was on the comp and she says she was surfing through the net and she messed around with the connection or proxy thing on internet options because she says the internet was slower than usual (she's not so smart on the computer u see..)

first of all....NEVER LET A YOUNGER SISTER MESS AROUND WITH THE CONNECTION AND/OR PROXY, you say she isnt too good with computers so never let her near the internet options, make users on ur comp or something...

if you have broadband then you might have gone over over the download limit so they cut ur speed down.

or you might have something on ur comp that isnt supposed to be there in which case ur stuffed

Chris · February 12, 2006

my cousin was on the comp and she says she was surfing through the net and she messed around with the connection or proxy thing on internet options because she says the internet was slower than usual (she's not so smart on the computer u see..)

first of all....NEVER LET A YOUNGER SISTER MESS AROUND WITH THE CONNECTION AND/OR PROXY, you say she isnt too good with computers so never let her near the internet options, make users on ur comp or something...

if you have broadband then you might have gone over over the download limit so they cut ur speed down.

or you might have something on ur comp that isnt supposed to be there in which case ur stuffed

Hi my name is Mr Sarcastic, I assume you're Mr Obvious?

Jesus man I think it's been worked out that he shouldn't let a younger family member fool about with settings on his PC. Going over your allocated bandwidth doesn't display warnings about getting hacked either.

Oh and "you might have something on ur comp" would probably be the most certain thing, although so far nothing. So lets leave it to the grown ups OK? :?

Human_Clay · February 12, 2006

lol now now theres no need for bickering but i apreciate all the help i can get. anyways i ran spybot with activex and BHO ticked and the only problem there was the "windows security center antivirus disable notify" and im fixing it now. i didnt quite understand what u mean by "checked out" so im gonna run a scan without it checked now. ill update in about 10 mins. thanks again u guys

Human_Clay · February 12, 2006

ok scan finished without BHO and activex unchecked and nothing came up but im not so sure if my laptop is still "hacked" or not because nothing has happened so far, i mean ive signed on my email using firefox and that was before my trip and ive just checked it now and nothing has happened... is there any way to check if my computer is still hacked or not? lol im sorry if im asking stupid questions but im just not that computer savvy lol

Chris · February 12, 2006

Well everything does seem to be in tip top shape, as long as you have your firewall on and set to ask if anything needs access to the internet. You shouldn't have any problems, the page that was seen could also have just been a hoax. They used to be quite a common way of making people panic and more often than not, people sacrifice security after a hoax because they think that it hasn't worked.

Remember to remove one of your AV programs though, you only need one. :wink:

Make sure Windows is fully updated aswell. That's all that I can suggest. :)

Human_Clay · February 13, 2006

sweet, i hope its a hoax lol. i mean nothing has happened so far, i havent loged into runescape yet but i have been in my email and nothing has gone wrong with it. but yea ill run a few scans, clean out my comp with ccleaner once more and just hope for the best. i do have a few questions though...

1. what are:

-Generic Host Process for Win32 Services

-LSA Shell (Export Version)

-Run a DLL as an App

-Services and Controller app

i mainly ask this question because zonealarm gives me a warning when i try to change the program access and/or server.

2. how do i get all programs into the program list because i have delleted some but i cant remember them all.

3. and finally what are the programs that are required to be allowed to pass in the program list in order for the internet to run sufficiently. like for example fire fox..

i have a feeling my questions are pretty dumb lol, but if anyone has answers to them or some of them id gladly appreciate it. and thank you all for all the help ive gotten. you guys rock!

MasterOfThePuppets · February 20, 2006

sweet, i hope its a hoax lol. i mean nothing has happened so far, i havent loged into runescape yet but i have been in my email and nothing has gone wrong with it. but yea ill run a few scans, clean out my comp with ccleaner once more and just hope for the best. i do have a few questions though...

1. what are:

-Generic Host Process for Win32 Services

-LSA Shell (Export Version)

-Run a DLL as an App

-Services and Controller app

i mainly ask this question because zonealarm gives me a warning when i try to change the program access and/or server.

2. how do i get all programs into the program list because i have delleted some but i cant remember them all.

3. and finally what are the programs that are required to be allowed to pass in the program list in order for the internet to run sufficiently. like for example fire fox..

i have a feeling my questions are pretty dumb lol, but if anyone has answers to them or some of them id gladly appreciate it. and thank you all for all the help ive gotten. you guys rock!

First, keep in mind my answers to ZoneAlarm questions will be from years of experience with computers and security, not experience with ZoneAlarm.

OK, then.

[*:v27ig9bz]They are parts of the Windows subsystem. ZoneAlarm won't let you change them because that would cause problems.

[*:v27ig9bz]That doesn't matter. It should, depending on your settings, ask you about them when they try to access the internet.

[*:v27ig9bz]I don't know...it depends on your system. For the most part, anything that needs to get things from the Web (MS Word, IE, Firefox, Online Games, VirusScan and Firewall updates...) should be allowed.

pbnoobinator · February 21, 2006

well a good way to prevent this in the future is to do backups of your computer. Im about to post a forum on this topic and go into detail.

Elite · February 21, 2006

this is what http://www.hijackthis.de came up with

C:\Program Files\HP\HP Software Update\HPWuSchd2.e3e (CAUTION - executable file)

Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL

Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852] - Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %

O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2

If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '60.234.1.1 60.234.2.2'? If not, fix this entry.

You moron why you trying to [bleep] up his computer? Don't [bleep]ing trust those automated [cabbage]s. [wagon].

Mementh · February 21, 2006

this is what http://www.hijackthis.de came up with

C:\Program Files\HP\HP Software Update\HPWuSchd2.e3e (CAUTION - executable file)

Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL

Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852] - Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %

O17 - HKLM\System\CCS\Services\Tcpip\..\{759C82B5-AEAA-4310-A34D-5BED66DDC44A}: NameServer = 60.234.1.1 60.234.2.2

If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '60.234.1.1 60.234.2.2'? If not, fix this entry.

You moron why you trying to * up his computer? Don't * trust those automated cabbage. wagon.

tell me what is all that then.. and of course you keep a backup

i think ive been hacked but unsure...

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information