Need help...password has been hacked, don't know how to stop it.

Zone Alarm keeps blocking port 445 and others. It keeps blocking the same thing. Someone is trying to access my information through the internet I think. I ran the tutorial (took about 4 hours) and removed navexcel and other known spyware things. On adware personal SE there were multiple tracking cookies which were quarinteened and deleted. Zone alarm repeatedly blocked what was trying to come in, but i was on a trip and the computer was left to my siblings. I play this game that is called runescape at runescape.com. It is a very secure game, but when i go out of runescape.com to other sites with help information it starts messing up. I won't go to these sites anymore because it has cost me multiple problems including someone hacking my password. I put my computer in stealth mode in zone alarm to prevent this stuff from happening until i get this fixed. I wish to add a log file from hijackthis. I want to make sure i fixed the problems and there is nothing else to delete.

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

here it is...

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Now scan with HijackThis and Check the Boxes for the following:

O21 - SSODL: Setnic - {401D2177-D392-4B44-8037-AA135B14D452} - C:\WINDOWS\system32\netbin.dll

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

ok deleted what you said. Here's the log.

 

Your HJT log is clean!

Are you still having problems?

 

No I'm not having problems anymore. Finally taken care of that problem, but there is one thing that concerns me. ZoneAlarm has repeatedly blocked Inbound network access from the internet. I have a wireless router, could that be it? Could the try gettin access from there. But it has blocked out a total of 41 times and 14 have been high rated in the past day. How do I hide my computer from this guy, its all trying to be accessed from the same location, port 445. And does virus scans detect keyloggers? I think I'm fine as long as zonealarm is running so thanks you much from your help.

 

Port 445 is a "new" port that windows uses over SMB. SMB stands for Server Message Block. What is it for? Well, one of the things it is used for is network sharing through 2000, xp, and 2003. Back in the NT 4 days NetBT was used alone.

Is this a good port? Well, sure if you are on a network of computers at home or at work. But, if you are using only one computer, and you don't care to share folders, then turn off incoming. In the end, turning off SMB at the client is an easy thing to do. Along with port 135-139 (UTP-UDP).

I'm not telling you to do anything, just informing you what that port is for.

 

For more information on this particular port, see the thread below.

http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm