[olegchris89]

Hello every one. I have been suspecting my roommate from spying on my computer and looking at everything i am doing. We live in the same room in a students hostel. We are using the same internet network through a wi-fi router. So i would like to know if it is possible that some one spy on me, and see for example everything i do on screen. And if i can check and see if really my roommate is doing that, or i am the one being paranoic. And also i would like to ask if there things i could do to defend myself against that kind of spying. Thanks 

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

It's hard to say what any given person is capable of and how talented they may be when it comes to spying, hacking, whatever you want to call it.
Your best option is to delete the roommate if you don't trust him / her and they are invading your privacy.

I'll take a look at your logs from FRST in order to check your computer. Best I can do. We get quite a few of these requests and most of the time I believe it's the user being paranoic.

Next

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

It's hard to say what any given person is capable of and how talented they may be when it comes to spying, hacking, whatever you want to call it.
Your best option is to delete the roommate if you don't trust him / her and they are invading your privacy.

I'll take a look at your logs from FRST in order to check your computer. Best I can do. We get quite a few of these requests and most of the time I believe it's the user being paranoic.

Next

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[olegchris89]

First of all i would like to thank you. These are the reports from the scan

Attached Files

•  Addition.txt   97.44KB   718 downloads
•  FRST.txt   112.63KB   429 downloads

[zep516]

Hello,

Did you set this proxy server ?

ProxyServer: [S-1-5-21-891329421-3597823457-1790088782-1002] => 91.121.46.183:4444


No bad things found, but we will take care of some left over unnecessary items while your here.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
S0 BTATH_BUS; System32\drivers\btath_bus.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
HKLM-x32\...\Run: [] => [X]
Task: {03E8E4DE-2C2C-4042-93DA-326746CF0405} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {842AF2FC-DD8B-4D85-86B9-C10C697879CB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8BBE4B2E-80DE-49FD-9E6F-4CDAF9E1756B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C9DE818E-13CA-410F-B6DA-32E2FF7AF801} - \ASC10_SkipUac_Oleg -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

[olegchris89]

About the proxy sever i remember that one day i was trying to follow steps from net about changing my proxy server to have access to a site restricted in the country i live in right now. But i am not sure. Thank you again for helping

Attached Files

•  Fixlog.txt   4.8KB   523 downloads

[zep516]

Hello,

It is a public HTTPS proxy located in France. So it appears to be legit. Sometimes Malware sets these, that's why I asked. Otherwise it all looks good log file wise.

Some reading for you,
https://security.sta...-in-the-same-wi

Thanks
Joe

[olegchris89]

Thank you very much

[zep516]

You're welcome !

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe