Windows Support Forum

Problem with a keylogger

Q: Problem with a keylogger

I believe there is a keylogger on my computer which was used to hack my WoW account I am woefully ignorant about the workings of computer systems but hope to prevent Problem keylogger with a further problems by changing my email address used to log on changing passwords and starting to use an authenticator before I play again However I still need some advice about removing the offending keylogger Many thanks in advance to anyone gifted enough to help Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C hp support hpsysdrv exe C Program Files Hewlett-Packard On-Screen OSD Indicator OSD exe C Windows RtHDVCpl exe C hp HP Software Update hpwuSchd exe C Program Files AVG AVG avgtray exe C Windows system schtasks exe C Program Files Windows Media Player wmpnscfg exe C Program Files Curse Problem with a keylogger CurseClient exe C Program Files Olympus DeviceDetector DevDtct exe C hp Digital Imaging bin hpqtra exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Windows system wuauclt exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows system jusched exe C hp kbd kbd exe C Windows Explorer EXE C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Microsoft Office Office EXCEL EXE C Program Files Microsoft Office Office WINWORD EXE C Program Files Trend Micro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run hpsysdrv c hp support hpsysdrv exe O - HKLM Run KBD C HP KBD KbdStub EXE O - HKLM Run OsdMaestro quot C Program Files Hewlett-Packard On-Screen OSD Indicator OSD exe quot O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run HP Health Check Scheduler ProgramFilesFolder Hewlett-Packard HP Health Check HPHC Scheduler exe O - HKLM Run SunJavaUpdateReg quot C Windows system jureg exe quot O - HKLM Run HP Software Update C HP HP Software Update HPWuSchd exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run hpqSRMon C Program Files HP Digital Imaging bin hpqSRMon exe O - HKLM Run Turbine Download Manager Tray Icon quot C Program Files Turbine Turbine Download Manager TurbineDownloadManagerIcon exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRun O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run swg quot C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe quot O - HKCU Run CurseClient C Program Files Curse CurseClient exe -silent O - HKCU Run Pando Media Booster C Program Files Pando Networks Media Booster PMB exe O - HKCU Run Google Update quot C Users Ian AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User LOCAL SERVICE O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User NETWORK SERVICE O - Global Startup Device Detector lnk C Program Files Olympus DeviceDetector DevDtct exe O - Global Startup HP Digital Imaging Monitor lnk C hp Digital Imaging bin hpqtra exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Skype add-on for Internet Explorer - EA C -E FF- B- -AEC B E - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Extra Tools menuitem Skype add-on for Internet Explorer - EA C -E FF- B- -AEC B E - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Trusted Zone http www google co uk O - DPF F - F A- D- A - FE AC BD ActiveScan Installer Class - http acs pandasoftware com activescan cabs as stubie cab O - DPF E E F- F- FB - -AC BF A - http platformdl adobe com NOS getPlusPlus gp cab O - DPF E F EB-E AB- - F - DBAF A Windows Live Hotmail Photo Upload Tool - http gfx hotmail com mail w pr photouploadcontrol VistaMSNPUplden-gb cab O - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files AVG AVG avgpp dll O - Protocol skype-ie-addon-data - -D - E -B - B B A - C Program Files Skype Toolbars Internet Explorer skypeieplugin dll O - Filter x-sdch - B - EEC- C E-B F -B FE E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - AppInit DLLs avgrsstx dll O - SharedTaskScheduler Component Categories cache daemon - C EF- B - d -BE - C - C Windows system browseui dll O - Service AVG Free WatchDog avg wd - AVG Technologies CZ s r o - C Program Files AVG AVG avgwdsvc exe O - Service Symantec Lic NetConnect service CLTNetCnService - Unknown owner - C Program Files Common Files Symantec Shared ccSvcHst exe file missing O - Service DM Service - OLYMPUS Corporation - C Program Files Olympus DeviceDetector DM Service exe O - Service Firebird Server - MAGIX Instance FirebirdServerMAGIXInstance - MAGIX - C MAGIX Common Database bin fbserver exe O - Service GameConsoleService - Unknown owner - C Program Files HP Games My HP Game Console GameConsoleService exe file missing O - Service Google Software Updater gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exe O - Service HP Health Check Service - Hewlett-Packard - c Program Files Hewlett-Packard HP Health Check hphc service exe O - Service LightScribeService Direct Disc Labeling Service LightScribeService - Hewlett-Packard Company - c Program Files Common Files LightScribe LSSrvc exe O - Service LiveUpdate - Symantec Corporation - C PROGRA Symantec LIVEUP LUCOMS EXE O - Service NVIDIA Display Driver Service nvsvc - NVIDIA Corporation - C Windows system nvvsvc exe O - Service SBSD Security Center Service SBSDWSCService - Safer Networking Ltd - C Program Files Spybot - Search amp Destroy SDWinSec exe -- End of file - bytes nbsp

https://forums.techguy.org/threads/problem-with-a-keylogger.940947/
Relevancy 100%
Preferred Solution: Problem with a keylogger

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 41.71%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exeC WINDOWS Explorer EXEc PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield believe keylogger i problem exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Program Files Dell Support keylogger problem i believe Center bin sprtsvc exeC WINDOWS system svchost exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS RTHDCPL EXEC WINDOWS system igfxpers exeC Program Files Java jre bin jusched exeC Program Files Battery Meter BTMeter exeC Program Files Wireless Select Switch WLSS exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files McAfee com Agent mcagent exeC WINDOWS system igfxsrvc exeC Program Files Dell Webcam Dell Webcam Central WebcamDell exeC Program Files Dell Support Center bin sprtcmd exeC Program Files Dell keylogger problem i believe Video Chat DellVideoChat exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Live Messenger msnmsgr keylogger problem i believe exeC Program Files Google Google Desktop Search GoogleDesktop exeC WINDOWS system wuauclt exeC PROGRA McAfee VIRUSS mcsysmon exec PROGRA mcafee msc mcuimgr exeC Program Files Java jre bin jucheck exeC WINDOWS System svchost exec PROGRA mcafee msc mcshell exeC Program Files McAfee MQC McpAdmin exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC Program Files Internet Explorer iexplore exeC Program Files Windows Live Toolbar wltuser exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dllO - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SearchHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files Dell BAE BAE dllO - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dllO - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dllO - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dllO... Read more

A:keylogger problem i believe

hi,

you log is several days old. If you still need help we will get some downloads for a closer look. simply post back.

http://www.bleepingcomputer.com/forums/t/225371/keylogger-problem-i-believe/
Relevancy 41.71%

Hello this week my mail and World of Warcraft account were both hacked I solved both of them from a different computer i have a newly generated password from problem Keylogger Blizzard but i am afraid to try and log Keylogger problem in again untill i solve my problem So i have avg anti-virus i scanned everything found around trojans and removed all of them After this i used malwarebytes anti-malware and after i scanned found one more trojan Removed it as well Now i am pretty afraid after what happenes so please can someone tell me if there is something wrong in this HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C windows System smss exeC windows system winlogon exeC windows system services exeC windows system lsass exeC windows system nvsvc exeC windows system svchost exeC windows System svchost exeC windows system spoolsv exeC Program Files Avira AntiVir PersonalEdition Classic sched exeC Program Files AlienGUIse wbload exeC windows Explorer EXEC windows RTHDCPL EXEC Program Files Winamp winampa exeC Program Files ScanSoft PaperPort pptd nt exeC windows system RUNDLL EXEC Program Files Common Files Java Java Update jusched exeC Program Files Avira AntiVir PersonalEdition Classic avguard exeC windows system ctfmon exeC Program Files Java jre bin jqs exeC Program Files uTorrent uTorrent exeC Program Files Nokia Nokia PC Suite PCSuite exeC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC windows System svchost exeC windows system svchost exeC windows system wscntfy exeC Program Files PC Connectivity Solution ServiceLayer exeC Program Files PC Connectivity Solution Transports NclUSBSrv exeC Program Files PC Connectivity Solution Transports NclRSSrv exeC Program Files Yahoo Messenger YahooMessenger exeC Program Files Common Files Java Java Update jucheck exeD Riot Games League of Legends lol launcher exeD Riot Games League of Legends Air LOLClient exeC Program Files Winamp winamp exeC Program Files Mozilla Firefox firefox exeC WINDOWS system msiexec exeC Program Files Trend Micro HijackThis HiJackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www softpedia comR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http google ro R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by SoftpediaO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Winamp Toolbar Loader - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - BHO Ask Toolbar BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLL file missing O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Ask Toolbar - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSB... Read more

A:Keylogger problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/323028/keylogger-problem/
Relevancy 41.71%

i tried removing it with avg and spybot but it just keep coming back its called the perfect kelogger
 

Relevancy 41.71%

Hi Problem Keylogger Me Help I play habbo hotel lol i know you may Help Me Keylogger Problem think im sad but anyway I recently noticed some of my things missing and sure enough i did an free online mcafee virus scan and found the keylogger so i was on this site and it Help Me Keylogger Problem told me how to remove it i printed out the virus scan results and it said to download Anti-spy and it would list all the running processes it did but i couldnt find my keylogger on the list so i skipped that step then it said download spysweeper i did and scanned it took about an hour and found the keylogger i quarantined and deleted it and today i did an online virus scan again and it found it I have Norton anti virus with up-to-date definitions by intelligent update as my automatic one doesnt work but i use intelligent i have scanned with NAV and didnt find the keylogger so what i am asking is there a free program out there that will scan my computer and fint the keylogger and then remove it for good p s today when i did my mcafee online scan these were the results C System Volume Information A exe Keylog-SClog C System Volume Information A dll Keylog-SCLog dll thanks any help would be Greatly appreciated Ryan nbsp

Relevancy 41.71%

Howdy im reposting a topic i had on early for the lack of responses I Problem Keylogger recieved for now i have some updated information for you guys after reading some of the posts on this site I did a different scan RSIT which scanned everything in the past month that was downloaded onto my computer if someone can check this out for me to see where the keylogger may be so Keylogger Problem i can get rid of this pesky thing that would be great I have attached the log file that also came with the RSIT scan thanks Logfile of random's system information tool written by random random Run by Owner at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB Keylogger Problem free Logfile of Trend Micro HijackThis v Scan saved at AM on - - Platform Windows XP Keylogger Problem SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS system LEXBCES EXE C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system libusbd-nt exe C WINDOWS ehome ehtray exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Java jre bin jusched exe C WINDOWS zHotkey exe C Program Files Digital Media Reader shwiconem exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files iTunes iTunesHelper exe C WINDOWS system Rundll exe C Program Files PDFtypewriter Printer PDFtypewriter Printer Monitor exe C WINDOWS system ctfmon exe C Program Files Curse CurseClient exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS ehome mcrdsvc exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C WINDOWS eHome ehmsas exe C Program Files iPod bin iPodService exe C WINDOWS System alg exe C WINDOWS system dllhost exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS SYSTEM NOTEPAD EXE C Program Files Common Files Real Update OB realsched exe C Documents and Settings Owner Local Settings Temporary Internet Files Content IE PDZ FF J RSIT exe C WINDOWS system wbem wmiprvse exe C Program Files Trend Micro HijackThis Owner exe R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dll F - REG system ini UserInit C WINDOWS SYSTEM userinit exe C WINDOWS system sdra exe O - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dll O - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CHotkey zHotkey exe O - HKLM Run ShowWnd ShowWnd exe O - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - H... Read more

A:Keylogger Problem

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/keylogger-problem-373001.html
Relevancy 41.71%

Hi guys I really need help badly and ASAP call me paranoid but this type of thing has happened to me before and it s really pissing me off right now What happened was a friend of mine came to my house yesterday to copy some files from me so I copied it help! please keylogger Really problem, serious for him and later that day my PC ran a lot slower than usual like quot significantly quot slower My PC is a gaming PC so it s not running slow coz it sucks or anything it s running on i and GB ram with hd etc etc Anyway i built it myself and i m a pro in that part so it s not an old pc or anything Also i formatted my hardrive days ago so it s totally clean and fresh everything ran fine and well since days ago until yesterday after i copied Really serious keylogger problem, please help! the files to my friend s hardrive Not only did it run slow but also my PC froze after copying the files this NEVER happened to me before no matter how slow it could and should never slow to the point that it freezes I was able to run Crysis amp Starcraft at the same time while minimizing them both to copy files or burn DVDs basically doing tons of stuff without lag and Really serious keylogger problem, please help! this simple copying process to my friend s hardrive froze it just like that it s too suspicious I already did an antivirus scan with Microsoft Security Essentials Spybot Search amp Destroy Super Antivirus and Emisoft Anti-Malware and the results were all positive no viruses found and that s pretty Really serious keylogger problem, please help! logical and expected since i formatted days ago so i didn t install any crap or got infected So here s what i think maybe it s a keylogger This is the real problem i m worried about I had a keylogger on my PC be it logged my keystrokes and all the stuff I see on the screen i had my bank accounts stolen and Paypal and a bunch of other IDs stolen so this is a serious problem Keyloggers barely get detected by ANY antivirus programs since they only record keystrokes so aren t really considered viruses The obviously solution is to reformat my PC again since i only did it days ago i won t lose much anyway The problem is if my friend s hardrive did contain a keylogger which spread on my PC that means it ll spread onto my other hardrives connected to the same PC right Will it also spread over my wifi network I did a lot of Google search and of viruses are easily spread on USBs and that there s a possibility that they can also spread on a wifi home network So if my parents or siblings use wifi as well the virus will spread to their computers too through the router then My router is pretty good but i don t think it has firewall i checked the router homepage and it doesn t seem to have it so i m worried whether viruses now days can actually do that I also tried a system restore and that didn t even work it just hangs in the system restore screen that kept showing quot restoring registry files quot or something like that for over mins it shouldn t take this long and i never had it like this long especially that my PC is fresh after being formatted BTW I ve learned my lesson now and have gotten several good programs that disables autorun inf on USB as well as USB scanning programs with several other features But I really need some advice on what to do obviously i can simply reformat all the computers in my house but that would mean losing all the files on them But if i backup those files i obviously need to connect a USB to the PCs which would then get infected as well I m not sure if i can burn the files to DVD whether the viruses will somehow silently get burned to the disc without me knowing Sorry for this super long message and please don t think i m paranoid When you ve been keylogged before and lost over because someone had your bank account details you can t help but feel helpless and frustrated in a situation like this Now i can t even trust anyone with their USBs to copy files from me

A:Really serious keylogger problem, please help!

Hello, the best thing to do here is get a good deep look.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

http://www.bleepingcomputer.com/forums/t/361637/really-serious-keylogger-problem-please-help/
Relevancy 41.71%

SirThere is a keylogger running in my computer c windows system ggvokl exec program files bqjftllatpd ggvok exethis is the keylogger file I wanted a program that tells all the current running processes including this keylogger I tried process explorer and windows defender but in vain they do nt show ggvokl exe I'm new keylogger problem to bleeping comps and earlier created thread in some other section Here is a link to it http www bleepingcomputer com forums t windows-defender it was told to me by a moderator that its a rootkit infetion i wanted to know whatz rootkit infection and how to remove this program from startup and current processes And there was another problem there are too many svchosts exe running in my pc n i doubt the below mentioned svchost is it normal how do i stop it from current running processes and startup There are too keylogger problem many svchosts how'd i identify it Remote Access Connection Manager RasMan - Running Manual Not Stoppable Not Pausable - C Windows system svchost exe -k netsvcsThanks

Relevancy 41.71%

I have a keylogger and my People s bank account PayPal and multiple others accounts have been compromised I ve changed passwords but they keep getting compromised and I ll assume the keylogger is still present I ve run scans with SpyDoctor Norton ZoneAlarm is running etc Can someone look for anything suspicious in this HJT log I just ran EDIT Also is a keylogger an element that would be removed with a System Restore because I ll just do that HJT Problem Keylogger Log - if it will work Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system Keylogger Problem - HJT Log lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system ZoneLabs vsmon exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Keylogger Problem - HJT Log Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files Apple Keylogger Problem - HJT Log Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files Autodesk Shared Service AdskScSrv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA exe C Program Files DCPFLICS DCPFLICS exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Autodesk ds Max mentalray satellite raysat dsmax server exe C Program Files MySQL MySQL Server bin mysqld exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C Nexon Mabinogi npkcmsvc exe C Program Files NTR global NTRconnect NTRconnect exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Creative Shared Files Module Loader DLLML exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C Program Files Spyware Doctor pctsTray exe C Program Files Java jre bin jusched exe C Program Files Messenger msmsgs exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Mozilla Firefox firefox exe C WINDOWS system Tablet exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS ehome mcrdsvc exe C WINDOWS system WTablet TabUserW exe C WINDOWS system Tablet exe C WINDOWS system wuauclt exe C WINDOWS system dllhost exe C WINDOWS system wbem wmiprvse exe C Program Files iPod bin iPodService exe C Program Files Spyware Doctor pctsSvc exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files TechSmith SnagIt SnagItBHO dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - D D - D - A-B -A B - C WINDOWS system yaywurp dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO NAV Helper - A F D D-E - D -B A - BB FDD - C Program File... Read more

https://forums.techguy.org/threads/keylogger-problem-hjt-log.736021/
Relevancy 41.71%

Using Kaspersky and it found pdm keylogger but it won Keylogger PDM problem t let me quarantine or disinfect it What to do I m pasting the hijack log for your convenience in helping me Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program PDM Keylogger problem Files x GamesBar SearchEngineProtection exe C Program Files x Kaspersky Lab Kaspersky Internet Security avp exe C Program Files x iTunes iTunesHelper exe PDM Keylogger problem c Program Files x Hewlett-Packard TouchSmart Media Kernel CLML CLMLSvc exe c Program Files x Hewlett-Packard Media Live TV TVAgent exe c Program Files x Hewlett-Packard Media DVD DVDAgent exe C Program Files x Mozilla Firefox firefox exe C Program Files x HP Digital Imaging Smart Web Printing hpswp clipbook exe C Program Files x Mozilla Firefox plugin-container exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en US amp c amp bd bestbuy amp pf cnnb R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en US amp c amp bd bestbuy amp pf cnnb R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http search myheritage com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - d-c d - d -bd -b b a - no file F - REG system ini UserInit userinit exe O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO MHTBPos - C B -FD - a- E -D EE E F - C Program Files x Family Toolbar tbcore dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files x Kaspersky Lab Kaspersky Internet Security ievkbd dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files x Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO HelloWorldBHO - ABD B E -B - B-A - DAB D - C Program Files x Common Files Homepage Protection HomepageProtection dll O - BHO GamesBarBHO Class - CB D C-E F - - - E B A - C Program Files x GamesBar oberontb dll O - BHO Microsoft Live Search Toolbar Helper - d ce e -f a- - e- dc f c f - c Program Files x MSN Toolbar msneshellx dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO link filter bho - E CF -D - A- F - F A F - C Program Files x Kaspersky Lab Kaspersky Internet Security klwtbbho dll O - BHO ShopAtHomeIEHelper - E DAAA - CAA- b - - E E - C Program Files x SelectRebates Toolbar ShopAtHomeToolbar dll O - BHO Yontoo Layers - FD E- FDE- D-A A- BAB CAD - C Program Files x Yontoo Layers Client YontooIEClient dll O - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files x HP Digital Imaging Smart Web Printing hpswp BHO dll O - Toolbar Microsoft Live Search Toolbar - E ED C- CB - d -B E -AB C C - c Program Files x MSN Toolbar ... Read more

https://forums.techguy.org/threads/pdm-keylogger-problem.954045/
Relevancy 41.71%

Hi My computer has been running very slow and web pages are continuously dropping out I ran my Symantec antivirus program and it didn't Problem Keylogger find anything - so I downloaded Kaspersky and it's picking up a keylogger intrusion I noticed from other posts that you require a DDS log A Keylogger Problem copy of mine is below You assistance is much appreciated Zoppola DDS Ver - - - NTFSx Run by Ange at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV Kaspersky Internet Security On-access scanning enabled Updated AV Symantec AntiVirus Corporate Edition On-access scanning enabled Updated FW Symantec Client Firewall disabled FW Kaspersky Internet Security enabled Running Processes C WINDOWS XPHOME system Ati evxx exe C Keylogger Problem WINDOWS XPHOME system svchost -k DcomLaunch svchost exe C WINDOWS XPHOME System svchost exe -k netsvcs svchost exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS XPHOME system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Symantec Client Security Symantec Client Firewall CfgWzSvc exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files Java jre bin jqs exe C WINDOWS XPHOME system svchost exe -k imgsvc C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C Program Files Symantec Client Security Symantec Client Firewall SymSPort exe C WINDOWS XPHOME system SearchIndexer exe C WINDOWS XPHOME system Ati evxx exe C WINDOWS XPHOME Explorer EXE C Program Files Common Files Symantec Shared SNDSrvc exe C WINDOWS XPHOME system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS XPHOME system ElkCtrl exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT SYMANT VPTray exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS XPHOME system ctfmon exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files iPod bin iPodService exe C WINDOWS XPHOME System svchost exe -k HTTPFilter C Program Files Mozilla Firefox firefox exe C Documents and Settings Ange Desktop dds scr Pseudo HJT Report uStart Page hxxp www smh com au uInternet Settings ProxyOverride local BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky internet security ievkbd dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun CTFMON EXE c windows xphome system ctfmon exe uRun ErrorRepairPro c program files error repair professional autostart exe uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun LVCOMSX c windows xphome system LVCOMSX EXE mRun LogitechCameraAssistant c program files logitech video CameraAssistant exe mRun LogitechVideo inspector c program files logitech video InstallHelper exe inspect mRun LogitechCameraService E c windows xphome system ElkCtrl exe automation mRun ATIPTA quot c program files ati technologies ati control panel atiptaxx exe quot mRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exe mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun vptray c progra symant symant VPTray exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun AVP quot c program files kaspersky lab kaspersky internet security avp exe quot mRun Qu... Read more

A:Keylogger Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/214066/keylogger-problem/
Relevancy 41.71%

Hey there I m from Portugal and I need your help Yesterday I noticed something was wrong with my keyboard as I think Keylogger have problem I a I couldnt put accents on top of letters such as and They are meant to go above vowels but instead they just appear twice and I think I have a Keylogger problem before the letter I searched to see if the language of my computer was right and it is Then I heard it could be a keylogger I tried spyhunter free scan and I had ZLOB so I removed all the infections manually since to remove them you have to pay I have AVG and it didnt detect anything I installed Spybot deleted all the infections installed Ad-Aware deleted all the infections I ran Antispy and sent files to quarantine I think I have a Keylogger problem one was a MSN file I think I have a Keylogger problem something along the lines of MSNchathook another was a dll file from the Windows file and another an Acer file Tried fixbugbear and it didnt find anything either I do not know what to do I still have the same problem which is a annoying cos I cant write articles in my own language since those accents are essential the problem if its a keylogger can be a lot worse Please help I m starting to panic and since i m no computer whiz I m afraid I might start removing important files from my computer I have hijackthis and Ccleaner installed too of which I have used both but since I dont understand anything I just deleted history cookies etc with CCleaner I m desperate and I urgently need someone experient to help me Thank you and I await your reply

A:I think I have a Keylogger problem

If you are using Spybot's Teatimer function, disable it for now---------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/t/218785/i-think-i-have-a-keylogger-problem/
Relevancy 41.71%

Hi, I play a lot of online games, namely World of War craft. I recently got my account compromised from key logger, and I want to find it and remove it. I have ran Spybot, AVG, and Malewarebytes and none of them found any problems. Are there any other steps I could take to remove this problem? Any help would be appreciated.

A:Keylogger Problem I think

How did you confirm a keylogger was installed on your system?Please post the complete results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease perform a scan with Kaspersky Online Virus Scanner.-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.Read the "Advantages - Requirements and Limitations" then press the ... button.You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:Detect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers and other potentially dangerous programsScan compound files (doesn't apply to the File scan area):
Archives
Mail databasesClick on My Computer under the Scan section. OK any warnings from your protection programs.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.Click on Save Report As... and change the Files of type to Text file (.txt)Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

http://www.bleepingcomputer.com/forums/t/307054/keylogger-problem-i-think/
Relevancy 41.71%

Hi guys I really need help badly and ASAP call me paranoid but this type of thing has happened to me before and it's really pissing me off right now What happened was a friend of mine came to my house yesterday to keylogger please problem, Really help! serious copy some files from me so Really serious keylogger problem, please help! I copied it Really serious keylogger problem, please help! for him and later that day my PC ran a lot slower than usual Really serious keylogger problem, please help! like quot significantly quot slower My PC is a gaming PC so it's not running slow coz it sucks or anything it's running on i and GB ram with hd etc etc Anyway i built it myself and i'm a pro in that part so it's not an old pc or anything Also i formatted my hardrive days ago so it's totally clean and fresh everything ran fine and well since days ago until yesterday after i copied the files to my friend's hardrive Not only did it run slow but also my PC froze after copying the files this NEVER happened to me before no matter how slow it could and should never slow to the point that it freezes I was able to run Crysis amp Starcraft at the same time while minimizing them both to copy files or burn DVDs basically doing tons of stuff without lag and this simple copying process to my friend's hardrive froze it just like that it's too suspicious I already did an antivirus scan with Microsoft Security Essentials Spybot Search amp Destroy Super Antivirus and Emisoft Anti-Malware and the results were all positive no viruses found and that's pretty logical and expected since i formatted days ago so i didn't install any crap or got infected So here's what i think maybe it's a keylogger This is the real problem i'm worried about I had a keylogger on my PC be it logged my keystrokes and all the stuff I see on the screen i had my bank accounts stolen and Paypal and a bunch of other IDs stolen so this is a serious problem Keyloggers barely get detected by ANY antivirus programs since they only record keystrokes so aren't really considered viruses The obviously solution is to reformat my PC again since i only did it days ago i won't lose much anyway The problem is if my friend's hardrive did contain a keylogger which spread on my PC that means it'll spread onto my other hardrives connected to the same PC right Will it also spread over my wifi network I did a lot of Google search and of viruses are easily spread on USBs and that there's a possibility that they can also spread on a wifi home network So if my parents or siblings use wifi as well the virus will spread to their computers too through the router then My router is pretty good but i don't think it has firewall i checked the router homepage and it doesn't seem to have it so i'm worried whether viruses now days can actually do that I also tried a system restore and that didn't even work it just hangs in the system restore screen that kept showing quot restoring registry files quot or something like that for over mins it shouldn't take this long and i never had it like this long especially that my PC is fresh after being formatted BTW I've learned my lesson now and have gotten several good programs that disables autorun inf on USB as well as USB scanning programs with several other features But I really need some advice on what to do obviously i can simply reformat all the computers in my house but that would mean losing all the files on them But if i backup those files i obviously need to connect a USB to the PCs which would then get infected as well I'm not sure if i can burn the files to DVD whether the viruses will somehow silently get burned to the disc without me knowing Sorry for this super long message and please don't think i'm paranoid When you've been keylogged before and lost over because someone had your bank account details you can't help but feel helpless and frustrated in a situation like this Now i can't even trust anyone with their USBs to copy files from me

A:Really serious keylogger problem, please help!

Hello and welcome to TSF.

It's not possible to give advice one way or the other without the requested logs.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

==================


The following tool will prevent the spread of infections via USB. Run it on all machines in the network and the USB drives, if you haven't already.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

http://www.techsupportforum.com/forums/f100/really-serious-keylogger-problem-please-help-529738.html
Relevancy 41.71%

Hey apparently i have a keylogger in my pc or had one since i ran multiple malware spyware anti-viruses used hijackthis to get a log can any of you guys tell if something s wrong with my computer problem Keylogger log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files VDOTool TBPanel exe C WINDOWS system RUNDLL EXE C Program Files Winamp winampa exe C WINDOWS RTHDCPL EXE C Program Files Skype Phone Skype exe C Program Files Curse CurseClient exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system nvsvc exe C WINDOWS system wdfmgr exe C WINDOWS system wbem unsecapp exe C WINDOWS system wbem wmiprvse exe C WINDOWS System alg exe C WINDOWS system wbem wmiprvse exe C WINDOWS system wscntfy exe C Program Files Keylogger problem Lavasoft Ad-Aware AAWTray exe C WINDOWS system wuauclt Keylogger problem exe C Program Files Mozilla Firefox firefox exe C Program Files Keylogger problem Trend Micro HijackThis HijackThis exe O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C PROGRA Skype Phone IEPlugin SKYPEI DLL O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run TBPanel C Program Files VDOTool TBPanel exe A O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimized O - HKCU Run CurseClient C Program Files Curse CurseClient exe -silent O - HKCU Run Messenger Yahoo quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - Extra button Skype add-on - BF - - EC - -D B E B - C PROGRA Skype Phone IEPlugin SKYPEI DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dll O - Extra Tools menuitem Spybot - Search amp amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - HKLM System CCS Services Tcpip FBAA EA- C - FD - -D E D C NameServer O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Service Lavasoft Ad-Aware Service - Lavasoft - C Program Files Lavasoft Ad-Aware AAWService exe O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exe -- End of file - bytes nbsp

https://forums.techguy.org/threads/keylogger-problem.932178/
Relevancy 41.71%

Hi everyone I have the following problem I clicked some link in some forums and it seems the link had a keylogger My antivirus avast poped and gave me a warning about this so I clicked quot abort connection quot Also I pulled the dsl cable out right away and closed the window After that I was unsure wether the keylogger had gotten through or not so I have done the following -Downloaded and used ATF cleaner -Ran scans with Ad-aware Spybot Search amp Destroy MalwareBytes' Anti-Malware report to follow And deleted all the problems any of those found -Ran scans with Avast version and virus database actualized and online scan with BitDefender BitDefender didnt detect any problems When I run the scan with avast if I set the quot thorough quot option I get a message with posibly infected files and it advices me to restart the computer and do a scan on boot I have done that and it doesnt detect any problems in the scan on boot But if I run the scan again again on quot thorough quot option I get the same message as before with the same posibly infected files and again advicing me to reboot the pc Nevertheless if I run a standard scan it doesnt detect any problems I realize maybe Im being a bit quot overprotective quot of my pc but a key logger could put me in lots and lots of trouble so I really want to make sure that I dont actually have one I hope you guys can help me Here is my MalwareBytes' Anti-Malware report followed by my hijackthis report MBAM Database version Windows Service Pack mbam-log- problem? Keylogger - - - - txt Scan type Full Scan C D Keylogger problem? Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Keylogger problem? Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected Hijackthis Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Archivos de programa Lavasoft Ad-Aware aawservice exe C Archivos de programa Alwil Software Avast aswUpdSv exe C Archivos de programa Alwil Software Avast ashServ exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Archivos de programa Synaptics SynTP SynTPLpr exe C Archivos de programa Synaptics SynTP SynTPEnh exe C Archivos de programa Arcade PCMService exe C WINDOWS system spoolsv exe C ARCHIV ALWILS Avast ashDisp exe D iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Archivos de programa Spybot - Search amp Destroy TeaTimer exe C Archivos de programa Archivos comunes Apple Mobile Device Support bin AppleMobileDeviceService exe C Archivos de programa Bonjour mDNSResponder exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C Archivos de programa Alwil Software Avast ashMaiSv exe C Archivos de programa Alwil Software Avast ashWebSv exe C Archivos de programa iPod bin iPodService exe C Archivos de programa Mozilla Firefox firefox exe C Archivos de programa Windows Live Messenger msnmsgr exe C WINDOWS system NOTEPAD EXE C Archivos de programa Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext http global acer com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName V nculos O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Archivos de programa Archivos ... Read more

A:Keylogger problem?

Hello RBlade,

We need more information. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

http://www.techsupportforum.com/forums/f284/keylogger-problem-324093.html
Relevancy 41.71%

Hello everyone As you can tell I'm new to this site and have come here in my desperate attempts to get rid of a very nasty keylogger that please don't laugh keeps stealing my World of Warcraft account information It started a Keylogger problem few weeks ago and after the account was compromised I tried all sorts of anti-malware software until MalwareBytes' AntiMalware finally found and deleted what appeared to be said keylogger Today the account got hacked again In a rash decision I ran ComboFix without Keylogger problem reading the disclaimer first Keylogger problem Fortunately it had no visible consequences However I am unsure if that actually helped get rid of the trojan so I'm attaching the DDS and RootRepeal logs DDS FileDDS Ver - - - NTFSx Run by Sergey at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exesvchost exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC PROGRA AVG AVG avgtray exeC Program Files Logitech GamePanel Software LgDevAgt exeC Program Files Logitech GamePanel Software LCD Manager LCDMon exeC Program Files NVIDIA Corporation nTune nTuneService exeC Program Files MarkAny ContentSafer MAAgent exeC Program Files RivaTuner v RivaTuner exeC Program Files Ask amp Record Toolbar FLVSrvc exeC PROGRA AVG AVG avgrsx exeC Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exeC WINDOWS system RUNDLL EXEC Program Files Logitech GamePanel Software Applets LCDRSS exeC PROGRA MICROS rapimgr exeC WINDOWS system svchost exe -k imgsvcC Program Files Hamachi hamachi exeC WINDOWS System StkSrv K exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files NVIDIA Corporation System Update UpdateCenterService exeC Program Files Viewpoint Common ViewpointService exeC Program Files Lavasoft Ad-Aware AAWTray exeC WINDOWS explorer exeC WINDOWS system rundll exeC Program Files AVG AVG avgui exeC Program Files Opera opera exeC Documents and Settings Sergey Local Settings Application Data Opera Opera profile cache temporary download dds scr Pseudo HJT Report uStart Page about blankuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchURL Default hxxp www google com search q suURLSearchHooks H - No FileuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllmURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Ask amp amp Record Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dllTB Ask amp amp Record Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dllTB F B - D - FE - A -BBB ... Read more

A:Keylogger problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/259952/keylogger-problem/
Relevancy 41.71%

Hello everyone,

I have a problem with a keylogger type program. I know this because my yahoo e-mail account sends some of my friends spam on the messanger and that i an account to an online game that i play has been stolen.

I have used the following softwares in the following order:
1. ATF Cleaner
2. Ad-aware 2008 Free
3. Spybot Search & Destroy
4. MBAM (MalwareBytes' Anti-Malware)
5. Full system scan with two online virusscanners: BitDefender and Panda

You can find the dds and gmer logs below.

Could you please tell me what to do to make sure my system is safe?

Thank you in advance.

A:Keylogger problem

Hello and welcome to TSF.

Sorry for not being able to have replied to your topic. If you still need help, please start a new thread and post a fresh set of logs requested in our pre-posting process outlined below, as it has been quite a while since you posted:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

http://www.techsupportforum.com/forums/f100/keylogger-problem-379625.html
Relevancy 41.71%

Hi All.... Hope someone here can help me... I have a win 98 system that had heapsof spyware/adware and viruses etc on it.. ran Cleanup, Ad-Aware Se and VX2, Spybot S&D and fixed everything it saidneeded fixing. Ran Housecall and all ok.... then I wentto do a Hijack this in safe mode and it kept comingup with "outof memory" warning... As this is not my computer \, my friend then purchased Spyware Doctor and after running that it has given me heaps problems. Have found mslagent and egdaccess and have remove registry entries etc but when Spyware Doctor runs it locks up when it gets to Keylogger. It lockedup to start with on Keylogger.cone.trojan but seems to clear that problem,now it just locks at Keylogger..

Any assistance would be greatly appreciated.. Cheers Susan

A:Keylogger problem

What version of HJT are you using? The newest one has been known to crash on Win98 systems.

Also, it's better to run it in Normal Mode, to see everything.

-----

The previous version......

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis1982.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it in the forum. Do not fix anything in HijackThis since they may be harmless.

http://www.techsupportforum.com/forums/f100/keylogger-problem-34637.html
Relevancy 41.71%

I believe i have a keylogger as i play WoW yes i play WoW lol and it seems that i got hacked which Problem Keylogger with sucks i have run AVG spybot and nothing showed up But when i ran the free version of Elite Anti Keylogger which i Downloaded it found a file called PhoPlugin dll I googled it and found that some other people had the same file which they found Problem with Keylogger was a keylogger that they obtained form the same WoW forums that i did Heres the Hijack this log file Logfile of Trend Micro HijackThis v Scan saved at p m on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Widestep Software Elite Antikeylogger wseaksrv exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Ahead InCD InCDsrv exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system wdfmgr exe C WINDOWS system UAService exe C WINDOWS system MsPMSPSv exe C PROGRA Grisoft AVG avgcc exe C Program Files Java jre bin jusched exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXE C WINDOWS system CTHELPER EXE C Program Files CyberLink DVD Solution PowerDVD PDVDServ exe C Program Files Ahead InCD InCD exe C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C Program Files Widestep Software Elite Antikeylogger wseakadm exe C Program Files Creative MediaSource RemoteControl RCMan EXE C WINDOWS system ctfmon exe C Program Files Widestep Software Elite Antikeylogger wseakadm exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files iPod bin iPodService exe C WINDOWS System alg exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Spyware Doctor pctsTray exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - URLSearchHook no name - - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - BHO IEHelper Class - EE - D- B - - DC F - C WINDOWS system BhoPlugin dll O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe r O - HKLM Run CTDVDDET C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXE O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe r O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run RemoteControl quot C Program Files CyberLink DVD Solution PowerDVD PDVDServ exe quot O - HKLM Run InCD C Program Fi... Read more

A:Problem with Keylogger

Hello, chief101
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:OTViewIt.txt <-- Will be opened
Extra.txt <-- Will be minimized


We need to scan for rootkits with GMERPlease download gmer.zip and save to your desktop.alternate download site 1
alternate download site 2

Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
When you have done this, disconnect from the Internet and close all running programs.
Note: There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:System Protection and Tracing
Processes
Save created processes to the log
Drivers
Save loaded drivers to the log

You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Important! Please do not select the "Show all" checkbox during the scan.
Click on the "Scan" and wait for the scan to finish.Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.

When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:OTViewIt.txt
Extra.txt
GMER's Log


Billy3

http://www.techsupportforum.com/forums/f284/problem-with-keylogger-291421.html
Relevancy 41.71%

Hi I recently had my World of Warcraft account hacked and I am unsure of whether or not a keylogger was the culprit I had taken the liberty to scan my computer with Norton Antivirus AVG Free Spybot - Search amp Destroy Malwarebytes and HijackThis Afterward I found out that various forums will analyze logs for you to assist in resolving your keylogger Possible problem. issues and I found this place while looking for remedies to Possible keylogger problem. my possible keylogger Anyway I made a DDS log as well as Possible keylogger problem. the attach zip and would much appreciate any help I could get with this problem my computer feels like a CDC Hot-zone right now posting from work so I wouldn't be using it --------------------------------------------- DDS Ver - - - NTFSx Run by Mark at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV Norton Internet Security On-access scanning enabled Updated E A - - -B - C C F FW Norton Internet Security enabled C A C -F F- AC -B -A E C F Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C WINDOWS system svchost exe -k hpdevmgmt C WINDOWS system JWPEN exe C WINDOWS System svchost exe -k HPZ C Program Files Norton Internet Security Engine ccSvcHst exe C WINDOWS System svchost exe -k HPZ C Program Files Common Files Protexis License Service PsiService exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system Tablet exe C WINDOWS wanmpsvc exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Norton Internet Security Engine ccSvcHst exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Dell Media Experience PCMService exe C Program Files MusicMatch MusicMatch Jukebox mmtask exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C PROGRA SBCSEL SMARTB MotiveSB exe C WINDOWS system dla tfswctrl exe C Program Files ATI Multimedia main ATIDtct EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files AOL ee AOLSoftware exe C WINDOWS system ctfmon exe C Program Files AOL waol exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files AOL ACS AOLacsd exe C Program Files AOL shellmon exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgtray exe C PROGRA AVG AVG avgnsx exe C Program Files Common Files Real Update OB realsched exe C Program Files Mozilla Firefox firefox exe C WINDOWS system NOTEPAD EXE C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system NOTEPAD EXE C WINDOWS system wuauclt exe C Documents and Settings Mark Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uDefault Page URL hxxp www dell me com myway uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mDefault Search URL hxxp www google com ie mStart Page hxxp www google com uInternet Settings ProxyOverride uSearchURL Default hxxp www google com keyword s mCustomizeSearch hxxp search jword jp jwd sb srchcust htm ielang SUB RFC uURLSearchHooks MyUrlSrcHook Class d a a-b - c -a - a b e - mWinlogon System csxnr exe BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program files norton internet security engine coIEPlg dll BHO Sym... Read more

http://www.techsupportforum.com/forums/f284/possible-keylogger-problem-414098.html
Relevancy 41.71%

About a couple of days ago i got a keylogger on my PC I have virus scanned my PC with Norton anti virus and spy bot search and destroy MalwareBytes Anti-Malware I got it from downloading the keylogger by accident and saving it to my PC I m not sure where Would like some one to take a look at my log hoping that i got rid of it Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT problem. keylogger MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C keylogger problem. Program Files AskBarDis bar bin AskService keylogger problem. exe C Program Files AskBarDis bar bin ASKUpgrade exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C keylogger problem. Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C WINDOWS system svchost exe C Program Files VentSrv ventrilo svc exe C Program Files VentSrv ventrilo srv exe C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C WINDOWS System spool DRIVERS W X E FATIADE EXE C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Windows Media Player WMPNSCFG exe C WINDOWS eHome ehmsas exe C WINDOWS System svchost exe C WINDOWS system dllhost exe C PROGRA COMMON SYMANT CCPD-LC symlcsvc exe C WINDOWS system wuauclt exe C Program Files Java jre bin jucheck exe C Program Files Mozilla Firefox firefox exe C WINDOWS system PnkBstrB exe C Program Files Vuze Azureus exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG system ini UserInit C WINDOWS system userinit exe O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Common Files Symantec Shared coShared Browser CoIEPlg dll O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run PinnacleDriverCheck C WINDOWS system PSDrvCheck exe -CheckReg O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run EPSON Stylus DX Series C WINDOWS System spool DRIVERS W X E FATIADE EXE P quot EPSON Stylus DX Series quot O quot USB quot M quot Stylus DX quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run osCheck quot C P... Read more

Relevancy 41.71%

Got a keylogger some weeks ago problem Keylogger who stole my wow-account I have now got it back but dare not log on until I m sure the keylogger is gone So I was hoping you could maybe help me detect and remove it or at least give Keylogger problem me any information about how I can remove it Please note that I have little to no knowledge about stuff like this HJT log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP Keylogger problem SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C Keylogger problem WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Programfiler Alwil Software Avast aswUpdSv exe C WINDOWS system Ati evxx exe C Programfiler Lavasoft Ad-Aware AAWService exe C Programfiler Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system rundll exe C Programfiler Synaptics SynTP SynTPEnh exe C Programfiler Launch Manager HotkeyApp exe C Programfiler ATI Technologies ATI ACE Core-Static MOM EXE C PROGRA AVG AVG avgtray exe C Programfiler CyberLink PowerDVD PDVDServ exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Programfiler Windows Live Messenger MsnMsgr Exe C Programfiler Messenger msmsgs exe C Documents and Settings Bruker Programdata SanDisk Sansa Updater SansaDispatch exe C Programfiler Spybot - Search amp Destroy TeaTimer exe C PROGRA AVG AVG avgwdsvc exe C Programfiler Adobe Acrobat Reader reader sl exe C Programfiler ATI Technologies ATI ACE Core-Static ccc exe C WINDOWS system svchost exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Programfiler Telenor Mobile Broadband Sesam BIN SecMIPService exe C PROGRA AVG AVG avgemc exe C Programfiler AVG AVG avgcsrvx exe C Programfiler Alwil Software Avast ashMaiSv exe C Programfiler Alwil Software Avast ashWebSv exe C Programfiler Launch Manager WisLMSvc exe C WINDOWS system wuauclt exe C Programfiler Lavasoft Ad-Aware AAWTray exe C Programfiler Mozilla Firefox firefox exe C Programfiler Windows Live Messenger usnsvc exe C Programfiler Trend Micro HijackThis HijackThis exe C WINDOWS system WBEM WMIADAP EXE R - HKCU Software Microsoft Internet Explorer Main Start Page www sol no R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Koblinger O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programfiler Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Programfiler Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Programfiler AVG AVG avgssie dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programfiler Java jre bin ssv dll O - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Programfiler Fellesfiler Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run StartCCC C Programfiler ATI Technologies ATI ACE Core-Static CLIStart exe O - HKLM Run SynTPEnh C Programfiler Synaptics SynTP SynTPEnh exe O - HKLM Run HotkeyApp quot C Programfiler Launch Manager HotkeyApp exe quot O - HKLM Run CtrlVol C Programfiler Launch Manager CtrlVol exe O - HKLM Run LaunchAp C Programfiler Launch Manager LaunchA... Read more

Relevancy 41.71%

Hi i have a keylogger problem that i do not understand and for some reason i cant get ridd off i saw a forum post keylogger problem that i followed did everything there and now i am posting here for an advise help since i dont know so much about computers etc i am new to things like this so go easy keylogger problem on me P Ohh and here is my Hijack logg Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files COMODO COMODO Internet Security cmdagent exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C PROGRA ALWILS Avast ashDisp exe C PROGRA AVG AVG avgtray exe C Program Files COMODO COMODO Internet Security cfp exe C WINDOWS system ctfmon exe C WINDOWS system spoolsv exe C Program Files AskBarDis bar bin AskService exe C Program Files AskBarDis bar bin ASKUpgrade exe C PROGRA AVG AVG avgwdsvc exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Java jre bin jqs exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS system PnkBstrA exe C WINDOWS System svchost exe C Program Files Common Files Siemens sws almsrv almsrvx exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS System svchost exe C Program Files Alwil Software Avast setup avast setup C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run COMODO Internet Security quot C Program Files COMODO COMODO Internet Security cfp exe quot -h O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes Anti-Malware mbam exe quot runcleanupscript O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - Run CTFMON E... Read more

Relevancy 41.28%

Hello I ve been having trouble now for a week with some nerd hacking my world of warcraft account possibly keylogger/spyware/whatever with Problem through Problem with keylogger/spyware/whatever a keylogger spyware anyway as I reported this to the game masters they closed down my account and sent me a forum post on how to remove keyloggers etc link http forums wow-europe com thread html topicId amp sid As I went through the whole list I couldnt find any infections throughout the whole scanning process with all these programs so I now turn to you guys with my hijackthis log I m gratefull for any response you guys can give me thank you for your time Andreas Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Alwil Software Avast AvastSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C WINDOWS RTHDCPL EXE C Program Files Microsoft Office Office GrooveMonitor exe C PROGRA ALWILS Avast avastUI exe C Program Files Windows Live Messenger msnmsgr exe C WINDOWS system ctfmon exe C Program Files Steam Steam exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files BitComet BitComet exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files foobar foobar exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS system NOTEPAD EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run SkyTel SkyTel EXE O - HKLM Run StartCCC quot C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe quot MSRun O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run avast C PROGRA ALWILS Avast avastUI exe nogui O - HKLM RunOnce Malwarebytes Anti-Malware C Program Files Malwarebytes Anti-Malware mbamgui exe install silent O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run Steam quot C Program Files Steam Steam exe quot -silent O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User LOCAL SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User NETWORK SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User Default user O - Extra context menu item amp D amp ownload amp with BitComet - res C Program Files BitComet BitComet exe AddLink htm O - Extra context menu item amp D amp ownload all video with BitComet - res C Program Files BitComet BitComet exe AddVideo htm O - Extra context menu item amp D amp ownload all with BitComet - res C Program Files BitComet BitComet exe AddAllLink htm O - Extra context menu item E amp xport to Microso... Read more

https://forums.techguy.org/threads/problem-with-keylogger-spyware-whatever.918957/
Relevancy 41.28%

i think i have a virus and keyloggers in my comppls help me Virus Problem Keylogger And find and deleteheres my hjt logLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Sygate SPF smc exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC windows system hpsysdrv exeC WINDOWS System hphmon exeC WINDOWS AGRSMMSG exeC WINDOWS System spool drivers w x hpztsb exeC WINDOWS system igfxtray exeC Program Files Java jre bin jusched exeC Virus And Keylogger Problem Program Files iTunes iTunesHelper exeC WINDOWS system hkcmd exeC WINDOWS system ctfmon exeC WINDOWS system wdfmgr exeC Program Files SpywareGuard sgmain exeC Program Files iPod bin iPodService exeC Program Files SpywareGuard sgbhp exeC WINDOWS Virus And Keylogger Problem System alg exeC WINDOWS System wbem wmiprvse exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC Program Files Norton AntiVirus IWP NPFMntor exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Spyware Doctor sdhelp exeC Program Files Spyware Doctor swdoctor exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgamsvr exeC Program Files Grisoft AVG avgcc exeC Program Files Webroot Spy Sweeper SpySweeper exeC Program Files Webroot Spy Sweeper WRSSSDK exeC Program Files Internet Explorer iexplore exeC PROGRA MOZILLA ORG MOZILLA MOZILLA EXEC Documents and Settings Owner Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http e my yahoo com config my init intl tner my from iR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exeO - HKLM Run HPHmon C WINDOWS System hphmon exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exeO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run ISS SIP C Program Files Anti Keylogger Elite AKE exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SSC UserPrompt quot C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe quot O - HKLM Run NAV CfgWiz quot C Program Files Norton AntiVirus CfgWiz exe... Read more

A:Virus And Keylogger Problem

can u guys also give me a good keylogger scanner and virus and trojan scanner

http://www.bleepingcomputer.com/forums/t/54120/virus-and-keylogger-problem/
Relevancy 41.28%

I bought some keylogger software( I don't remember the name of the company) about four years ago for one of my computers.
I rarely use the computer. I booted it up the other day and I can't remember the passcode to get into it. I thought it was pressing the the "Clrl,Alt,F12" buttoms at the same time, but it didn't work. I Know this is a longshot asking the question, but I ran out of options
 

A:Solved: Keylogger Problem

djv
welcome to tech support guy,

on this forum,
it is NOT permissable for a member to help with requests, such as your request would fall under as you're asking it,
hacks - cracks - passwords
try HERE:

thank you for your understanding,

NOTE: THIS is about all the help that you can be offered, ms has this to say about it:
What to do if you forget your Windows password
http://windowshelp.microsoft.com/Windows/en-IN/help/66b61e8e-341d-453b-9edd-234301dfd7e51033.mspx
[just my opinion, a moderator may see it differently]
 

https://forums.techguy.org/threads/solved-keylogger-problem.842345/
Relevancy 41.28%

Logfile of Trend Micro HijackThis v Scan saved at on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Norton Internet Security Engine ccSvcHst exe C Program please. Check log problem Keylogger this Files x Windows Live Messenger msnmsgr exe C Program Files x Steam Steam exe C Program Files x Skype Phone Skype exe C Program Files x Java jre bin jusched Check this log please. Keylogger problem exe C Program Files x Lavasoft Ad-Aware AAWTray exe C Program Files x Skype Plugin Manager skypePM Check this log please. Keylogger problem exe C Program Files x Windows Live Contacts wlcomm exe C Program Files x Opera Opera exe C Users Kasper AppData Local Google Update GoogleUpdate exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Symantec NCO BHO - ADB E- AFF- - AA - DAC DFA - C Program Files x Norton Internet Security Engine coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C Program Files x Norton Internet Security Engine IPSBHO DLL O - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files x Norton Internet Security Engine coIEPlg dll O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files x Common Files Adobe ARM AdobeARM exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run StartCCC quot c Program Files x ATI Technologies ATI ACE Core-Static CLIStart exe quot MSRun O - HKLM Run ATICustomerCare quot c Program Files x ATI ATICustomerCare ATICustomerCare exe quot O - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRun O - HKCU Run msnmsgr quot C Program Files x Windows Live Messenger msnmsgr exe quot background O - HKCU Run Steam quot C Program Files x Steam Steam exe quot -silent O - HKCU Run DAEMON Tools Pro Agent quot C Program Files x DAEMON Tools Pro DTProAgent exe quot -autorun O - HKCU Run Skype quot C Program Files x Skype Phone Skype exe quot nosplash minimized O - HKCU Run Google Update quot C Users Kasper AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run RESTART STICKY NOTES C Windows System StikyNot exe O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOKAL TJENESTE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOKAL TJENESTE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETTVERKSTJENESTE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETTVERKSTJENESTE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Gopher Prefix O - DP... Read more

https://forums.techguy.org/threads/check-this-log-please-keylogger-problem.905425/
Relevancy 41.28%

Well I can't really say much I've done the Housecall the Stinger the Nod the S amp D Windows Update and so on Some things have been removed maybe the problem has been removed I just want to post a Possible Unknown Keylogger? Problem, log here and have someone take a look and say it's all OK Please Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Eset nod Unknown Problem, Possible Keylogger? krn exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC Program Files Toshiba TOSHIBA Applet TAPPSRV exeC PROGRA COMMON X Common x nets exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS AGRSMMSG exeC WINDOWS eHome ehmsas exeC Program Files Toshiba Toshiba Applet thotkey exeC Program Files Synaptics SynTP Toshiba exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Unknown Problem, Possible Keylogger? Files TOSHIBA Tvs TvsTray exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files Google Google Talk googletalk exeC WINDOWS system TPSBattM exeC Program Files Eset nod kui exeC Program Files Java jre bin jusched exeC WINDOWS RTHDCPL EXEC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS system igfxsrvc exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files iTunes iTunesHelper exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS System svchost exeC WINDOWS system ctfmon exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Last fm LastFMHelper exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files iPod bin iPodService exeC PROGRA NETSCAPE NAVIGA NAVIGA EXEC Program Files Trend Micro HijackThis HJT exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run THotkey C Program Files Toshiba Toshiba Applet thotkey exeO - HKLM Run TPSMain TPSMain exeO - HKLM Run NDSTray exe NDSTray exeO - HKLM Run Tvs C Program Files TOSHIBA Tvs TvsTray exeO - HKLM Run SmoothView C Program Files TOSHI... Read more

A:Unknown Problem, Possible Keylogger?

Hi Strummer, Welcome to the forum,

We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like. If you still require help please post a new HijackThis log into this topic and I'd be happy to assist.

Thanks

Andy

http://www.bleepingcomputer.com/forums/t/115614/unknown-problem-possible-keylogger/
Relevancy 41.28%

i think i am infected with virus and keylogger
pls help me find it and delete it

A:Virus And Keylogger Problem

The best way to do this is to run a little program called HiJackThis. This program creates a log. Then you paste the log into the HiJackThis forum here at Bleeping Computer. An expert will help you get rid of the malware on your computer. It takes a little time, and it takes a little patience, but it almost always works!Oh, and you must be good at following instructions, as there will be some to follow. The following instructions will walk you through the process of creating a log:FIRSTRead the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.) NEXTPost your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.FINALLYIf, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.You are in good hands! Good luck!

http://www.bleepingcomputer.com/forums/t/54107/virus-and-keylogger-problem/
Relevancy 41.28%

Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Hijack problem This log Keylogger - Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe Hijack This log - Keylogger problem C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C Program Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Program AVG AVG avgwdsvc exe C Program Java jre bin jqs exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C Program AVG AVG avgam exe C Program AVG AVG avgrsx exe C Program AVG AVG avgnsx exe C WINDOWS system svchost exe C Program AVG AVG avgemc exe C Program TortoiseSVN bin TSVNCache exe C Program AVG AVG avgcsrvx exe C WINDOWS SOUNDMAN EXE C Program Java jre bin jusched exe C Program AVG AVG avgtray exe C Program Razer Diamondback G razerhid exe C Program Microsoft ActiveSync Wcescomm exe C Program MI AA rapimgr exe C Program Razer Diamondback G razertra exe C WINDOWS system wuauclt exe C Program Razer Diamondback G razerofa exe C WINDOWS system ctfmon exe C Program Microsoft ActiveSync WCESMgr exe C Program Lavasoft Ad-Aware AAWTray exe C Program Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program AVG AVG avgssie dll O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Delade filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run SoundMan quot SOUNDMAN EXE quot O - HKLM Run SunJavaUpdateSched quot C Program Java jre bin jusched exe quot O - HKLM Run AVG TRAY C Program AVG AVG avgtray exe O - HKLM Run Diamondback quot C Program Razer Diamondback G razerhid exe quot O - HKCU Run H PC Connection Agent quot C Program Microsoft ActiveSync Wcescomm exe quot O - HKCU Run msnmsgr quot C Program Windows Live Messenger msnmsgr exe quot background O - HKCU Run FreeCall quot C Program FreeCall com FreeCall FreeCall exe quot -nosplash -minimized O - HKCU Run RGSC C Program Rockstar Games Rockstar Games Social Club RGSCLauncher exe silent O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - RunOnce nltide regsvr s n i U shell User LOKAL TJ NST O - HKUS S- - - RunOnce nltide regsvr s n i U shell User NETWORK SERVICE O - HKUS S- - - RunOnce nltide regsvr s n i U shell User SYSTEM O - HKUS DEFAULT RunOnce nltide regsvr s n i U shell User Default user O - Extra button Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra button no name - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra Tools menuitem Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res... Read more

https://forums.techguy.org/threads/hijack-this-log-keylogger-problem.849717/
Relevancy 41.28%

Logfile of HJT log...Please is this help problem....This KeyLogger time Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running KeyLogger problem....This is HJT log...Please help this time processes c PROGRA mcafee com agent mcagent exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Acer Empowering Technology SysMonitor exe C Program Files Acer Empowering Technology eDataSecurity x eDSLoader exe C Program Files NewTech Infosystems NTI Backup Now BkupTray exe C Windows RtHDVCpl exe C Program Files Google Google Desktop Search GoogleDesktop exe C Windows System KeyLogger problem....This is HJT log...Please help this time rundll exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows ehome ehtray exe C Program Files comcasttb ComcastSpywareScan ComcastAntiSpy exe C Program Files Windows Live Messenger msnmsgr exe C Program Files AWS WeatherBug Weather exe C Program Files AIM aim exe C Windows ehome ehmsas exe C Program Files Pando Networks Media Booster PMB exe C Users Joe AppData Local Temp IXP TMP explore exe C Program Files Windows Media Player wmpnscfg exe C Program Files AIM aolsoftware exe c PROGRA mcafee VIRUSS mcvsshld exe C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil c exe C Program Files comcasttb CIDGlobalLight exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Comcast R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook web-radio Toolbar - f c - fe - - b - bd a c - C Program Files web-radio tbweb- dll O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Comcast Toolbar - CEEA E-C - - E B- B A F B - C Program Files comcasttb comcastdx dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO ShowBarObj Class - A F B - A - AA - D - B B E - C Program Files Acer Empowering Technology eDataSecurity x ActiveToolBand dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - A... Read more

https://forums.techguy.org/threads/keylogger-problem-this-is-hjt-log-please-help-this-time.882679/
Relevancy 41.28%

Hi,
I have followed the first steps guide and here is what you asked for.

I have had my account for a MMORPG (WoW) hacked and i hope you can help.

Thanks

A:Help Trojan/Keylogger Problem!

Hello and welcome to TSF.

It appears that you've attached the shortcut for Ark.txt, not the file itself. Also, the DDS.txt is missing. Both of these logs are essential for the proper assessment of the system.

Please revisit our pre-posting process outlined here and provide the necessary logs:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/help-trojan-keylogger-problem-402693.html
Relevancy 41.28%

Hi I have followed the first steps guide and here is what you asked for I have had my account for a MMORPG WoW hacked and i hope you can help Thanks DDS Ver - - - NTFSx Run by Jack at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Basic GMT SP Lavasoft Ad-Watch Live enabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes Trojan/Keylogger Problem! Help C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe Help Trojan/Keylogger Problem! -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware AAWService exe C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system agrsmsvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files NewTech Infosystems NTI Backup Now Client Agentsvc exe C Program Files Acer Arcade Deluxe HomeMedia Kernel DMP CLHNService exe C Program Files Acer Empowering Technology eDataSecurity x eDSService exe C PROGRA AVG AVG avgrsx exe C Program Files Acer Empowering Technology Service ETService exe C PROGRA AVG AVG avgnsx exe C Program Files Intel WiFi bin EvtEng exe C Windows system svchost exe -k hpdevmgmt C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Acer Mobility Center MobilityService exe C Program Files NewTech Infosystems NTI Backup Now BackupSvc exe C Program Files NewTech Infosystems NTI Backup Now SchedulerSvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files Cyberlink Shared files RichVideo exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files NewTech Infosystems NTI Backup Now BkupTray exe C Program Files Acer Arcade Deluxe Acer Arcade Deluxe ArcadeDeluxeAgent exe C Program Files Acer Arcade Deluxe Acer Arcade Deluxe Kernel CLML CLMLSvc exe C Program Files Acer Arcade Deluxe PlayMovie PMVService exe C Windows System igfxpers exe C Windows RtHDVCpl exe C Windows PLFSetI exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system igfxsrvc exe C Users Jack AppData Local Temp RtkBtMnt exe C Windows system taskeng exe C Windows system SearchProtocolHost exe C Windows system wbem unsecapp exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Launch Manager LManager exe C Program Files Acer Empowering Technology eDataSecurity x eDSLoader exe C Program Files Acer Empowering Technology ePower ePower DMC exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Common Files Real Update OB realsched exe C Windows system igfxext exe C Program Files AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Windows system igfxsrvc exe C Program Files DAEMON Tools Lite daemon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Wi... Read more

http://www.techsupportforum.com/forums/f284/help-trojan-keylogger-problem-403691.html
Relevancy 41.28%

Hi Im a World of Warcraft gamer and have been hacked i have been told to post my HJT log and my MBAM log on here I hope you can help me Logfile Trojan/Keylogger Problem of Trend Micro HijackThis v Scan saved at on Platform Trojan/Keylogger Problem Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Windows Defender MSASCui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files NewTech Infosystems NTI Backup Now BkupTray exe C Program Files Acer Arcade Deluxe Acer Arcade Deluxe ArcadeDeluxeAgent exe C Program Files Acer Arcade Deluxe Acer Arcade Deluxe Kernel CLML CLMLSvc exe C Program Files Acer Arcade Deluxe PlayMovie PMVService exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows RtHDVCpl exe C Windows PLFSetI exe C Windows system igfxsrvc exe C Users Jack AppData Local Temp RtkBtMnt exe C Program Files Launch Manager LManager exe C Program Files Acer Empowering Technology eDataSecurity x eDSLoader exe C Program Files Acer Empowering Technology ePower ePower DMC exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Common Files Real Update OB realsched exe C Program Files AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files DAEMON Tools Lite daemon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Windows system igfxext exe C Windows system wbem unsecapp exe C Windows system igfxsrvc exe C Program Files Mozilla Firefox firefox exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files HP Digital Imaging bin hpqgpc exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b amp m aspire R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO ShowBarObj Class - A F B - A - AA - D - B B E - C Program Files Acer Empowering Technology eDataSecurity x ActiveToolBand dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google T... Read more

A:Trojan/Keylogger Problem

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/trojan-keylogger-problem-402176.html
Relevancy 41.28%

Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe - This Hijack problem Keylogger log C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C Program Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe Hijack This log - Keylogger problem C Program AVG AVG avgwdsvc exe C Program Java Hijack This log - Keylogger problem jre bin jqs exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C Hijack This log - Keylogger problem Program AVG AVG avgam exe C Program AVG AVG avgrsx exe C Program AVG AVG avgnsx exe C WINDOWS system svchost exe C Program AVG AVG avgemc exe C Program TortoiseSVN bin TSVNCache exe C Program AVG AVG avgcsrvx exe C WINDOWS SOUNDMAN EXE C Program Java jre bin jusched exe C Program AVG AVG avgtray exe C Program Razer Diamondback G razerhid exe C Program Microsoft ActiveSync Wcescomm exe C Program MI AA rapimgr exe C Program Razer Diamondback G razertra exe C WINDOWS system wuauclt exe C Program Razer Diamondback G razerofa exe C WINDOWS system ctfmon exe C Program Microsoft ActiveSync WCESMgr exe C Program Lavasoft Ad-Aware AAWTray exe C Program Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program AVG AVG avgssie dll O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Delade filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run SoundMan quot SOUNDMAN EXE quot O - HKLM Run SunJavaUpdateSched quot C Program Java jre bin jusched exe quot O - HKLM Run AVG TRAY C Program AVG AVG avgtray exe O - HKLM Run Diamondback quot C Program Razer Diamondback G razerhid exe quot O - HKCU Run H PC Connection Agent quot C Program Microsoft ActiveSync Wcescomm exe quot O - HKCU Run msnmsgr quot C Program Windows Live Messenger msnmsgr exe quot background O - HKCU Run FreeCall quot C Program FreeCall com FreeCall FreeCall exe quot -nosplash -minimized O - HKCU Run RGSC C Program Rockstar Games Rockstar Games Social Club RGSCLauncher exe silent O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'LOKAL TJ NST' O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'NETWORK SERVICE' O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'SYSTEM' O - HKUS DEFAULT RunOnce nltide regsvr s n i U shell User 'Default user' O - Extra button Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra button no name - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra 'Tools' menuitem Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C Program MI AA INetRepl dll O - Extra button no name - e e dd -d - - b -f... Read more

A:Hijack This log - Keylogger problem

Hello and welcome to TSF.

HijackThis is no longer used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/hijack-this-log-keylogger-problem-402189.html
Relevancy 41.28%

Hey,

I am a MMORPG player, with World of Warcraft being where I spend the majority of my time. Recently, my account was hacked within WoW, and I'm concerned about a possible spyware/keylogger type infection on my computer. I have also noticed slowdown in my processing speed, and a tendency for graphics to chunk out while playing. I have a newish video card (last years model). and as far as the game goes I exceed the suggested requirements.

Any suggestions on what I can do to ensure that my computer is secure?

I'm fanatical about checking on my running processes and stopping anything that isn't essential (cellphone app software, etc.).

Thanks

Jim

Edit: Forgot to mention that I'm running Vista SP2 in an AMD Athlon 64 @2.4Ghz with 3 GB of Ram

A:Possible keylogger/Hack problem

Hello, Did you run a safe mode scan with your Antivirus yuet?Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.Follow with ATF and SAS: If you cannot access Safe Mod... Read more

http://www.bleepingcomputer.com/forums/t/319703/possible-keyloggerhack-problem/
Relevancy 41.28%

There have been a couple of weird security breaches on my computer recently and I though you guys might be able to help me figure out what the problem is and get rid of it If anyone can I d much appreciate it I m running Windows XP btw keylogger potential problem Here are the two things that potential keylogger problem happened unauthorized payments were made from my paypal account I play World of Warcraft and potential keylogger problem someone who wasn t me accessed my game account This makes me think I ve got a keylogger After browsing this board I saw that most people asking for help post a highjackthis log so I went ahead and ran that Here it is Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS Explorer EXE C Program potential keylogger problem Files Common Files Symantec Shared AppCore AppSvc exe C WINDOWS system spoolsv exe C Program Files Java jre bin jusched exe C WINDOWS stsystra exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Corel Corel Photo Album MediaDetect exe C WINDOWS system dla tfswctrl exe C Program Files Common Files AOL ee AOLSoftware exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Razer Copperhead razerhid exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe C WINDOWS system RUNDLL EXE C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system ctfmon exe C Program Files BitTorrent DNA dna exe C Program Files Digital Line Detect DLG exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C Program Files Razer Copperhead razertra exe C Program Files Razer Copperhead razerofa exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Java jre bin jucheck exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DE R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO no name - b e - bf - b a-a cc- f f b - C WINDOWS system mpr dll file missing O - BHO no name - D F... Read more

A:potential keylogger problem

I'm giving this a bump in the hope that someone can give it a look.
 

https://forums.techguy.org/threads/potential-keylogger-problem.642277/
Relevancy 41.28%

Today I started getting text messages from yahoo saying that my password had been changed Well I kept going back in changing it and somehow it would get changed again just not by me So I did a little research and saw that I may have a keylogger on my hands as earlier in the day I had clicked a link from an phishing email from a friend thinking it was a good link and my Avlast alarms went off I thought problem: Hijack possible this...my keylogger the problem had been prevented but well my passwords are now under attack Below is my HIJACK THIS log please help the baby gt gt gt Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Hijack this...my problem: possible keylogger Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C PROGRA ALWILS Avast ashDisp exe C Program Files Windows Defender MSASCui exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Logitech QuickCam Quickcam exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files McAfee Security Scan SSScheduler exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINDOWS system svchost exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C PROGRA Yahoo Messenger ymsgr tray exe C Program Files Internet Explorer iexplore exe c program files logitech quickcam lu lulnchr exe c program files logitech quickcam lu LogitechUpdate exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Internet Explorer iexplore exe C Program Files Spybot - Search amp Destroy SpybotSD exe C Program Files Spybot - Search amp Destroy TeaTimer exe C PROGRAM FILES A-SQUARED FREE A FREE EXE C Program Files a-squared Free a service exe C Program Files TrendMicro HiJackThis HiJackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C Program Files Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion... Read more

https://forums.techguy.org/threads/hijack-this-my-problem-possible-keylogger.891722/
Relevancy 41.28%

Hiya you guys have helped me out in the past and i was hopin you could help me out once more got a pesky problem with what i believe is a keylogger someone has been getting into my accounts and they somehow know my passwords I have never typed in my passwords what i do is make a file with my passwords on another computer then send it via email to problem tojan Keylogger my computer then copy and paste the passwords in so somehow the keyloagger is beating my copy paste method and maybe getting my information off my clipboard what do you guys think here is the Hijack this scan results i hope you guys can find something within thanks again Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe Keylogger tojan problem C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS system LEXBCES EXE C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system libusbd-nt exe C WINDOWS ehome ehtray exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Spyware Doctor pctsAuxs exe C Program Files Java jre bin jusched exe C WINDOWS zHotkey exe C Program Files Digital Media Reader shwiconem exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files iTunes iTunesHelper exe C WINDOWS system Rundll exe C Program Files PDFtypewriter Printer PDFtypewriter Printer Monitor exe C Program Files SpyNoMore SNM exe C WINDOWS system ctfmon exe C Program Files Curse CurseClient exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS ehome mcrdsvc exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C WINDOWS eHome ehmsas exe C Program Files iPod bin iPodService exe C WINDOWS System alg exe C WINDOWS system dllhost exe C Program Files Spyware Doctor pctsTray exe C Program Files Spyware Doctor pctsSvc exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS SYSTEM NOTEPAD EXE C Program Files Common Files Real Update OB realsched exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dll F - REG system ini UserInit C WINDOWS SYSTEM userinit exe C WINDOWS system sdra exe O - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dll O - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CHotkey zHotkey exe O - HKLM Run ShowWnd ShowWnd exe O - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run PDFtypewriterPrinterMonitor quot C Program Files PDFtypewriter Printer PDFtypewriterMonitorStart exe quot O - HKLM Run DAEMON ... Read more

A:Keylogger tojan problem

Hello and welcome back.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-tojan-problem-372846.html
Relevancy 40.85%

My PC is Pentium IV running Windows XP.

I installed Trend Micro Pc-cilllin Internet Security 2007 on the PC, but a few days ago I installed Microsoft Security Essentials.

I want to remove Pc-cillin from my computer, but when I started from Control/Add/Remove window, a message window is saying "The action is only valid for products that are currently installed".

Could any expert in this group tell me how to remove this program?

Thank you very much for your help!

John
 

Relevancy 40.85%

Hi There Firstly thank you for offering your services to the people of the world for free especially myself It's a huge gesture which I really Keylogger/Malware/Spyware Possible Problem appreicate amp admire Im a Forum Administrator on music forum which uses Invision Power Board My account on this forum was hacked by an IP address in the UK somehow by stealing my password They accessed the admin Control Panel amp Possible Keylogger/Malware/Spyware Problem sent a mass email PM asking members to sign up to another forum So I think I have a keylogger and or trojan Possible Keylogger/Malware/Spyware Problem spyware hiding about in my PC which could be taking any other og my username password details I am very careful about what I download but think it came from a free premium rapidshare Account details can be given if required a forum member gave me owners advised this is the member who hacked my account who has since been deleted from the forum I've ran Ad-Aware amp done a full scan using my McAfee which didn't really pick up anything but am still skeptical as to whether or not the trojan keylogger has been removed Appreicate your expertise amp knowldge which is a great asset to us all how need it Keep up the great amp generous work King regards Antonio As requested DDS Ver - - - NTFSx Run by Antonio at on Sun Internet Explorer Microsoft Windows XP Professional GMT AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS stsystra exe C Program Files Intel Intel Matrix Storage Manager Iaanotif exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Roxio Drag-to-Disc DrgToDsc exe C Program Files Real RealPlayer RealPlay exe C Program Files McAfee com Agent mcagent exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files DellSupport DSAgnt exe C WINDOWS system ctfmon exe C Program Files AOL aoltray exe C Program Files Digital Line Detect DLG exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS wanmpsvc exe C Program Files iPod bin iPodService exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files MSN Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C WINDOWS system notepad exe C Documents and Settings Mark Desktop dds scr Pseudo HJT Report uStart Page hxxp www optusnet com au uSearch Page hxxp www google com au hws sb dell-row en side html channel au uSearch Bar hxxp www google com au hws sb dell-row en side html channel au uDefault Page URL http www google com au ig dell hl au amp ibd uInternet Connection Wizard ShellNext hxxp www google com au ig dell hl en amp client dell-row amp channel au amp ibd uInternet Settings ProxyOverride local mSearchAssistant hxxp www google com au hws sb dell-row en side html channel au BHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dll BHO scriptproxy db d a - - ... Read more

A:Possible Keylogger/Malware/Spyware Problem

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========


Quote:




My account on this forum was hacked by an IP address in the UK somehow by stealing my password .They accessed the admin Control Panel & sent a mass email/PM asking members to sign up to another forum.




Are you sure your account was hacked or it could be that they just sent PMs to forum members, it is not the first time this has been done on forums.

Nothing in you log indicates a keylooger or any other malicious file(s), just some tidying up to do.

===========

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Leave Java(TM) 6 Update 14 installed
URL Assistant<---Pre-installed on Dell/HP machines. This is a program that redirects mis-typed URLs to a Dell branded Google search page.
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here

========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the l... Read more

http://www.techsupportforum.com/forums/f100/possible-keylogger-malware-spyware-problem-390036.html
Relevancy 40.85%

Hallo i have got my World of Warcraft account hacked - times in a week Blizzard is telling me ive got a keylogger on my computer All the AV and anti spyware programs ive ran has failed to spot it so now its up to you guys to do some magic I really cant tell much about it all i know is that it is a keylogger well here is the log's DDS Ver - - - NTFSx Run by Zimon at on - - Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV AVG Anti-Virus On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system Ati evxx Problem! Keylogger needed fast. Help exe svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program AVG AVG avgwdsvc exe C Program Java jre bin jqs exe C WINDOWS Explorer EXE quot C WINDOWS system svchost exe quot C Program AVG AVG avgam exe C Program AVG AVG avgrsx exe C Program AVG AVG avgnsx Keylogger Problem! Help needed fast. exe C WINDOWS system svchost exe -k imgsvc C Program AVG AVG avgemc exe C Program TortoiseSVN bin TSVNCache exe C Program AVG AVG avgcsrvx exe C WINDOWS SOUNDMAN EXE C Program Java Keylogger Problem! Help needed fast. jre bin jusched exe C Program AVG AVG avgtray exe C Program Razer Diamondback G razerhid exe C Program Microsoft ActiveSync Wcescomm exe C Program MI AA Keylogger Problem! Help needed fast. rapimgr exe C Program Razer Diamondback G razertra exe C Program Razer Diamondback G razerofa exe C WINDOWS system ctfmon exe C Program Microsoft ActiveSync WCESMgr exe C Program Java jre bin jucheck exe C Program Skype Phone Skype exe C Program Skype Plugin Manager skypePM exe C Program Rockstar Games GTA San Andreas samp exe C Program Mozilla Firefox firefox exe C Nerladdat dds scr Pseudo HJT Report uStart Page hxxp www msn com mSearch Page hxxp www msn com uInternet Settings ProxyOverride local BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program avg avg avgssie dll BHO Windows Live inloggningshj lpen d - c - abf- ecc- c - c program delade filer microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program java jre lib deploy jqs ie jqs plugin dll uRun ctfmon exe c windows system ctfmon exe mRun SoundMan quot SOUNDMAN EXE quot mRun SunJavaUpdateSched quot c program java jre bin jusched exe quot mRun AVG TRAY c program avg avg avgtray exe mRun Diamondback quot c program razer diamondback g razerhid exe quot mRun MSConfig c windows pchealth helpctr binaries MSConfig exe auto dRunOnce nltide regsvr s n i U shell IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program messenger msmsgs exe IE EAF BB - F- D - - C FAE D F - EAF BB - F- D - - C FAE D F - c program mi aa INetRepl dll IE EAF BB - F- D - - C FAE D F - EAF BB - F- D - - C FAE D F - c program mi aa INetRepl dll DPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current polarbear ultrashim cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab Handler linkscanner - F C- F - D -A D -FBDDE F D - c program avg avg avgpp dll Handler skype com - FFC B - B - DFF- - C DD F D - c program delade skype SKYPE DLL Notify AtiExtEvent - Ati evxx dll Notify avgrsstarter - avgrsstx dll Notify WB - c program stardock mycolors fastload dll AppInit DLLs c windows system config system lokala temp ati dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll FIREFOX FF - ProfilePath - c docume zimon applic mozilla firefox profiles zyda default FF - prefs js browser startup homepage - hxxp www garrysmod org downloads FF - component... Read more

http://www.techsupportforum.com/forums/f284/keylogger-problem-help-needed-fast-402304.html
Relevancy 40.85%

hey i ve had a problem with some keylogger viruses and was told to do a few scans with MBAM ad-aware and spybot and then logfile keylogger hijackthis - problem i was told to post the hijackthis logfile here so here it is Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Programmer Alwil Software Avast aswUpdSv exe C Programmer Lavasoft Ad-Aware AAWService exe C Programmer Alwil keylogger problem - hijackthis logfile Software Avast ashServ exe C WINDOWS system WgaTray exe C WINDOWS Explorer keylogger problem - hijackthis logfile EXE C WINDOWS system spoolsv exe C WINDOWS RTHDCPL EXE C Program Files ASUS Six Engine SixEngine exe C Programmer F lles filer Apple Mobile Device Support bin AppleMobileDeviceService exe C Programmer AskBarDis bar bin AskService exe C Programmer ASUS AI Suite AiNap AiNap exe C Programmer Bonjour mDNSResponder exe C Programmer Adobe Reader Reader Reader sl exe C Programmer Java jre bin jqs exe D Programmer Microsoft Office Office GrooveMonitor exe C WINDOWS system RUNDLL EXE C Programmer Logitech GamePanel Software LCD Manager LCDMon exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C Programmer Logitech GamePanel Software G-series Software LGDCore exe C WINDOWS system PnkBstrB exe D Programmer DAEMON Tools daemon exe C PROGRA ALWILS Avast ashDisp exe C Programmer Logitech GamePanel Software LCD Manager Applets LCDClock exe C Programmer Logitech GamePanel Software LCD Manager Applets LCDCountdown exe C Programmer Logitech GamePanel Software LCD Manager Applets LCDMedia exe D Programmer iTunes iTunesHelper exe C Programmer Java jre bin jusched exe C Programmer Logitech GamePanel Software LCD Manager Applets LCDPop exe C WINDOWS system ctfmon exe C Programmer Windows Live Messenger MsnMsgr Exe C Programmer Messenger msmsgs exe D Programmer spil Steam Steam exe C Programmer Alwil Software Avast ashMaiSv exe D Programmer Stardock Impulse Now ImpulseNow exe C Programmer Alwil Software Avast ashWebSv exe C Programmer iPod bin iPodService exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C Programmer Windows Live Contacts wlcomm exe C Programmer Trend Micro HijackThis HijackThis exe D Programmer Stardock Impulse Impulse exe C Programmer Lavasoft Ad-Aware AAWTray exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Programmer AskBarDis bar bin askBar dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - D Programmer Microsoft Office Office GrooveShellExtensions dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Programmer Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Programmer Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Programmer AskBarDis bar bin askBar dll O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run Six Engine quot C Program Files ASUS Six Engine SixEngine exe quot -r O - HKLM Run Ai Nap quot C Programmer ASUS AI Suite AiNap AiNap exe quot O - HKLM Run QFan Help quot C ... Read more

Relevancy 40.85%

Hello.

After removing iks.sys [invisible keylogger stealth] I can't use my keyboard
anymore.
At the very first keystroke my system [win xp] crashes.
In the control panel [system-hardware], I can see that the keyboard doesn't
work properly (driver file is corrupted), but I can't fix it.
The driver files are i8042prt.sys, kbdclass.sys. If you have them, please send me.

I'm in serious trouble, please help me out.
Thank you
 

Relevancy 40.85%

Hi there I've recently had my World of Warcraft account hacked and thought I had resolved the issue after speaking to Blizzard's technical support however it was again accessed this morning and since then I have used f-secure's online scan and found an infected file by the name of 'CSVD EXE' which could not be fixed my McAfee software refuses point blank to find it let alone remove it I searched for the file on my hard drive and it could not be found Below is my DDS log DDS Ver - - - NTFSx Run by Mathew at on Internet Explorer BrowserJavaVersion Microsoft CSVD.exe Potential keylogger Problem Windows XP Home Edition GMT AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system Ati evxx CSVD.exe Potential keylogger Problem exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files EPSON EBAPI SAgent exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files McAfee SiteAdvisor McSACore exe C Program Files Common Files Motive McciCMService exe C PROGRA CSVD.exe Potential keylogger Problem McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files McAfee MPF MPFSrv exe C Program Files Common Files Nero Nero BackItUp NBService exe C WINDOWS system svchost exe -k imgsvc C WINDOWS Explorer EXE c PROGRA mcafee com agent mcagent exe C windows system hpsysdrv exe C WINDOWS system hphmon exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Microsoft Xbox Accessories XboxStat exe C Program Files BT Broadband Desktop Help btbb wcm McciTrayApp exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Windows Media Player WMPNSCFG exe C WINDOWS system ctfmon exe C PROGRA McAfee VIRUSS mcshield exe C Documents and Settings Mathew Desktop dds pif Pseudo HJT Report uStart Page hxxp www google co uk uWindow Title Windows Internet Explorer provided by Yahoo UK amp Ireland uSearchMigratedDefaultURL hxxp uk search yahoo com search ei UTF- amp fr yie c amp p searchTerms mSearch Bar hxxp uk red clientapps yahoo com customize btyahoo defaults sb http uk docs yahoo com info bt side html uInternet Settings ProxyOverride local uInternet Settings ProxyServer uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c progra yahoo common yiesrvc dll BHO Click-to-Call BHO c c a-e - b - d - cecb - c program files windows live messenger wlchtc dll BHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO SidebarAutoLaunch Class f aa - - -b c -a ccdf cbf d - c program files yahoo browser YSidebarIEBHO dll BHO FDD B - D - ffb- - B AD ACC - No File TB HP view b e - d d- deb- b - d bcf f - c program files hp digital imaging bin HPDTLK dll TB McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dll TB B EAC - D - B E- B -A... Read more

A:CSVD.exe Potential keylogger Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop. Please include a new Rootrepeal log. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/258501/csvdexe-potential-keylogger-problem/
Relevancy 40.85%

Hello I was surfing yesterday and happened to go by some dangerous sites that opened unwanted pages I think something may have slipped my guard and after that I began having problems with my accents Now every time I need to use or or any other kind of accent I get double marks and they won t go over the vowel as they should For example instead of typing I get a I m currently using keylogger? accent a Double this is problem: a different computer so this one is ok I searched a few sites online and one common opinion is that this might be a keylogger virus Given that I ve stopped logging on from my computer and disabling the net most of the time I ran a full scan with AVG in safe mode with updated database but it s free version I m afraid I can t give the version number but it is Double accent problem: is this a keylogger? something It ran for the whole night and found trojans and cleared them But the problem persisted I ran a full scan with MBAM this morning only on of the partitions I have I updated the database before starting and did all this in safe mode It is now running a scan for the rd partition It found only one problem and cleaned it Rogue Malware Kit or somethingl like it But the problem still remains Both in safe mode and in the dos prompt of a normal boot I don t notice the weird behaviour of the accents meaning I can get fine I m running Vista and I have windows automatic updates on Please if you need any more info tell me But I d like to know is it safe to use internet from safe mode in my apparently infected computer Otherwise I d have to migrate eventual logs from that computer to this one and I wouldn t like very much to do it for fear of infecting a second computer Thanks

A:Double accent problem: is this a keylogger?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/409635/double-accent-problem-is-this-a-keylogger/
Relevancy 40.85%

When i plug a keyshark into my computer i go onto notepad ,type in the password and a load of goble de gook comes up on the screen!! I've tried this gadget on two other computers and it works great, has anyone got any ideas as to why this seems to happen??

Using Windows xp pro sp3
Microsoft cordless keyboard sp2
 

https://forums.techguy.org/threads/windows-notepad-keylogger-problem.765359/
Relevancy 40.42%

Hey Gang,

I found a keylogger when I ran NoAdware 4.0. Is this because my firewall is insufficient? Or is it another reason?

Outpost Firewall 2.6

thanks,
HULK
 

Relevancy 40.42%

I posted a thread earlier advise...THANKS!!! Problem. Keylogger/Worm/Trojan/ETC Please before checking out first steps Sorry I am following your system I have confidence in it Thank you Problem Keylogger/Worm/Trojan/ETC Problem. Please advise...THANKS!!! Trojan-Generic Keylogger-Ardamax Worm- Q didnt get name right Plus God knows what else Reports See the log files ark attach aka Desktop zip that are zipped and attached and here is the DDS log report DDS Ver - - - FAT x Run by GGG at on Mon Internet Explorer Microsoft Windows XP Professional GMT AV avast antivirus VPS - On-access scanning enabled Updated Running Processes C WINDOWS System ibmpmsvc exe C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system S EvMon exe C WINDOWS System svchost exe -k NetworkService C WINDOWS System svchost exe -k LocalService C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files WIDCOMM Bluetooth Keylogger/Worm/Trojan/ETC Problem. Please advise...THANKS!!! Software bin btwdins exe C Program Files Common Files Portrait Displays Shared DTSRVC exe C Program Files Common Files Portrait Displays Drivers pdisrvc exe C WINDOWS Explorer EXE C WINDOWS system TpKmpSVC exe C WINDOWS system wdfmgr exe C WINDOWS system fxssvc exe C PROGRA ALWILS Avast ashDisp exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS System alg exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS System svchost exe -k imgsvc C Documents and Settings HLF Local Settings Application Data Google Update GoogleUpdate exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C Documents and Settings HLF Desktop dds scr C WINDOWS System wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www broadband com speedtest uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyServer uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO D -C F - efb- B - ECA - No File BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B E dll BHO DAPIELoader Class ff c cf - b - d -abed- c - c progra dap DAPIEL DLL TB amp Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll TB EF BD -C FB- D - F- D F - No File EB BBE - E - D -AD - D AD - No File EB - a - b-a - c a a - No File uRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exe uRun DownloadAccelerator quot c program files dap DAP EXE quot STARTUP uRun RegistryMechanic c program files registry mechanic RegMech exe H mRun avast c progra alwils avast ashDisp exe mRun Synchronization Manager SystemRoot system mobsync exe logon dPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x dPolicies-system DisableTaskMgr x IE amp Clean Traces - c program files dap privacy package dapcleanerie htm IE amp Download with amp DAP - c program files dap dapextie htm IE Download amp all with DAP - c program files dap dapextie htm IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Send to... Read more

A:Keylogger/Worm/Trojan/ETC Problem. Please advise...THANKS!!!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.


Quote:




C: is FIXED (FAT32) - 33 GiB total, 0.584 GiB free.




I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/keylogger-worm-trojan-etc-problem-please-advise-thanks-363970.html
Relevancy 40.42%

Hello I was wondering if anyoen can help me I am fairly new but have picked up soem problem. and Blank.htm advanced hijacker keylogger nasty problems ONE whenever I start IE it takes me to a blank htm page stored on my computer I think peopel are familiar with this virus I am also getting a message occasionally that there is an advanced keylogger on my system is there anything anyoen can do to help me I am also getting messages about various adware and Blank.htm hijacker and advanced keylogger problem. spyware I knwo hwo to run hijackthis and I have pasted the results below I would REALLY appreciate any help Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS Blank.htm hijacker and advanced keylogger problem. system csrss exe C WINDOWS system winlogon exe C Blank.htm hijacker and advanced keylogger problem. WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS System nvsvc exe C Program Files Trend Micro PC-cillin Tmntsrv exe C WINDOWS System MsPMSPSv exe C Program Files Trend Micro PC-cillin PCCPFW exe C WINDOWS System wuauclt exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files Spyware Doctor sdhelp exe C Program Files Spyware Doctor swdoctor exe C PROGRA Crawler CToolbar exe c progra crawler CSSaver exe C Program Files Internet Explorer iexplore exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page C WINDOWS blank mht R - HKCU Software Microsoft Internet Explorer Main Start Page C WINDOWS blank mht R - HKLM Software Microsoft Internet Explorer Main Search Page C WINDOWS blank mht R - HKLM Software Microsoft Internet Explorer Main Start Page C WINDOWS blank mht R - HKCU Software Microsoft Internet Explorer Main Local Page www google com R - URLSearchHook no name - CB BF -BBAE- A - F - FF D - C PROGRA Crawler ctbr dll O - Hosts localhost O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO no name - CB BF -BBAE- A - F - FF D - C PROGRA Crawler ctbr dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll O - BHO C WINDOWS System E dll - B - F - A D-FF - D C - C WINDOWS System E dll O - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Crawler Toolbar - B EA- - DC -A FC- F D - C PROGRA Crawler ctbr dll O - HKLM Run system spool C WINDOWS System syspools exe O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKLM Run mstds exe c windows system mstds exe O - HKCU Run system spool C WINDOWS System syspools exe O - Extra context menu item amp Yahoo Search - file C Program Files Yahoo Common ycsrch htm O - Extra context menu item Crawler Search - tbr iemenu O - Extra context menu item Yahoo amp Dictionary - file C Program Files Yahoo Common ycdict htm O - Extra context menu item Yahoo amp Maps - file C Program Files Yahoo Common ycmap htm O - Extra context menu item Yahoo amp SMS - file C Program Files Yahoo Common ycsms htm O - Extra button Spyware Doctor - D D A- - D -A A - C B E E - C PROGRA SPYWAR tools iesdpb dll O - Extra button no name - F FCCD- E - d - EA- E AB - quot C Program Files Winferno PC Confidential PCConfidential exe quot file missing O - Extra Tools menuitem PC Confidential - F FCCD- E - d - EA- E AB - quot C Progr... Read more

Relevancy 40.42%

I keep getting the following pop up every minutes or so Windows Security Alert To help protect tour computer Windows Freewall has blocked activity of harmful software Do you want to block suspocious software Name Trojan-Keylogger WIN FUNG Risk Level High Description Fung is a Spyware program that records keystrokes and takes screen shots of the computer i have a picture of this problem i already attached with this topic Logfile of random's system information tool written by random random Run by ir clan at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB free Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe with trojan-keylogger.win32.fung problem C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system problem with trojan-keylogger.win32.fung svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C PROGRA AVG AVG avgwdsvc exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS system nvsvc exe C WINDOWS system o flash exe C Program Files Microsoft Office Office GrooveMonitor exe C PROGRA AVG AVG avgrsx exe C WINDOWS RTHDCPL EXE C WINDOWS SkyTel EXE C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files Zeallsoft Super Screen Capture SSCapture exe C PROGRA AVG AVG avgtray exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files Common Files Real Update OB realsched exe C Program Files Enigma Software Group SpyHunter SpyHunter exe C Program Files Common Files Ahead Lib NMBgMonitor exe C WINDOWS system ctfmon exe C Program Files Internet Download Manager IDMan exe C Documents and Settings ir clan Application Data Google mupd exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS problem with trojan-keylogger.win32.fung System alg exe C Program Files Internet Download Manager IEMonitor exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS system wbem wmiprvse exe C Documents and Settings ir clan Desktop RSIT exe C Program Files trend micro ir clan exe C WINDOWS system wuauclt exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie www yahoo com R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO IDMIEHlprObj Class - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO CKeyScramblerBHO Object - B F - A - - E -C B BC E - C Program Files KeyScrambler KeyScramblerIE dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - no file O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dll file missing O - Toolbar MSN Toolbar - E ED C- CB - d -B E -AB C C - C Program Files MSN Toolbar msneshellx dll O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA... Read more

A:problem with trojan-keylogger.win32.fung

Hello -

I don't think you read the pre-posting instructions which koala linked you to completely.

http://www.techsupportforum.com/secu...oval-help.html


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

* If you have more than one antivirus software installed, leave only ONE and uninstall the others.

* p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link




You have 2 AntiVirus, AVG8 and Avira, and Limewire. Please uninstall one AntiVirus, and Limewire.

Once you've done so, run RSIT once again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"C:\Documents and Settings\ir8clan\Desktop\RSIT.exe" /info Click on Continue.

Post the two logs produced.

http://www.techsupportforum.com/forums/f100/problem-with-trojan-keylogger-win32-fung-307659.html
Relevancy 39.99%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 39.56%

Hi For some time now i ve been having problem with a keylogger or a trojan i dont know What i do know is that someone is able to Reoccuring with problem fail Scanners Trojan/Keylogger? it to find read everything i do on the computer I ve used several diffrent virus maleware etc scanners but none have found anything quot lethal quot I m running Windows RTM with Panda antivirus default firewall and behind D-link DIR- router Anyways here comes my HijackThis file hopefully i provided all info needed but Reoccuring problem with Trojan/Keylogger? Scanners fail to find it please dont hesitate to ask if i missed anything Thanks alot Lupida ----------------------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C PROGRAM FILES X PANDA SECURITY PANDA ANTIVIRUS PRO WebProxy exe C Program Files x Personal bin Personal exe C Program Files x Panda Security Panda Antivirus Pro ApVxdWin exe C Program Files x iTunes iTunesHelper exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Windows Live Messenger msnmsgr exe C Program Files x Windows Live Contacts wlcomm exe C Program Files x iTunes iTunes exe C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C Program Files x Common Files Apple Mobile Device Support bin distnoted exe C Program Files x Mozilla Firefox firefox exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files x Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO Hotspot Shield Class - F E A -E B - BC - A - A AE - C Program Files x Hotspot Shield hssie HssIE dll O - HKLM Run APVXDWIN quot C Program Files x Panda Security Panda Antivirus Pro APVXDWIN EXE quot s O - HKLM Run SCANINICIO quot C Program Files x Panda Security Panda Antivirus Pro Inicio exe quot O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files x Malwarebytes Anti-Malware mbam exe quot runcleanupscript O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Extra context menu item E amp xportera till Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Skicka till OneNote - A- - f c- - EE C C - C PROGRA MICROS ... Read more

A:Reoccuring problem with Trojan/Keylogger? Scanners fail to find it

Posted via Mobile Device
 

https://forums.techguy.org/threads/reoccuring-problem-with-trojan-keylogger-scanners-fail-to-find-it.869581/
Relevancy 39.56%

Hello everyone I have a problem with a keylogger type program I know this because my yahoo e-mail account sends some of my friends spam on the messanger and that logs) problem (MalwareBytes' Keylogger Hijackthis Anti-Malware and i an account to an online game that i play has been stolen I have used the following softwares in the following order ATF Cleaner Ad-aware Free Spybot Search amp Destroy MBAM MalwareBytes Anti-Malware Full system scan with two online virusscanners BitDefender and Panda Keylogger problem (MalwareBytes' Anti-Malware and Hijackthis logs) Hijackthis You can find the MalwareBytes Anti-Malware and Hijackthis logs below Could you please tell me what to do to make sure my system is safe Thank you in advance Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS SOUNDMAN EXE C WINDOWS system RUNDLL EXE C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Adobe Reader Reader Reader sl exe C WINDOWS system ctfmon exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Google Update GoogleUpdate exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Acrobat Acrotray exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorun O - HKCU Run Messenger Yahoo quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU Run EA Core quot C Program Files Electronic Arts EADM Core exe quot -silent O - Global Startup Logitech SetPoint lnk C Program Files Logitech SetPoint SetPoint exe O - Extra context menu item Append to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert link target to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert link target to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert selected links to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECaptureSelLinks html O - Extra context menu item Convert selected links... Read more

A:Keylogger problem (MalwareBytes' Anti-Malware and Hijackthis logs)

So can't anyone please help me?
 

https://forums.techguy.org/threads/keylogger-problem-malwarebytes-anti-malware-and-hijackthis-logs.830126/
Relevancy 39.56%

So, here's the deal. i haven't used my computer in a couple of months. after i ran it today i noticed that the keyboard started to act weird
It sometimes holds buttons instead of just pressing them (types FFFFFFFFF instead of just F)
It sometimes becomes unresponsive for a minute
It generally became slower when typing (latency)
The capslock and numpad lock are almost non-responsive and crazy (barely work, sometimes both locks go on/off together when pressing only capslock)
For the record, this keyboard worked perfectly fine last time.. It also works totally fine when i used it on my other laptop.. And i don't have Sticky keys/filter keys enabled btw.
Things i tried;
Changing ports.
Reinstalling the drivers.
Rebooting the PC.
Tried windows troubleshouting.

And none of these worked...
Can anyone help?

A:Keyboard acting weird? Probable port problem/keylogger?

Have you run an anti-malware scan by something like MalwareBytes?

http://www.sevenforums.com/hardware-devices/400785-keyboard-acting-weird-probable-port-problem-keylogger.html
Relevancy 39.56%

Hello everyone I have and (MalwareBytes' Anti-Malware problem Keylogger logs) Hijackthis a problem with a keylogger type program I know this because my yahoo e-mail account sends some of my friends spam on the messanger and that i an account to an online game that i play has been stolen I have used the following softwares in the following order ATF Cleaner Ad-aware Free Spybot Search amp Destroy MBAM MalwareBytes' Anti-Malware Full system scan with two online virusscanners BitDefender and Panda Hijackthis You can find the MalwareBytes' Anti-Malware and Hijackthis logs below Could you please tell me what to do to make sure my system is safe Thank you in advance Keylogger problem (MalwareBytes' Anti-Malware and Hijackthis logs) Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system Keylogger problem (MalwareBytes' Anti-Malware and Hijackthis logs) spoolsv exe C WINDOWS SOUNDMAN EXE C WINDOWS system RUNDLL EXE C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Adobe Reader Reader Reader sl exe C WINDOWS system ctfmon exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Google Update GoogleUpdate exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Acrobat Acrotray exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorun O - HKCU Run Messenger Yahoo quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU Run EA Core quot C Program Files Electronic Arts EADM Core exe quot -silent O - Global Startup Logitech SetPoint lnk C Program Files Logitech SetPoint SetPoint exe O - Extra context menu item Append to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert link target to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert link target to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert selected links to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECa... Read more

A:Keylogger problem (MalwareBytes' Anti-Malware and Hijackthis logs)

Hello and welcome to TSF.

We would like to have the logs from the scanners we request. HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-problem-malwarebytes-anti-malware-and-hijackthis-logs-379517.html
Relevancy 34.83%

hi there,

could someone in this forum help me with these two trojan virus:

AV Software I'm using:Symantec Antivirus 2005

Virus Message:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Keylogger.Trojan
File: C:\WINDOWS\dltime.dll
Location: C:\WINDOWS
Computer: SIM-FAMILY
User: Vincent Sim
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Sunday, January 16, 2005 7:53:47 AM

Virus Message:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Download.Trojan
File: C:\WINDOWS\dltime.dll
Location: C:\WINDOWS
Computer: SIM-FAMILY
User: Vincent Sim
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Sunday, January 16, 2005 8:05:32 AM

Error message: svchost.exe cannot be started due to missing dltime.dll

I have tried many methods to remove this (including instructions from Symantec website) and it still appears.

Could some expert gurus here help me to clear these two trojans, deeply appreciated.
 

A:Having problem with Keylogger.trojan & Download.trojan... Please help!

https://forums.techguy.org/threads/having-problem-with-keylogger-trojan-download-trojan-please-help.319723/
Relevancy 29.67%

Why is the hijackthis forum inactive Well I think I got a key logger I am running ESET NOD if it a I keylogger I got think finds anything Here is my hijackthis log if it helps Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files ESET ESET NOD Antivirus egui exe C Program Files Microsoft Office Office GrooveMonitor exe C Windows vVX exe C Program Files Analog Devices Core smax pnp exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Program Files Windows Media Player wmpnscfg exe C Windows system wbem unsecapp exe C Program Files Mozilla Firefox firefox exe C PROGRA Java jre bin jp launcher exe C Program Files Java jre bin java exe C Windows system SearchFilterHost exe C Program Files Trend Micro I think I got a keylogger HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R I think I got a keylogger - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet I think I got a keylogger Settings ProxyOverride local R - URLSearchHook Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - Hosts localhost O - BHO Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVGTOOLBAR - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL file missing O - BHO Ask com Toolbar BHO - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - Toolbar AVGTOOLBAR - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL file missing O - Toolbar Veoh Web Player Video Finder - FBB -D D - f a-A E - B BFC - C Program Files Veoh Networks VeohWebPlayer VeohIEToolbar dll O - Toolbar Ask com Toolbar - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll file missing O - Toolbar no name - d a - d - d - - e a - no file O - HKLM Run QuickTime Task quot C Program Files VistaCodecPack QT QTSystem QTTask exe quot -atboottime O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run VX C Windows vVX exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup O - HKLM Run iTunesHelper quot C Pr... Read more

A:I think I got a keylogger

I read the new istruction thing and when I scan gmer I get BSOD.

http://www.techsupportforum.com/forums/f50/i-think-i-got-a-keylogger-401882.html
Relevancy 29.67%

I clicked on one of those stupid keylogger links that you find all the time on the World of Warcraft forums this morning I ran AVG and Spybot and both came up clean but I want to make absolutely sure I m safe before I log back in I ran Hijack This with my WoW Keylogger WoW Client open don t worry I didn t type my password or log in at all WoW Keylogger And here is my Log file Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows Vista WinNT Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Common Files logishrd LComMgr Communications Helper exe C Program Files Common Files logishrd LComMgr LVComSX exe C Program Files Logitech QuickCam QuickCam exe C Program Files Grisoft AVG Free avgcc exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Java jre bin jusched exe C Program Files Common Files Logitech G-series Software LGDCore exe C Windows WindowsMobile wmdSync exe C Windows SOUNDMAN EXE C Program Files iTunes iTunesHelper exe C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Program Files Logitech SetPoint SetPoint exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Windows ehome ehmsas exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Windows system wbem unsecapp exe C Program Files Windows Media Player wmplayer exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Mozilla Firefox firefox exe C Users Steve Desktop HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files LogiShrd LComMgr Communications Helper exe quot O - HKLM Run LVCOMSX quot C Program Files Common Files LogiShrd LComMgr LVComSX exe quot O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech QuickCam QuickCam exe quot hide O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run itype quot C Program Files Microsoft IntelliType Pro itype exe quot O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint ipoint exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run Launch LGDCore quot C Program Files Common Files Logitech G-series Software LGDCore exe quot SHOWHIDE O - HKLM Run Windows Mobile-based device management windir WindowsMobile wmdSync exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run StartCCC quot C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run Steam quot c program files steam stea... Read more

https://forums.techguy.org/threads/wow-keylogger.659975/
Relevancy 29.67%

Hi,

I was wondering if i can find out what my son's password is by using a keylogger, which i download on to my computer.

I know that keyloggers are illegal, but not if you use them on yourself???

Is there any other way to check my son's e-mail without him knowing??? He has a hotmail account, and I want to know who is sending him e-mails
 

A:keylogger?

we don't encourage or condone the use of such tools here and in view of the photo in the profile You look a bit young to be having a child that you need to monitor

I am closing this thread but feel free to send a pm to me or one of the other mods if you disagree
 

https://forums.techguy.org/threads/keylogger.543707/
Relevancy 29.67%

Hi I recently recieved an email from blizzard verified about a password change to my inactive wow account and after a little digging it turned out someone had indeed obtained my login info After running a scan with AVG antivirus it flagged several files in c windows syswow called variations of dllhost and removed them Two such files of identical size but different name remains keylogger Possible dllhost and dllhst g and i am unable to delete them manually I also noticed that i am unable to run Possible keylogger wow as i just get an quot unable to locate login server quot when i attempt to run it so im guessing the infection is more extensive then the two files avg was Possible keylogger able to locate My Pc Cpu Phenom Mem gig corsair mem Os Win Im using Avg antivirus and commodo firewall both of wich are updated daily Possible keylogger Copy of my dds log DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Vizera at on - - Microsoft Windows Home Premium GMT AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP COMODO Defense Enabled Updated DC D F D-B -AAAA- - EB C SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW COMODO Firewall Enabled F F C-DD D-A C- D -C C EE Running Processes C PROGRA AVG AVG avgchsva exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Program Files COMODO COMODO Internet Security cmdagent exe C Windows system svchost exe -k NetworkService C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system WUDFHost exe C Windows system Dwm exe C Windows System spoolsv exe C Windows Explorer EXE C Windows system taskhost exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files SUPERAntiSpyware SASCORE EXE c Program Files ATI Technologies ATI ACE Fuel Fuel Service exe C Windows system taskeng exe C Program Files x AVG AVG avgwdsvc exe C Windows DAODx exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files COMODO COMODO Internet Security cfp exe C Program Files Logitech SetPointP SetPoint exe C Windows SysWOW rundll exe C Program Files PeerBlock peerblock exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exe C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe C Windows system taskhost exe C Program Files x AVG AVG avgtray exe C Program Files x Freecorder FLVSrvc exe C Program Files x Common Files Java Java Update jusched exe c Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x AVG AVG avgnsa exe C Program Files x AVG AVG avgemca exe C Windows system conhost exe C Program Files x AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Windows system SearchIndexer exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Windows Media Player wmpnetwk exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows System svchost exe -k LocalServicePeerNet C Program Files x Internet Explorer iexplore exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C PROGRA AVG AVG avgrsa exe C Progra... Read more

A:Possible keylogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/412886 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER... Read more

http://www.bleepingcomputer.com/forums/t/412886/possible-keylogger/
Relevancy 29.67%

Hi Okey so my problem is this I play WoW yea i know what you re gonna say and my account got hacked twice and Blizzard the company that owns WoW said that my account has been breached because my system is infected and I probably have a keylogger on my computer So I followed their instructions posted here http forums wow-europe com thread html topicId amp sid and did everything on the list and completed all the necessary security check-ups and finally downloaded HJT and did the scan and below is the log And my question is that can Keylogger you check my log and say is it clean of keyloggers and if it is not can you tell me how to get rid of them Thank you Logfile Keylogger of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C WINDOWS Explorer EXE C Program Files Bonjour mDNSResponder exe C PROGRA NVIDIA NETWOR Apache Group Apache bin apache exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Java jre bin jqs exe C PROGRA NVIDIA NETWOR bin nSvcIp exe C PROGRA NVIDIA NETWOR bin nSvcLog exe C WINDOWS system nvsvc exe C WINDOWS system oodag exe C PROGRA NVIDIA NETWOR Apache Group Apache bin apache exe C WINDOWS system HPZipm exe C Program Files Saunalahti Saunalahti Holvi BackupService exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system oodtray exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files HP HP Software Update HPWuSchd exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files Spyware Terminator SpywareTerminatorShield exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Saunalahti Saunalahti Holvi BackupControl exe C Program Files Spyware Terminator sp rsser exe C WINDOWS system ctfmon exe C Documents and Settings Kim ACER Local Settings Application Data Google Update GoogleUpdate exe C WINDOWS System svchost exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Novosoft Handy Backup hbagent exe C Program Files X X FileMonitor exe C PROGRA NVIDIA NETWOR bin nSvcAppFlt exe C Program Files Registry Mechanic RegMech exe C Program Files X X exe C program files x X Systray exe C Program Files iPod bin iPodService exe C Program Files Windows Live Messenger usnsvc exe C Program Files Symantec LiveUpdate LuComServer EXE C Program Files Symantec LiveUpdate AUPDATE EXE C Program Files Symantec LiveUpdate LuCallbackProxy exe C Program Files Mozilla Firefox Beta firefox exe C PROGRA Crawler Toolbar CToolbar exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main SearchAssistant http www crawler com search ie aspx tb id R - HKLM Software Microsoft Internet Explorer Main CustomizeSearch http dnl crawler com support sa customize aspx TbId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www crawler com search ie aspx tb id R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch http dnl crawler com support sa customize aspx TbId R - HKCU Software Microsoft Internet Explorer Main Local Page C WINDOWS pchealth helpctr System panels blank htm R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS pchealth helpctr System panels blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook no name - CB B... Read more

A:Keylogger

Hello nismonator,

Welcome TSG.

Yes your machine is infected still.

Assume that all your passwords and sensitive security information have been looked at from an outside source. If your computer is/was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Now

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
 

https://forums.techguy.org/threads/keylogger.798096/
Relevancy 29.67%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT I may have keylogger. think I a MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Synaptics SynTP SynTPStart exeC Program Files HP QuickPlay QPService exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC I think I may have a keylogger. Program Files Windows Defender MSASCui exeC Program Files HP Digital I think I may have a keylogger. Imaging bin HpqSRmon exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Java jre bin jusched exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Alwil Software Avast ashDisp exeC Windows System rundll exeC Windows ehome ehtray exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Windows System rundll exeC Program Files Stardock ObjectDock ObjectDock exeC Program Files Windows Media Player wmpnscfg exeC Windows ehome ehmsas exeC Program Files Hewlett-Packard Shared HpqToaster exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Orbitdownloader orbitnet exeC Windows system taskeng exeC Program Files Mozilla Firefox firefox exeC Program Files Steam Steam exeC Program Files Orbitdownloader orbitdm exeC Windows system SearchFilterHost exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http youtube com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a o amp pf laptopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a o amp pf laptopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Hosts localhostO - BHO btorbit com - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - BD E -C - D -B A - - no file O - BHO no name - ADB E- AFF- - AA - DAC DFA - no file O - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Scour Toolbar - A A -BACC- D - A E- AF E B - C PROGRA SCOURT SCOURT DLLO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO HP Print Clips - FFFFFFFF-FF - C - EC- E AA B D - c Program Files HP Smart Web Printing hpswp framework dllO - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Scour Toolbar - A A -BACC- D - A E- AF E B - C PROGRA SCOURT SCOURT DLLO - HKLM Run SynTPStart C Program Files Synaptics SynTP SynTPStart exeO - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run QlbCtrl ProgramFiles Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe StartO... Read more

A:I think I may have a keylogger.

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer. I am looking over your log, and I will be back in a bit with some instructions.

http://www.bleepingcomputer.com/forums/t/189114/i-think-i-may-have-a-keylogger/
Relevancy 29.67%

i have a keylogger and do not know how to get rid of it, please help.

A:i have a keylogger, need help.

Hi, my name is patndoris and I'll be happy to help you with your issue.


We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f284/i-have-a-keylogger-need-help-592407.html
Relevancy 29.67%

I am led to belive i have a keylogger on my system that i cant find can anyone tell me if this looks suspicious keylogger? Possible Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista Possible keylogger? SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Windows Live Messenger msnmsgr exe C Program Files x Yahoo Messenger YahooMessenger exe C Program Files x Java jre bin jusched exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Symantec Shared ccSvcHst exe C Program Files x iTunes iTunes exe C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C Program Files x Common Files Apple Mobile Device Support bin distnoted exe C Program Files x Windows Live Contacts Possible keylogger? wlcomm exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files x Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files x google googletoolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C PROGRA Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files x google googletoolbar dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files x Common Files Symantec Shared coShared Browser CoIEPlg dll O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run GrooveMonitor quot C Program Files x Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run ccApp quot C Progra... Read more

A:Possible keylogger?

Hello and welcome to TSF.

HijackThis is no longer employed as the initial scanning tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-342416.html
Relevancy 29.67%

Hello I have been hacked on wow and I want to know whats the problem with my computer I have keylogger Possible an Authenticator to the account and still the hacker can log in and steal things I have changed account information from different computers and still it doesn t work Please I need help Heres my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files DigitalPersona Bin DpAgent exe C Windows Possible keylogger system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Possible keylogger Program Files Possible keylogger HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Adobe Reader Reader reader sl exe C Program Files Hewlett-Packard HP Health Check HPHC Scheduler exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files AVG AVG avgtray exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Windows system wbem unsecapp exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system taskeng exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Secunia PSI psi exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www wowhead com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO L nkhj lp till Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Googl... Read more

A:Possible keylogger

Welcome to TSF Danielsen,


Right now the only malicious software showing is that adware/spyware DAEMON Tools Toolbar, so you do want to uninstall that through Add/Remove Programs.

I have had a few requests lately with issues on WoW accounts being hacked, but have been finding that in many cases the problems lie with the site, and not system infection. But let's check a bit further here. Please follow the steps here and post/attach those requested logs.

http://www.techsupportforum.com/forums/f50/possible-keylogger-420460.html
Relevancy 29.67%

Recently I have noticed my email, along with several other accounts have been broken into and tampered with. I've never given out any of my passwords, and none of them were very easy to guess. Norton and MBAM haven't been picking up anything either.

I know several months ago I contracted a trojan which I THINK I had gotten rid of. But now I'm not so sure.

I'm also running windows 7 x64.

A:Possible keylogger

Hello,please run these,post the logs and let's see how it is after.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

http://www.bleepingcomputer.com/forums/t/387721/possible-keylogger/
Relevancy 29.67%

Okay, The topic is I have a Keylogger and need alot of help.

I play World of Warcraft and don't feel like getting the authenticator so, I need someone to show me a FREE program which can destroy keyloggers. I need it to be FREE cause I am basically poor. So, Please if anyone can help me and wants to please do!

A:Keylogger Help!

DDS (Ver_09-09-24.01) - NTFSx86
Run by Home at 7:45:07.51 on Fri 09/25/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1012.249 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Home\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\nick\appdata\local\micros~1\windows\tempor~1\content.ie5\a0jb7y3w\adserv~2.sh! c:\users\nick\appdata\local\micros~1\windows\tempor~1\content.ie5\by27g8a1\aim_ua~1.sh! c:\u... Read more

http://www.techsupportforum.com/forums/f50/keylogger-help-417014.html
Relevancy 29.67%

Hello the other day I clicked on a link that popped up while playing League of Legends actually I couldn t click the link I was dumb enough to type it into Firefox I v heard that this might have installed a keylogger on my computer and I want to know if I am ok When I went to the bad website a java box popped up wanting to instal something the site was Possible ok? am Keylogger, I supposed to be a chatroom I hit cancel and Possible Keylogger, am I ok? closed Firefox I know that sometimes hitting cancel can still instal things or even just going to the page so I want to be sure that I m clean I Possible Keylogger, am I ok? ran a full Malwarebytes Possible Keylogger, am I ok? scan and it didn t find anything but when I ran a full MSE scan it found and removed the following TrojanDownloader Java OpenConnection OH Exploit Java Cve- - DW Exploit Java Cve- - DZ Exploit Java Cve- - DB Exploit Java Cve- - BJ Exploit Java Cve- - CR I have no idea what these Exploits are and don t like the sound of quot OpenConnection quot Could someone explain what these are Below is the DDS log I have bit Windows and could not run the rootkit program I ran defogger and turned my virtual drive off Thanks for any help DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Falcan at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS c Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf amd neutral afc f cfedd STacSV exe C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows System DriverStore FileRepository stwrt inf amd neutral afc f cfedd AESTSr exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Windows SysWOW CSHelper exe C Program Files x Motorola Media Link Lite NServiceEntry exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files x Motorola MotoHelper MotoHelperService exe C Windows SysWOW NLSSRV EXE C Windows SysWOW PnkBstrA exe C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files x Dell DataSafe Local Backup SftService exe C Windows system svchost exe -k imgsvc C Program Files x Common Files VMware USB vmware-usbarbitrator exe C Windows SysWOW vmnat exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files x VMware VMware Player vmware-authd exe C Windows SysWOW vmnetdhcp exe C Windows system SearchIndexer exe c Program Files Microsoft Security Client Antimalware NisSrv exe C Windows system svchost exe -k bthsvcs C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Motorola MotoHelper MotoHelperAgent exe C Program Files x Dell DataSafe Local Backup Components scheduler STService exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files IDT WDM sttray exe C Program Files Dell QuickSet quickset exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft Security... Read more

A:Possible Keylogger, am I ok?

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER log Thanks and again sorry for the delay.DR

http://www.bleepingcomputer.com/forums/t/408126/possible-keylogger-am-i-ok/
Relevancy 29.67%

Hi everyone im on a vista bit and about days ago I was on my account on Possible help need Keylogger, runescape and then all of a sudden my internet disconnected and I was disconnected from the game Possible Keylogger, need help then when I tried to log back in about minutes later it said my password has been changed I doubt anyone could guess it so I suspected malware I did full system scan and eset nod found trojans in RECYCLER or something and it removed them just fine I wasn t to sure so I installed malwarebytes after uninstalling eset nod and it had come up with rogues of them folders and then a file inside I removed those to Right after I ran Possible Keylogger, need help another scan with microsoft security essentials then pc tools spyware doctor and then Spybot search and destroy Possible Keylogger, need help and they all had found nothing I wsnt convinced so i installed i hate keyloggers just to make sure it wouldnt happen again I hate keyloggers stops keys typed from saving to any possible files that are mailcious About days later today I was playing on runescape after the person had compromised my account he had taken my best items then changed back password to what it originally was and then I disconnected again but the person was unable to disconnect me from the game so I decided to log into the forums forums and game have linked passwords and you are able to log into them seperately and it said my password had been changed again I d really appreciate some FAST help from finding if i actually have a virus to fixing Thanks to anyone who comments Unfortunately re format is not option cant say why Other notes Ive tryed some checks with netstat for connections but havent been able to come to a conclusion I believe I my computer is compromised

http://www.bleepingcomputer.com/forums/t/385444/possible-keylogger-need-help/
Relevancy 29.67%

Hello I am WoW player and there was some update recently I had low download speeds from original WoW Yet keylogger another server so I found a mirror of update patch Yet another WoW keylogger on some wow-wikipedia Unluck wanted that I think it was infected with some kind of virus or trojan I think it was in it because I don't download any other wow-related things onto my PC and I got hacked The thing is I want to get rid of it of the keylogger I already scanned whole PC with spybot search and destroy malwarebytes anti-malware kaspersky internet security ad-aware spyeraser processcaner and it didn't find anything So I will be glad if someone could take care of my logs and try to help me Here's the log from DDS DDS Ver - - - NTFSx Run by Igor at Yet another WoW keylogger on - - Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT SP Lavasoft Ad-Watch Live enabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows system taskeng exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Java jre bin jusched exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Windows system lxbucoms exe C Program Files Nero Nero Nero BackItUp NBService exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C Windows system svchost exe -k imgsvc C Program Files TeamViewer Version TeamViewer Service exe C Windows System svchost exe -k WerSvcGroup C Program Files Realtek Audio HDA RtHDVCpl exe C Windows system SearchIndexer exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Skype Phone Skype exe C Windows system WUDFHost exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Windows ehome ehmsas exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Media Player wmpnscfg exe C Program Files Logitech SetPoint SetPoint exe C Windows system wbem unsecapp exe C Windows System mobsync exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnetwk exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Common Files Nero Lib NMIndexingService exe C Program Files Skype Plugin Manager skypePM exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware AAWTray exe C Windows system wuauclt exe C Program Files Ventrilo Ventrilo exe N Konnekt konnekt exe C Program Files Java jre bin javaw exe C Windows system SearchProtocolHost exe C Windows system taskeng exe C Program Files Mozilla Firefox firefox exe C Windows system SearchFilterHost exe C Users Igor Desktop dds pif C Windows system conime exe C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyServer socks uInternet Settings ProxyOverride plimus com www plimus com regnow com www regnow com BHO SnagIt Toolbar Loader c d-c - c - -fce ad c - c program files techsmith snagit SnagitBHO dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky internet security ievkbd dll BHO... Read more

Relevancy 29.67%

i might have a keylogger i have had some Possible Keylogger account passwords change can you please look over this log or give me Possible Keylogger some advice on what to dothanks in advanveLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Program Files Samsung Easy Display Manager dmhkcore exeC Program Files SAMSUNG EasySpeedUpManager EasySpeedUpManager exeC Windows system igfxext exeC Windows system igfxsrvc exeC Program Files Realtek Audio HDA RtHDVCpl exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Possible Keylogger Files Synaptics SynTP SynTPEnh exeC Windows System hkcmd exeC Windows System igfxpers exeC Program Files Elantech ETDCtrl exeC Program Files DivX DivX Update DivXUpdate exeC Program Files iTunes iTunesHelper exeC Program Files Elantech ETDCtrlHelper exeC Program Files Common Files Java Java Update jusched exeC Program Files TrayDevil traydevil exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files ATI Technologies ATI ACE Core-Static CCC exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Windows system rundll exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Windows system mspaint exeC Windows system mspaint exeC Program Files Common Files Microsoft Shared Ink InputPersonalization exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Program Files WinRAR WinRAR exeC Users SAMSUNG AppData Local Temp Rar EX HijackThis exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeC Users SAMSUNG AppData Local Google Chrome Application chrome exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook uTorrentBar Toolbar - bf fa-e b - db -af e- d a bfc - C Program Files uTorrentBar tbuTor dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Conduit Engine - F B -B - - B- FBA BD D - C Program Files ConduitEngine ConduitEngine dllO - BHO Increase performance and video formats for your HTML lt video gt - E D- - FD- C - A F - C Program Files DivX DivX Plus Web Player npdivx dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - DDEC - - cdd- E - DADAA E - C Program Files DivX DivX Plus Web Player npdivx dllO - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Windows Live Messenger Companion Helper - FDDE B... Read more

A:Possible Keylogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410766 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/410766/possible-keylogger/
Relevancy 29.67%

Well it seems like it was my turn to get screwed I have been playing WoW for some time now dont even remember when I started playing but recently my account was hacked into twice and I can't figure out for the life of me what is the problem I am running CA Antivirus and Spyware legit and it has served me well for the odd something years never had a virus it couldn't get rid of It doesn't a keylogger I might have pull up anything after a full system scan nor anything on the spyware I ran Hijackthis log below try to search everything so I wouldn't have to look silly but I don't trust myself enough to believe I am not going to get hacked again There would some pls look this log over and see if I may I might have a keylogger have a keylogger T I A Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files DISC DISCover exeC Program Files DISC DiscUpdateMgr exeC Program Files CA CA Internet Security Suite cctray cctray exeC Program Files CA CA Internet Security Suite CA Anti-Virus CAVRID exeC WINDOWS system ctfmon exeC Program Files DISC DiscGui exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files CA CA Internet Security Suite CA Anti-Spyware CAPPActiveProtection exeC PROGRA MI AA rapimgr exeC WINDOWS arservice exeC Program Files CA CA Internet Security Suite CA Anti-Virus ISafe exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files CA SharedComponents PPRT bin ITMRTSVC exeC Program Files Java jre bin jqs I might have a keylogger exeC Program Files Common Files LightScribe LSSrvc exeC Program Files CA CA Internet Security Suite CA Anti-Virus VetMsg exeC Program Files CA CA Internet Security Suite ccprovsp exeC WINDOWS system dllhost exeC Program Files DISC DiscStreamHub exeC HP KBD KBD EXEC WINDOWS ALCXMNTR EXEC Program Files ATI Technologies ATI Control Panel atiptaxx exec windows system hpsysdrv exeC Program Files Java jre bin jusched exeC Program Files Mozilla Firefox firefox exeC Program Files BitLord BitLord exeC Program Files Common Files Real Update OB realsched exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat A... Read more

A:I might have a keylogger

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

http://www.bleepingcomputer.com/forums/t/232525/i-might-have-a-keylogger/
Relevancy 29.67%

Well I just started getting d/ced from WoW about 10-15 seconds after logging in. Tried changing my password and it still happens. It is not my internet connection so I downloaded and ran Hijack this. Any help would be appreciated.
 

A:I think I have a keylogger

I'll just post it, please any help would be appreciated

Logfile of HijackThis v1.99.1
Scan saved at 11:14:55 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\COMMON~1\AOL\119403~1\EE\AOLHOS~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194031511\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -... Read more

https://forums.techguy.org/threads/i-think-i-have-a-keylogger.658102/
Relevancy 29.67%

On my wife's Dell XPS laptop, vista business, it keeps identifying dell media center as a keylogger. I have no way of finding where the file is or disinfecting it. I have kaspersky suite 2010, I tried running Malwarebytes and IObit and they found nothing. Is this bad or should I search and delete whatever it is?

A:Keylogger

Hi Again, alspumoni,

How and where did you get the Dell Media Center?

There is legit software, that if downloaded from the wrong site, can contain virus and/or malware. Post and we shall decide if you should uninstall the Center.

http://www.vistax64.com/general-discussion/271860-keylogger.html
Relevancy 29.67%

Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC keylogger Windows RtHDVCpl exeC Windows System rundll exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Nokia Nokia PC keylogger Suite LaunchApplication exeC Windows ehome ehtray exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files MSN Messenger msnmsgr exeC Windows System rundll exeC Windows ehome ehmsas exeC Windows System mobsync exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Windows system wuauclt exeC Program Files Ventrilo Ventrilo exeC Program Files Internet Explorer ieuser exeC Program Files Internet Explorer iexplore exeC Windows system Macromed Flash FlashUtil f exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R keylogger - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run RtHDVCpl RtHDVCpl exeO - HKLM Run NvSvc RUNDLL EXE C Windows system nvsvc dll nvsvcStartO - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInitO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run PCSuiteTrayApplication C Program Files Nokia Nokia PC Suite LaunchApplication exe -startupO - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exeO - HKCU Run ehTray exe C Windows ehome ehTray exeO - HKCU Run Octoshape Streaming Services quot C Users Bj rn AppData Local Octoshape Octoshape Streaming Services OctoshapeClient exe quot -inv bootrunO - HKCU Run updateMgr C Program Files Adobe Acrobat Reader AdobeUpdateManager exe AcRdB O - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot O - HKCU Run msnmsgr quot C Program Files MSN Messenger MsnMsgr Exe quot backgroundO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOKAL TJ NST' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOKAL TJ NST' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'N TVERKSTJ NST' O - HKUS S- - - Run Nokia PCSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog ... Read more

A:keylogger

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the change... Read more

http://www.bleepingcomputer.com/forums/t/193495/keylogger/
Relevancy 29.67%

can someone install an undetectable keylogger....if they had physical access to a computer....all while having Avast and Anti-Malware bytes already installed ?

If so, how to detect and remove?

Certain friends seem to vaguely mention specific sites and references I make when posting places....that are very unique, and that only I would know.

Gotta love this age of the internet, where you can't trust anyone...and everyones a little 007 weirdo.

A:keylogger still possible ?

With physical access to a computer, almost anything is possible.

To check for possible malware, etc. and remove any that might be found...

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help Forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/keylogger-still-possible-831121.html
Relevancy 29.67%

Hi, possible keylogger detected.

A few days ago I was given a message from AVG that there was a keylogger detected. It's the kind that hacks into bank accounts and stuff.

My internet explorer shut off and when I tried to open it again, it redirected me to an ad, not my home page.

I ran AVG and SPybot then. Before my computer finished scanning, it restarted. When I got back on, I scanned it again.

This time, there were no infections on both avg and spybot. but I still kept getting the warning, and the redirected homepage.

My computer folders kept shutting down randomly and I couldn't open any pictures.

I then shut off the internet, shut down my comp for a day and a half, then turned it back on. When I did, everthing looked normal again.

suspicious, no?

here's my log attached, please help.

A:possible keylogger

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/202228/possible-keylogger/
Relevancy 29.67%

I am having trouble uninstalling the KGB Keylogger. In my programs, when I go to where it is located there is a place for me to click "Uninstall KGB Keylogger" I click that but nothing happens. It also is not listed in my Add/Remove programs.

Can someone walk me through this?

http://www.bleepingcomputer.com/forums/t/373381/kgb-keylogger/
Relevancy 29.67%

I was browsing the official World of Warcraft forums back in November or December or something and I clicked a link that someone told me was a keylogger At the time I thought my virus protection program had gotten rid of it but in the beginning of December my WoW account was stolen and then retrieved I believe have I keylogger... a and then was I believe I have a keylogger... stolen again before the end of the month So I took the steps required to retrieve it again and he tried to steal it again within an hour of being given back to me So basically I'm pretty damn sure I have a keylogger and this persistent S-O-B is annoying the crap out of me I just downloaded a keyscrambler so he won't be able to read anything I type into Firefox but that's really only a partial solution Anyway I just want to get rid of the damn thing Any help would be GREATLY appreciated DDS Ver - - - NTFSx Run by Nick at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Diskeeper Corporation Diskeeper DkService exe C WINDOWS ehome ehSched exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Java jre bin jqs exe C WINDOWS ehome ehRec exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA AVG AVG avgrsx exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe c PROGRA mcafee com agent mcagent exe C Program Files Spyware Doctor pctsTray exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system svchost exe -k netsvcs C WINDOWS ehome ehtray exe C WINDOWS system RUNDLL EXE C WINDOWS System alg exe C Program Files UltraMon UltraMon exe C WINDOWS ehome ehmsas exe C Program Files Google Gmail Notifier gnotify exe C Program Files UltraMon UltraMonTaskbar exe C Program Files iTunes iTunesHelper exe C PROGRA AVG AVG avgtray exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Java jre bin jusched exe C Program Files AIM aim exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files iPod bin iPodService exe C Program Files Skype Phone Skype exe C WINDOWS system ctfmon exe C Program Files Curse CurseClient exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Stardock ObjectDock ObjectDock exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe C My Downloads dds scr C WINDOWS system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyOverride local BHO ContributeBHO Class c dc - - a a- d-c c - c program files adobe Adobe Contribute CS contributeieplugin dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO KeyScramblerBHO Class b f - a - - e -c b bc e - c program files keyscrambler KeyScra... Read more

A:I believe I have a keylogger...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/200488/i-believe-i-have-a-keylogger/
Relevancy 29.67%

Dunno This is my friends Keylogger Possible comp He wanted me to post this for him He thinks he removed it but you can never be too sure HJT Log Logfile Possible Keylogger of HijackThis v Scan saved at PM on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL Possible Keylogger C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM KB KB EXE C PROGRAM FILES GRISOFT AVG AVGFWSRV EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS SYSTEM QTTASK EXE C WINDOWS STARTER EXE C WINDOWS LOADQM EXE C PROGRAM FILES DRIVECLEANER FREE UDC EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE C WINDOWS SYSTEM WMIEXE EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE C PROGRAM FILES GRISOFT AVG AVGEMC EXE C PROGRAM FILES GRISOFT AVG AVGAMSVR EXE C PROGRAM FILES MSN MESSENGER MSNMSGR EXE C PROGRAM FILES AIM AIM EXE C PROGRAM FILES LINKSYS WMP CONFIG UTILITY WMP CFG EXE C WINDOWS SYSTEM DDHELP EXE C WINDOWS SYSTEM STIMON EXE C WINDOWS SYSTEM SPOOL EXE C WINDOWS DESKTOP HIJACKTHIS HIJACKTHIS EXE R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - EA - - DB- F -D CA FB C D - no file O - BHO BHObj Class - - F D- C- E - A C E C - C WINDOWS NEM DLL file missing O - BHO BHObj Class - F E -F E- B E- D - EA C E - C WINDOWS WSEM DLL file missing O - BHO no name - D E B - CE- B-BE B-A B E - C PROGRA SEARCH SEARCH DLL file missing O - BHO MyHlpObjectLib MyHlpObject - B E - E - ED -BCAC- BA CF - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES PBBHO DLL O - BHO PopupBlockerBHO CPopupBlockerBHO - D -C - -B AC- EF F E - C PROGRAM FILES SMARTPOPUPBLOCKER POPUPBLOCKERBHO DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar amp Pop Up Blocker - D B B - B - A - -E AD D - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES TOOLBAR DLL O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottime O - HKLM Run EnsoniqMixer starter exe O - HKLM Run LoadQM loadqm exe O - HKLM Run DriveCleaner Free quot C Program Files DriveCleaner Free UDC exe quot min O - HKLM Run SDR Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE quot O - HKLM Run PAS Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE quot O - HKLM Run UDC CW quot C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE quot -c O - HKLM Run AVG CC C PROGRA GRISOFT AVG AVGCC EXE STARTUP O - HKLM Run AVG EMC C PROGRA GRISOFT AVG AVGEMC EXE O - HKLM Run AVG AMSVR C PROGRA GRISOFT AVG AVGAMSVR EXE O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent mstask exe O - HKLM RunServices StateMgr C WINDOWS System Restore StateMgr exe O - HKLM RunServices KB C WINDOWS SYSTEM KB KB EXE O - HKLM RunServices avgfwsrv C PROGRA GRISOFT AVG AVGFWSRV EXE srvfsys O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run AIM C PROGRAM FILES AIM aim exe -cnetwait odl O - Startup Wireless-B PCI Adapter Utility lnk C Program Files Linksys WMP Config Uti... Read more

Relevancy 29.67%

I used a program called Anti Hacker from My Privacy Tools Inc. I have used their HideMyIP program in the past with awful results.
However I have been having some hacker problems from some not so nice Mexican police extortionists.
So I took this program for a ride and got these results from the keylogger scanner.

Program Name Program Publisher Risk Level Program Location
spys.sys Low Risk C:\Windows\System32\Drivers\spys.sys

The software provider has no information on the find, they seldom have nay help with this company.

Each time I reboot it changes the name of the file. always four letters. I read that sometimes a virual CD or DVD program does this and I do use one. Magic Disc.
I am running Vista Premium 64. Anyone have any input before I am asked to do the system scans???

Thanks

A:Keylogger ot no keylogger

Hello, I moved this from Vista to the Am I Infected forum.What did your antivirus show and which is it. Let's see what MBAM shows.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware

http://www.bleepingcomputer.com/forums/t/373636/keylogger-ot-no-keylogger/
Relevancy 29.67%

Basically ive managed to get myself a keylogger on my Keylogger PC - ive run about full virus scans and it hasnt helped me Any help would be greatly appreciated Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe Keylogger C WINDOWS system winlogon exe C WINDOWS system services Keylogger exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Kontiki KService exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS System svchost exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files DNA btdna exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run oD quot C Program Files Kontiki KHost exe quot -all O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKCU Run kdx C Program Files Kontiki KHost exe -all O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- C... Read more

A:Keylogger

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/keylogger-389340.html
Relevancy 29.67%

Today I clicked a link to what I thought was a news story, but all it did was load an image. As i read through the forums everyone said their Antivirus said it was a keylogger. At the time I did not have any AV installed (stupid I know). I installed AVAST! asap, and after a boot time scan and a thorough scan after that nothing showed up. I wasn't satisfied so I have installed the trial of Kapersky, and am running the max protection scan now (50% after an hour and ten minutes).

I will post a Hijack this after the scan is done and I reboot. I am running Vista with UAC running if that helps any and was using Firefox. Thanks for any help!
 

A:Possible Keylogger?

Logfile of HijackThis v1.99.1
Scan saved at 6:01:52 PM, on 12/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunes... Read more

https://forums.techguy.org/threads/possible-keylogger.661195/
Relevancy 29.67%

When I try to access my bank site . The bank name changes in the address bar when I click in my password to "mfasa" , even though Ii have a type of sandbox to access my bank. Google had many instances of this behavior. One said: " it was legitimate, a sub domain name but many of the others said it was a Trojan /keylogger and number of banks users have had this problem . I ran on-line Armor anti virus/ Antisuperspyware/ PC tools/ Malware bytes. They didn't find anything. My bank denied that there was any problem and the only way I can verify my balance is to call them . As anyone encountered this problem ?i am worried to go to any of my secure sites. Could Sanboxie offer more protection?I would appreaciate any advice to get rid of this problem. Thank You !lEDIT: Moved from XP forum to more appropriate Am I Infected ~ Hamluis.

http://www.bleepingcomputer.com/forums/t/325635/keylogger/
Relevancy 29.67%

I am not sure if I am in the correct forum. If not, could you please advise me where to post this.

Is there anywhere on the forums that recommends keylogger software that protects you and stops a keylogger before any damage is done.

My second question is that I had my password stolen on a web based email client and it was used to send spam. The email client vendors suggested it was probably a keylogger and changed my password. Is it possible I STILL have a keylogger on my computer (How would I know) and should I contact my online bank and also stop using any payment processors to buy online.

Thank you
Joe

A:Keylogger

Hello and welcome to TSF


Quote:




Is there anywhere on the forums that recommends keylogger software that protects you and stops a keylogger before any damage is done.




I would recommend SnoopFree.SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. I suggest you only install Snoopfree once you are sure you are clean and no infection is present.


Quote:




My second question is that I had my password stolen on a web based email client and it was used to send spam. The email client vendors suggested it was probably a keylogger and changed my password. Is it possible I STILL have a keylogger on my computer (How would I know) and should I contact my online bank and also stop using any payment processors to buy online.




If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


If you believe that the infection is still present, please follow instructions below.

==========

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/keylogger-390042.html
Relevancy 29.67%

Okay, while I was doing my normal runs on IE7, I decided to go and look inside my Add-ons list and to my dismay I found that I SOMEHOW had a browser extension named "Research."

So, I would like to know, what is it? What does it do? Is it a keylogger? And if you had the same experience, please speak up. Admission is always the hardest

A:Keylogger In Ie7!

Hi Darkeminence.
It's not malware. I've had that same extension for years. I didn't really notice it until I installed Office but it may have been there since I originally installed XP. If you click View>Explorer Bar>Research, you'll see what it does. It's more or less an on-line Encyclopedia\Dictionary. Kind of handy if a particular word throws you.

http://www.bleepingcomputer.com/forums/t/70761/keylogger-in-ie7/
Relevancy 29.67%

As in topic, I might think I have it. I would appreciate if any of you could help?

Thanks in advance

A:I think I might have keylogger?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.POST THE LOG FOR MY REVIEW.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===What problems are you having with this computer.Wait for further instructions.

http://www.bleepingcomputer.com/forums/t/603666/i-think-i-might-have-keylogger/
Relevancy 29.67%

Hi I recently have had my credit card used illegally and then today someone accessing my ebay account as well I am hoping you could help me check if I had something like a keylogger causing this Thanks so much Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by jtate administrator on DESKTOP- RB MT - - Running from C Users jtate may a have Keylogger I Desktop Computer Clean Loaded Profiles jtate Available Profiles jtate Platform Windows Pro Version X Language English United States Internet Explorer Version Default browser FF Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in I may have a Keylogger the fixlist the process will be closed The file will not be moved NVIDIA Corporation C Windows System nvvsvc exe NVIDIA Corporation C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe NVIDIA Corporation C Program Files NVIDIA Corporation Display nvxdsync exe NVIDIA Corporation C Windows System nvvsvc exe AVAST Software C Program Files AVAST Software Avast AvastSvc exe NVIDIA Corporation C Program Files NVIDIA Corporation GeForce Experience Service GfExperienceService exe Apple Inc C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Nero AG C Program Files x Common Files Nero Nero BackItUp NBService exe NVIDIA Corporation C Program Files x NVIDIA Corporation NetService NvNetworkService exe Apple Inc C Program Files Bonjour mDNSResponder exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamService exe WIBU-SYSTEMS AG C Program Files x CodeMeter Runtime bin CodeMeter exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamNetworkService exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamUserAgent exe C Program Files WindowsApps Microsoft Messaging x wekyb d bbwe SkypeHost exe NVIDIA Corporation C Program Files x NVIDIA Corporation Update Core NvBackend exe NVIDIA Corporation C Program Files NVIDIA Corporation Display nvtray exe Microsoft Corporation C Windows System SettingSyncHost exe Apple Inc G Program Files iTunes iTunesHelper exe Valve Corporation G Steam Steam exe Apple Inc C Program Files iPod bin iPodService exe C Program Files x Datacolor Spyder Pro Utility SpyderUtility exe AVAST Software C Program Files AVAST Software Avast AvastUI exe Adobe Systems Incorporated C Program Files x Adobe Acrobat Acrobat acrobat sl exe Adobe Systems Inc C Program Files x Adobe Acrobat Acrobat acrotray exe Oracle Corporation C Program Files x Common Files Java Java Update jusched exe Valve Corporation G Steam bin steamwebhelper exe Valve Corporation C Program Files x Common Files Steam SteamService exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run NvBackend gt C Program Files x NVIDIA Corporation Update Core NvBackend exe - - NVIDIA Corporation HKLM Run ShadowPlay gt C WINDOWS system rundll exe C WINDOWS system nvspcap dll ShadowPlayOnSystemStart HKLM Run iTunesHelper gt G Program Files iTunes iTunesHelper exe - - Apple Inc HKLM-x Run AvastUI exe gt C Program Files AVAST Software Avast AvastUI exe - - AVAST Software HKLM-x Run AdobeCS ServiceManager gt C Program Files x Common Files Adobe CS ServiceManager CS ServiceManager exe - - Adobe Systems Incorporated HKLM-x Run Adobe Acrobat Speed Launcher gt C Program Files x Adobe Acrobat Acrobat Acrobat sl exe - - Adobe Systems Incorporated HKLM-x Run gt X HKLM-x Run Acrobat Assistant gt C Program Files x Adobe Acrobat Acrobat Acrotray exe - - Adobe Systems Inc HKLM-x Run SunJavaUpdateSched gt C Program Files x Common Files Java Java Update jusched exe - - Oracle Corporation HKU S- - - - - - - Run Steam gt G Steam steam exe - - Valve Corporation HKU S- - - - - - - Run GoogleChromeAutoLaunch E E A C F A E D CD gt C Program Files ... Read more

A:I may have a Keylogger

Hi Kremit222, My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.Please do not install any new software while we are working on this system as it may hinder our process.Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.Please do not try to fix anything without being ask.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.If you are confused about any instruction, stop and ask. Do not keep on going.Do not repeat the steps if you face any problems.I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.  I am seeing nothing out of ordinary. Did you visit any shady websites or download/install any dubious content? Step #1 Fix with FRSTMake sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.Open Notepad.exe. Do not use any other text editor software;Copy and Paste the contents inside the code-box to your Notepad --Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\Users\jtate\AppData\Local\Temp\nscEC1A.tmp\Installer-75803003.exe
2016-02-25 09:37 - 2016-02-25 09:37 - 0000000 ____H () C:\ProgramData\cm-lock
HKLM-x32\...\Run: [] => [X]
EndClick on File > Save as...Inside the File Name box type fixlist.txt;From the Save as type drop down list, choose All FilesSave the file to your Desktop;Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.After the completion, a log will be produced;Copy and Paste the contents of the log in your next reply. Step #2 Run Malwarebytes' Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.Update the program if asked.In the Scan System option check all the boxes and click on Scan.Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.After the clean-up process; locate two logs in the mbar folder namely--mbar-log.txt; andsystem-log.txtCopy and paste the contents of the log in your next reply. Required Log(s):FRST Fix Logmbar-log.txt; andsystem-log.txtRegards,Valinorum

http://www.bleepingcomputer.com/forums/t/606404/i-may-have-a-keylogger/