| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 119894 | 2011-08-15 15:17:00 | Possible Keylogger, Hijack This Log | FinalXevv (16501) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1223455 | 2011-08-15 15:17:00 | So i've been getting hacked left and right for about a month and no matter how much anti-virus/spyware scan I run, how many times I change email and password, I always get hacked, so I ran hijack this and was wondering if anyone can tell me of anything suspicious. Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\ProgramData\TVersity\Media Server\berkelium.exe C:\hp\support\hpsysdrv.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\schtasks.exe C:\Program Files\Steam\Steam.exe C:\Windows\System32\mobsync.exe C:\Program Files\uTorrent\uTorrent.exe C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\Downloads\HijackThis.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1694525646-4071683024-747703073-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe |
FinalXevv (16501) | ||
| 1223456 | 2011-08-15 21:04:00 | Uninstall Spybot. Use malwarebytes instead. (http://www.malwarebytes.org) Using Utorrent wont help. You can tick these in startup. Disable system restore O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Make sure there's only one version of Java installed (the latest). And make sure there's only one version of flash installed (the latest) If this is 32 bit use trojan remover (http://www.simplysup.com). Update it then click on scan. Then select all options under the utils menu |
Speedy Gonzales (78) | ||
| 1223457 | 2011-08-15 22:22:00 | Speedy's the expert at this stuff so I won't disagree, would point out though that if you like Spybot you don't need to uninstall it just disable the SD helper, tea timer, etc. It's an ok scanner but its' memory resident functions are not well regarded and can cause issues. I've tried scanning with Ad Aware, Malware Bytes, and Spybot one after the other. Whichever you run first always seems to get rid of all the tracking cookies etc leaving the others with nothing to find unless you have some actual malicious software. Malwarebytes seems to be the current weapon of choice among the free scanners. Keyloggers can be difficult to find/remove though. What specifically is being hacked if you don't mind my asking? Internet account, Game Login, something more serious ? Some things have other security measures you can take. For example I use a free authenticator app on my smartphone to secure my battlenet account. I had the keyring version but I gave it to my flatmate after his account got hacked and malwarebytes flagged up a bunch of dodgy stuff. He's been fine since using the authenticator. |
dugimodo (138) | ||
| 1223458 | 2011-08-15 23:06:00 | Speedy's the expert at this stuff so I won't disagree, would point out though that if you like Spybot you don't need to uninstall it just disable the SD helper, tea timer, etc . Well I will disagree . Don't run the resident stuff, sure, but not use it?? No, I always run at least 2 antispywares, Spybot being one of them . It works . |
pctek (84) | ||
| 1223459 | 2011-08-16 01:42:00 | Spybot is quite useful in my opinion... and you get some preventative protection without having to pay for it like Malwarebytes. Using uTorrent (or any bittorrent client) is not a problem unless you download something with a virus in it. By itself uTorrent will not give you a virus. Remember bittorrent is just a method of distributing data and can be used for perfectly legitimate software distribution. To FinalXevv: I would scan the PC with something like BitDefender Rescue CD, which ensures no virus is active during scanning. Most good keyloggers will come with rootkits and these can be very difficult to detect while windows is booted, hence an 'offline' scan with something else is a good idea. |
Agent_24 (57) | ||
| 1 | |||||