Mementh Posted January 17, 2006 Share Posted January 17, 2006 someone was on my account.. i was in wild agility course logged into fally.. . i know my stuff wont be gotten back.. but i need this hijack log checked i am not logging out till i know i am safe Logfile of HijackThis v1.99.1 Scan saved at 6:57:21 PM, on 1/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\PROGRA~1\COMMON~1\Stardock\SDMCP[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\MIRC\G6 FTP Server\G6FTPSERVER[Caution: ExecutableFile] C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\WINDOWS\system32\RunDLL32[Caution: ExecutableFile] C:\Program Files\DAEMON Tools\daemon[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\MIRC\G6 FTP Server\G6FTPTray[Caution: ExecutableFile] C:\Program Files\HDD Health\hddhealth[Caution: ExecutableFile] C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher[Caution: ExecutableFile] C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler[Caution: ExecutableFile] C:\MIRC\mirc[Caution: ExecutableFile] C:\WINDOWS\system32\taskmgr[Caution: ExecutableFile] C:\Program Files\Trillian2\trillian[Caution: ExecutableFile] C:\Program Files\iTunes\iTunes[Caution: ExecutableFile] C:\PROGRA~1\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\AVGFRE~1\avgemc[Caution: ExecutableFile] C:\Program Files\AVG Free\avgcc[Caution: ExecutableFile] C:\PROGRA~1\MOZILLA\FIREFOX\FIREFOX[Caution: ExecutableFile] C:\Program Files\Microsoft Office\Office10\EXCEL[Caution: ExecutableFile] C:\Program Files\Yahoo!\Messenger\YPager[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\WINDOWS\explorer[Caution: ExecutableFile] C:\Documents and Settings\Luke_Gillis\Desktop\backup\hijack\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/website/runescape/runeload.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32[Caution: ExecutableFile] NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon[Caution: ExecutableFile]" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\MIRC\G6 FTP Server\G6FTPTray[Caution: ExecutableFile]" O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz[Caution: ExecutableFile]" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth[Caution: ExecutableFile] -wl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile]" -quiet O4 - Startup: mirc.lnk = C:\MIRC\mirc[Caution: ExecutableFile] O4 - Startup: TASKMGR[Caution: ExecutableFile].lnk = C:\WINDOWS\system32\taskmgr[Caution: ExecutableFile] O4 - Startup: trillian.lnk = C:\Program Files\Trillian2\trillian[Caution: ExecutableFile] O4 - Global Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: Caledos Scheduler.lnk = C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9360394859 O17 - HKLM\System\CCS\Services\Tcpip\..\{422C2C39-9050-43CB-AA84-9F1E271BEE57}: NameServer = 68.52.0.5,68.52.0.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{422C2C39-9050-43CB-AA84-9F1E271BEE57}: NameServer = 68.52.0.5,68.52.0.6 O17 - HKLM\System\CS2\Services\Tcpip\..\{422C2C39-9050-43CB-AA84-9F1E271BEE57}: NameServer = 68.52.0.5,68.52.0.6 O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgemc[Caution: ExecutableFile] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\MIRC\G6 FTP Server\G6FTPSERVER[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
Vape Posted January 17, 2006 Share Posted January 17, 2006 Did someone send you runeload.html? That's my best bet there. mIRC is set to run at startup - is that intentional, and did you recently download any mIRC scripts? Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Mementh Posted January 17, 2006 Author Share Posted January 17, 2006 Did someone send you runeload.html? That's my best bet there. mIRC is set to run at startup - is that intentional, and did you recently download any mIRC scripts? runeload is mine i made it mirc i use and no one has sent me any scripts.. i mean this is completely weird The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
MasterOfThePuppets Posted January 19, 2006 Share Posted January 19, 2006 Did someone send you runeload.html? That's my best bet there. mIRC is set to run at startup - is that intentional, and did you recently download any mIRC scripts? runeload is mine i made it mirc i use and no one has sent me any scripts.. i mean this is completely weird Post the source code of runeload.html Link to comment Share on other sites More sharing options...
Mementh Posted January 19, 2006 Author Share Posted January 19, 2006 Did someone send you runeload.html? That's my best bet there. mIRC is set to run at startup - is that intentional, and did you recently download any mIRC scripts? runeload is mine i made it mirc i use and no one has sent me any scripts.. i mean this is completely weird Post the source code of runeload.html all it does is resize the browser and place it where i want and then goes to http://www.runescape.com ... thats about it.. google javascript :) The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
Phil Posted January 20, 2006 Share Posted January 20, 2006 I take you have scanned with virus & spyware scanners? Link to comment Share on other sites More sharing options...
Mementh Posted January 20, 2006 Author Share Posted January 20, 2006 I take you have scanned with virus & spyware scanners? spyware blaster thecleaner trojanhunter bazooka scanner adaware spybot AVG ..... i also used rootkit revealer and looked at every file modified in the last 2 days (of when this first happened) (to see if any file was logging keys) all reveiled nothing... and if the person does not login with my account... then i will know i am clean.... if they do they will find little to take.. The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
meol Posted January 21, 2006 Share Posted January 21, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v This signature is intentionally left blank. Link to comment Share on other sites More sharing options...
Mementh Posted January 21, 2006 Author Share Posted January 21, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v don't worry.. already taken care of.. https://www.grc.com/passwords grc.. 100% cryprographically strong passwords i am using my own customer one from there and aint no one gonna guess it this time The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
runesmithie Posted January 21, 2006 Share Posted January 21, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v don't worry.. already taken care of.. https://www.grc.com/passwords grc.. 100% cryprographically strong passwords i am using my own customer one from there and aint no one gonna guess it this time That won't help you against a keylogger, and it really seems like overkill in my opinion I just posted something! ^_^ to the terrorist...er... kirbybeam. Link to comment Share on other sites More sharing options...
Mementh Posted January 22, 2006 Author Share Posted January 22, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v don't worry.. already taken care of.. https://www.grc.com/passwords grc.. 100% cryprographically strong passwords i am using my own customer one from there and aint no one gonna guess it this time That won't help you against a keylogger, and it really seems like overkill in my opinion true.. but it will help against brute force... they coulda done it on the website IE forums to avoid detection by me.. The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows! Link to comment Share on other sites More sharing options...
runesmithie Posted January 22, 2006 Share Posted January 22, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v don't worry.. already taken care of.. https://www.grc.com/passwords grc.. 100% cryprographically strong passwords i am using my own customer one from there and aint no one gonna guess it this time That won't help you against a keylogger, and it really seems like overkill in my opinion true.. but it will help against brute force... they coulda done it on the website IE forums to avoid detection by me.. So your forum password is the same as your runescape? Even worse I just posted something! ^_^ to the terrorist...er... kirbybeam. Link to comment Share on other sites More sharing options...
Lews_Therin Posted January 23, 2006 Share Posted January 23, 2006 You could try typing the whole alphabet, the try to make a new password copy-pasting the separate letters. If the keylogger is not a very good one, it will only log: abcde.... then ctrl c ctrl v don't worry.. already taken care of.. https://www.grc.com/passwords grc.. 100% cryprographically strong passwords i am using my own customer one from there and aint no one gonna guess it this time That won't help you against a keylogger, and it really seems like overkill in my opinion true.. but it will help against brute force... they coulda done it on the website IE forums to avoid detection by me.. So your forum password is the same as your runescape? Even worse He's saying they could have tried using the runescape forums to brute-force his password. Mementh: did you at least have a PIN? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now