How to trace a hacker?

[kobaltin]

In advance I thank to all of you for very reasonable advices. I will describe what I have tried already and answer to all suggestions.

hijackthis:

Code: Select all

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:35, on 24.10.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
H:\Windows\Explorer.EXE
H:\Windows\system32\ctfmon.exe
H:\Program Files\totalcmd\TOTALCMD.EXE
H:\Users\Petr\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Infium] "H:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SpeedFan.lnk = H:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: AMD External Events Utility - AMD - H:\Windows\system32\atiesrxx.exe
O23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - H:\Program Files\BWMeter\BWMeterConSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: @H:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - H:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - H:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 3895 bytes


The problem is that now I dont have any serious problems, only little one with switching keybord languages (it changes language only for icq client - I use QIP) All bestialities disappeared OF ITSELF. And there was more of them:
6. It was happening me, that my lcd turned off and on again during one second. And I dont mean system or application start, just without any reason. For example I was writing some text and suddenly "flash".. It was several time a day and it stopped of itself so now my lcds works fine.
7. Whole system sometimes freezes with loud screech sound from speakers. And again, it wasnt caused by starting any application or anything...but for example during watching movie.
8. Rather I won't go on with it in order to not be insane person to you...Maybe later.

Anomalies were happening on my both pcs. Its very small probability to happening this everywhere - on 2 different pcs with 3 operating systems together..

I have overclocked only one pc. And spontaneous restarts were on one with default setup. If it would be coused by high temperatures, pc wouldnt boot immediately after that, becouse it would need some time to cool down. And in my case it booted directly after that. If it would coused by disconnecting of system hdd by wrong cable or contact, the system would try to read this hdd and then it would crash with blue screen. But this is not my case. To be sure that my overclocked cpu is cooled properly, I took an extra fan and put it on cpu cooler. It didnt have any influence to problems, it didnt stop by this.

The problem with browser was more serious. It crashed when loading many different sites which contained a job offer at this one specific place. Other sites worked fine.

Game, which crashed many times in a row at described situations, is Mafia II. Please dont laugh down me, but if it falls 10 times in a row and always as respond to failure in the game, I think the theory of coincidence is irrelevant. Furthermore when after that it works fine again. If I would have problems with hardware, I think it would be pernament until some reaction from me. But I didnt fix anything.

I ran NOD32 and found some infiltrations, but only in files that I have in my pc for many years and it didnt do any problems before. I checked them all and there wasnt nothing unknown. This virus inspection was runnig over 4 hours with 100% cpu load and everything was fine. Also I can run Prime95 for half a day without any problems.

Also I tried to run one pc from two power supplies (all hdds and components from external supply, internal only for board - cpu and partially graphics through PCIe slot) to eliminate deficiency of energy, but crashing anomalies were still happening.

Paradox in hijackthis about using ATI Tray Tools and having Nvidia drivers is that I now try to use my older graphics gf6200 to find out if it has any affect to problems.

Naturally I asked myself who could do this, for what reason.. and everything fits me to one person who is capable to do ANYTHING. I dont want write out about her motives now. Its obvious that nobody would do this to random stranger.

Thx to all for advices

[msbachman]

All bestialities disappeared OF ITSELF.

[OnlyHuman]

Okay kobaltin, every time I see this thread pop up to the top of the queue, the same thought keeps coming to mind. And every time you update it, it seems to reinforce my theory. It sounds like you have a memory chip that's about to die. insomaniacal was probably right about over-clocking being the root cause as well. I've had these sort of odd experiences in the past. It's sort of an intermittent, come and then quickly disappear problem, that seems impossible to pinpoint, and rarely happens the same way twice. I'd offer some suggestions about a testing suite just so you could know for sure, but the only program that comes to mind is memtest. And unfortunately, memtest wasn't able to find the problem for me. You'll need something designed for extensive hardware diagnostics. Hopefully somebody else can offer up a good one. The only other way to know for certain is to wait for the memory to finally fail. It sucks, but it's a relatively painless fix, aside from whatever burden it places on your wallet.

[insomaniacal]

Two power supplys? Are they identical? If so, it should be ok to run them in unison, but if there's even any difference in voltage or amperage in the wires, these kinds of random weird, seemingly causeless problems can often stem from electrical issues (most components have some sort of protection on them to prevent a slight surge from frying them). For this reason, as soon as you said 2 seperate power supplies, this came to mind.

Check each to make sure they're identical. Not only the wattage and voltage rating for the whole supply, but what's inside each wire (most supplies will have this listed).

[kobaltin]

I think now could be right time to describe my other weird problems even if I hesitate a little.. I dont know whether I gained enough trust from all people here..

Well, this is my try. I absolutely understand, that from view of person who doesnt sit around it, is this all bullshit.

I dont know how its technically possible, but even more things happened to me. Like this: in one time period for a few weeks, my computer reacted to ON or OFF the desk lamp and ON or OFF the speakers. I had just connected two monitors to one pc and always in the evening (without exception every night), when I needed to use headphone speakers and switched off the loud ones, my both monitors turned off (light indicator on both turned from green to orange), the computer froze (caps lock light indicator on the keyboard didnt react) and the fans inside the case spun to the max - Gigabyte HD4850 have small fan and at max speed it yell very loudly. The pc was in this situation until I reseted it. Then after booting I turned on the desk lamp and the same thing AGAIN. Before I went to sleep I turned off this lamp and if it was before turning off my pc, it happened AGAIN! Then in the morning, when I turned on the speaker, it happened again.. After that, when I tried experimentally switch on the lamp (which is pretty absurd when it was light), nothing happened. So I off the lamp and AGAIN! Together I guess that this had to happen for at least 30 times, rather more ... Now it is alright for a few weeks and it doesnt happen, it stopped spontaneously.

These anomalies are becoming on my newer pc even with disconnected network cable, on older pc I didnt verify it becouse Im not here so often. So it must be somehow over the hardware. Components that I bought later are the 4850 graphics, 1GB ram and Samsung hdd. So it must be in some of those components, or somebody did something in my pc during my absence without me knowing. I tried to visually check the graphics against pics from the net and I didnt find any difference compared to them. But Im not saying that it was absolutely 100% control, I could miss something..

If anyone has any rational and reasonable question to the point, feel free to ask..

Now I hope that there will be at least one who wont judge me as sick insane fool with delusions...

[insomaniacal]

How is everything wired together in that room? Electricity isn't just magic that will work how you want it to, it will work according to it's natural laws. Meaning that, if you have a ton of things connected into a surge-protector or similar device, and there's something wrong with it, it could potentially cause weird things like that. For example, a faulty switch that still allows for a trickle of electricity to move through.

If none of these things are ultimately plugged into the same device, then there's either a major paradox occuring inside your home, the aliens are screwing with you, or an enormous magnetic field is disrupting everything and will soon swallow us all.

[kobaltin]

I dont have nothing like surge-protector. Everything is plugged directly into the socket on wall, or via hubs. The desk lamp which caused "blackout of monitors + spining fans + freezing" is 11W fluor tube and I doubt that this power consumption could overload my power line.. and it was happening also while OFF the lamp - unloading. Furthermore I normally have running my both pcs on that power line with no problems. During these desk lamp problems I had runnnig only one pc. I think if it would be coused by overloading, it would blow a fuse. Now when I try to repeat it by taking a lamp to the monitor with fluor tube or with transformer, nothing happens. And again, I didnt do any changes with anything, it simply stopped OF ITSELF.

If none of these things are ultimately plugged into the same device, then there's either a major paradox occuring inside your home, the aliens are screwing with you, or an enormous magnetic field is disrupting everything and will soon swallow us all.

OR someone hacked my pc through hardware and try to make me crazy. How could it be technically done? There are no ghosts in this world, I dont believe in them.

[OnlyHuman]

I'm not too sure how many hackers, male or female, would know how to sync display timers to the frequencies emitted by fluorescent lamps. Maybe it's best to assume that this is in fact a hardware issue though. One most likely brought about by over-clocking your PC, which may or may not have been running on faulty household wiring, without a surge protector.

[sanddbox]

It definitely sounds like a power supply issue. Why would a virus cause these occurences?

[fabianhjr]

Yes, it looks like a PSU issue. Tough it still weird it changes the input method.

You should always plug electronics to a surge protector. Here in Mexico Voltage goes from 110 V to 145 V. This variations can damage things specially speakers and computers. All looks fine in Safe Mode. Try to use it ans search for your issues. If the issues don't present themselves there try to restore your computer somewhere between 1 week before troubles started.