Windows 8 and 8.1 Forums

Hacked, running processes in registry look fishy win 8.1

  1. #1

    Hacked, running processes in registry look fishy win 8.1

    Hi all. Everyone has been a blessing in disguise with helping me solve issues one by one on my laptop. I have a hacker, a known one possibly, and I was just tweaking my 'services running' via Services.msc, and decided to take a peak at the registry. I found some entries I believe to be a little odd. Maybe someone can tell me if these 'drivers' or 'services' were forcefully installed on my laptop? I have screenshots of entire registry for that area, but will only post a couple until I can get each sorted out. I did go to the Black Viper website and that is where I got the idea to check services running and correct the ones not 'Auto, Manual...etc' ....
    SO, ONE of my main questions is this one:
    Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3ware
    [and clicking on Parameters these are the entries:]
    (Default) Type Data
    BusType REG_DWORD 0x00000008 (8)
    IoTimeoutValue REG_DWORD 0x0000003c (60)
    ...and below parameters is
    (Default) Type Data
    5 REG_DWORD 0x00000001 (1)

    There are others as well...I'll just give the names that appear on the left side, and not all the detailed information unless someone else thinks it's fishy and then I'll provide the screenshots.

    ACPI > Enum > Parameters >WakeUp
    acpiex > Parameters >Wdf
    ADP80XX >Parameters >WDF
    adsi >Cache >Options >dashost.exe, excel.exe, powerpnt.exe, winword.exe
    AeLookupSvc > Parameters >TriggerInfo, 0
    AFD >Parameters
    agp440 >StartOverride
    ATHDFU > Parameters
    athr > enum
    b06bdrv > Parameters >WDF then StartOverride
    BDESVC >Parameters, Security, SQM State, State >TriggerInfo, 0

    And I'll start with those because the list is forever unending. I will take a screenshot of just the names alone if that will help someone, and if another sees something that doesn't belong there, then maybe we can continue with the steps to fix this.
    The reason I'm having issues, it's been an ongoing battle with this possible 'hacker', (whom I don't believe has ill intentions), but first I had a little white 'Windows' key down in the task bar that had the options to reserve Win 10....etc. So, digging further (after I thought it was nothing), I opened the file to find that someone had attached other .exe files with that and last night my computer began doing all of these 'Updates' in which came from nowhere. When they finally finished, I checked out Norton, and all my settings had been changed, and someone had logged on and changed them, and I think they did this while I was gone, and then while it was updating, then that's when other changes were made because I had no control over my laptop while it was installing the updates. [Just a little history for all of you who are tech savvy and can help me PLEASE get this figured out. I'm tired of playing this game of cat and mouse and if I have a Keylogger installed, I want it GONE!
    Thanks much everyone!!

      My System SpecsSystem Spec

  2. #2

    Forever West
    Posts : 591
    WinVista, Win7, Win8.1, Win10, Mac OS X 10.10, Linux Mint 17.1

    First thing I'd do is disconnect from the Internet then try to run System Restore choosing a date before the problem.
      My System SpecsSystem Spec

  3. #3

    Well. Problem is my system restore points are like 3-4 days ago, none beyond that. My recovery drive is damaged. Now to top it off, being frustrated, I deleted a couple of 'hidden' drivers, re-booted, now have just black screen/cursor. No log in ...
      My System SpecsSystem Spec

  4. #4

    Posts : 683
    Win 8.1.1 Pro x64

    Quote Originally Posted by btowngurl1974 View Post
    Well. Problem is my system restore points are like 3-4 days ago, none beyond that. My recovery drive is damaged. Now to top it off, being frustrated, I deleted a couple of 'hidden' drivers, re-booted, now have just black screen/cursor. No log in ...
    Entries you have entered seem completely normal, deleting them will only damage Windows, as you have found out already. If you are concerned about being infected and unable to detect it, perform a clean install, unavoidable at this moment anyway. Afterwards you should change your security, since if did not help you before, it is unlikely, it will help you then. Since you are using wifi via Atheros adapter, do not forget to set a proper 63 ASCII characters long WPA2 password. Just copy/paste.
    Attached Thumbnails Attached Thumbnails capture_06112015_082538.jpg  
      My System SpecsSystem Spec

  5. #5

    United States
    Posts : 3,093
    Windows 8.1 Pro 64-bit

    Yep, all those values seem legit. As TairikuOkami said, if you deleted them then you have trashed your OS. Could try a Repair install with an ISO.
      My System SpecsSystem Spec

  6. #6

    Hey guys..
    I was able to repair the issue and bounced back from the black screen, cursor only. But, as I was attempting to repair it, suspected hi-jacker was doing something on suspected 'control center', via either a PC game, or a blank DVD re-writable. I finally got my computer in safe mode and began making repairs, when all of a sudden, computer clicked like on/off, booted up, and began to diagnose/repair itself. It was very odd.
    NOW. I know this all seems crazy. Why would I have someone wanting to control my laptop, have hidden audio/video devices, etc...hidden? That's a question I can't really answer other than 'insecurity'. However, when my black screen, no cursor issue occurred, it happened when I deleted a '2nd monitor' in which was a hidden drive. At this very same time, our Xbox failed and would not connect to the internet. Suspect hi-jacker (from now on, I'll just say Mr. HJ), went into the router and tried to manually add the X-box, changed the password to gain access to the router, and this is where I caught something unusual. When the Xbox was pulled up, theree were three profiles. He was using the middle profile. And then, once everything was up and running, including mine, he clicked over to the 'regular' profile and said "well, look at that, it just suddenly started working! I must have fixed it when I messed with the router".

    The next day, I get the chance to work online with no intrusion, no Mr. HJ, and made some adjustments, fixed it to where my computer was not accessible unless I manually turned on the wi-fi. This worked. ....for a few hours. I literally had to hide my laptop when leaving the room. I could sense his frustration because when we both were on our computers I knew what he was trying to do (all while pretending to get an FSX game to work), and was able to keep him, but only if I was not connected to wi-fi. (no wi-fi, no internet, can't get anything accomplished). Living in total chaos and craziness is not so exciting.
    Next day....I put laptop in closet under some clothes, go downstairs to do some things as Mr. HJ is supposed to be showering, etc. Instead, i knew he was looking for the laptop. I interrupted him a few times, each time I could clearly see where he had made it to the closet, got it open, heard me coming and stopped. I got tired of cat and mouse and carried on. My mistake. My laptop was still in the closet, but clearly it had been messed with, and the USB port on the right side (3.0 port I believe) had been used because it was pulled out just enough for one to gain access to it, and the stack of CD cases I had in front of the door were all knocked over. This is when I decided on the clean install.
    However, is it even going to matter if he has installed some type of 'geo-fence' program on his desktop? I don't even CARE if he sees what I type, say, do or whatever because I have my own sales business in which I use and need my laptop for. I use it for nothing much more than that. The problem I have is privacy issues. I don't WANT to have someone sitting behind another screen watching me all day and listening to everything I say and do. I don't feel that is legal for one, and two even necessary.
    Am I overreacting? Should I continue with the clean install? I'm sorry if I've turned this into a soap opera, or some type of Inspector Gadget story, but I need to get this fixed, or buy a new computer. ADVICE: Don't buy a Dell. I've never had so many issues and corrupt files in my life.
    Thanks all.
      My System SpecsSystem Spec

  7. #7

    use your phone as a hotspot and only connect online through your cell phone.. or own service that you pay for..

    buy a new computer and dont connect it online at all anywhere near this MR. HJ..

    or buy a new SSD hard drive off of amazon.. $100.. Samsung EVO.. and install new windows there.. and don't go online at all with that network that he is on.. and totally password lock your computer.. and encrypt the hard drive.. you can ask here or google that..

    also maybe consider getting a Mac for $1000.. maybe he wont know how to use mac.. haha.

    and most important, are you in college with a roommate or something? get the hell away from this MR. HJ!!...
      My System SpecsSystem Spec

  8. #8

    Haha...a little bit more than a roommate.
    I tried the hotspot idea before I decided on the clean install. I tried connecting via phone through bluetooth and for whatever reason my 'bluetooth' button on laptop disappeared. So that option was a no go. I'm planning on buying a new laptop in August. I thought about a Mac but i don't know if I know how to use them either!! I don't think he's working alone. I know a few years back I was having an issue with a printer and he called a buddy he worked with and they solved this issue together. Partner in crime sort of speak. "IF" he was able to install a separate hard drive on my laptop, say while I was at work or something, I would have never known it until i began having problems, started browsing through the device manager and finding devices that were unknown, or their location unknown, or even one's that dated WAY earlier than the age of my laptop (like 2006). And the what really got me was I would do a restore and it would work, but I couldn't seem to get rid of these old files and drivers. THAT'S because he was installing silent drivers and files, and dating the files whatever he wanted. So, when i would try and roll the system back those files would stick due their date. He's good at what he's doing and I'm sure he's been studying computers way longer than I have. Had I not deleted things by trial and error (even if it did crash my system a time or two), I would not have learned as much as I have. (And props to all you guys on here helping me through this, I couldn't have done it without you).
    As far as networking, here's our setup:
    Desktop [belongs to Mr. HJ and is connected via ethernet to router].
    Laptop [belongs to ME, a Dell Inspiron 15, and can connect via Bluetooth, Wireless Network Adapter or Ethernet].
    Laptop 2 [belongs to Mother-in-Law and I use it to troubleshoot mine after I've deleted things I shouldn't, and have to problem solve].
    iPhone [Mr. HJ, service is prepaid but we still share the same network as far as wi-fi when at home].
    iPhone [I also have one, also prepaid, also on same network/router].
    HP Deskjet 3510 All-in-One Printer [MY printer, but has capability to be used wirelessly or USB].
    XBOX360 [obviously the game system, BUT, it also is connected via wi-fi, in which this is how I suspected I was being monitored. I had all of these extra monitors in device manager, and when I accidently deleted the wrong one, the game system stopped working, and then just suddenly worked as soon as I recovered my system].

    So as far as being wireless, I have no choice but to be on the same network.

    Password locking my computer....THIS is what I want to know about. If nothing else, the encryption and password ideas, any and all would be great.
    Thanks so much and I wish I could just have my own network, but I can't!
      My System SpecsSystem Spec

  9. #9

    Look, your situation is ridiculous..

    Even if it's some family member or whatever that isn't important.. you bought a computer and you shouldn't have to worry about being watched and monitored..

    start reading this forum it has a little bit of info for you about encryption. even if you put a password on windows he/she can still bypass that if they are knowledgeable enough..

    Full Disk Encryption effective against hackers or not?

    its kinda funny when I think about it but maybe look into having a system USB.. where you run windows from a USB stick.. and then when You shutdown you always hide/lock away that usb stick and then that might really piss mr HJ off.. cause he wants to monitor you right?

    i think you google "run windows from USB"

    also watch this thread there maybe answers for you here as well..

    Windows password/pin (cracked/reset from login screen?)

    I think at this point if you aren't doing anything that causes concern or have naked pictures of yourself etc.. then I think you should just make mr Hj's life difficult by doing things to make it very difficult for MR. Hj. to monitor you..
      My System SpecsSystem Spec

Hacked, running processes in registry look fishy win 8.1
Related Threads
Brief Summary: I had this problem with windows 7, and figured upgrading to windows 8 would solve the issue (I wanted to upgrade anyway) but it's still happening. I have 8 GB of DDR3 RAM and when I start windows it has about 1.5 GB in use. Just letting it sit there, the memory use slowly climbs...
Identify Processes Running Upon Login? in Performance & Maintenance
Lately, and I'm not sure if I'm noticing it for the first time, after I login and access my desktop from the touch screen, I can't access any programs until after a few seconds (maybe 10-15). Is it possible there are background programs running that are interfering here? If so is there a way to...
Duplicate processes of applications in Performance & Maintenance
so today i came through this situation. there are duplicate processes created by applications. like google chrome, norton's executable this normal or something to worry ? 24325
Solved I got hacked in System Security
(I don't know if this is the right category to put this in. I skimmed them over and this one seemed to fit) So basically a hacker took control of my computer for about 10 to 20 minutes, until i turned off my computer. Afterwords, unplugged my ethernet cord, and started up my computer. I did disk...
Bandwidth limit on processes. in Network & Sharing
Hey. I am downloading games for different services. But I like to to play games while downloading but the ping is high. I have tried netbalancer but the free limit is too low and paying for such software is dump so are there any free software to controll bandwidth?
Self appearing processes in BSOD Crashes and Debugging
Hello, Just week ago installed Windows 8. From the beginning noticed, that in the task bar appear blank processes, didn't pay any attention then, I just clicked on them and they disappeared. But if you don't click on them, there appear more and more. Here I have took some screens imgur: the...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook