Windows Support Forum

keylogger still possible ?

Q: keylogger still possible ?

can someone install an undetectable keylogger....if they had physical access to a computer....all while having Avast and Anti-Malware bytes already installed ?

If so, how to detect and remove?

Certain friends seem to vaguely mention specific sites and references I make when posting places....that are very unique, and that only I would know.

Gotta love this age of the internet, where you can't trust anyone...and everyones a little 007 weirdo.

Relevancy 100%
Preferred Solution: keylogger still possible ?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: keylogger still possible ?

With physical access to a computer, almost anything is possible.

To check for possible malware, etc. and remove any that might be found...

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help Forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/keylogger-still-possible-831121.html
Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 39.99%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 29.67%

Hi my name is Rob and I m running a Dell that I picked up in with Windows XP I probably know just enough to be dangerous to myself which is why I don t want to just go fixing things I don t understand Maybe I m paranoid Keylogger? but I m on Keylogger? hunt for a software keylogger This happens every so often--probably paraniod but just because I m paranoid doesn t mean they ain t out to get me lol I ran SpyBot and for some reason it can t fix issues found with a log but they were only highlighted in green not red if you re familiar with the program I also ran hijackthis as I m told some folks have success finding them with that program Could someone here help me interpret it Am I just being paranoid Thanks Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System Keylogger? smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS System CTsvcCDA EXE C WINDOWS system drivers KodakCCS exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS System MsPMSPSv exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C WINDOWS system devldr exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Dell Support Alert bin DAMon exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Melissa Holley Local Settings Temporary Internet Files Content IE UW CWEJ HiJackThis v exe C Program Files Messenger msmsgs exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page https secure vonage com vonage-web public login htm R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http rd yahoo com customize ymsgr defaults http my yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program F... Read more

Relevancy 29.67%

so thanks to a download i got keylogged and my email got hacked and my account on a game I was playing got hacked. I ran several keylogdetectors, virusscanners etc, but none of them found anything or could do anything about it. I heard from someone that combofix might help but I don't know if its safe. can anybody help me?

A:Help! Keylogger on my pc

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533903 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/533903/help-keylogger-on-my-pc/
Relevancy 29.67%

I ve done Keylogger? a have Might most of the research on my logs already and can Might have a Keylogger? t find anything I am fairly convinced that I clicked on a link connected with a key logger though and wanted to make sure I m not certain as to what else I can do in terms of anti-virus spyware removal as nothing I ve tried has found anything Logfile of Trend Micro HijackThis v BETA Scan saved at AM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C Might have a Keylogger? WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C WINDOWS Explorer EXE C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C WINDOWS system PnkBstrA exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Common Files AOL ee aolsoftware exe C WINDOWS System svchost exe c program files common files aol ee aim exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files Windows Media Player wmplayer exe C WINDOWS system taskmgr exe C PROGRA MOZILL FIREFOX EXE C Documents and Settings adam Desktop HiJackThis v exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Aim quot C Program Files Common Files AOL Launch AOLLaunch exe quot d locale en-US ee aol imApp O - Extra context menu item amp Yahoo Search - file C Program Files Yahoo Common ycsrch htm O - Extra context menu item Yahoo amp Dictionary - file C Program Files Yahoo Common ycdict htm O - Extra context menu item Yahoo amp Maps - file C Program Files Yahoo Common ycmap htm O - Extra context menu item Yahoo amp SMS - file C Program Files Yahoo Common ycsms htm O - Extra button Web Anti-Virus statistics - F - A - D - CA -AA ACF ED E - C Program Files Kaspersky Lab Kaspersky Anti-Virus scieplugin dll O - Extra button Yahoo Services - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - Extra button Yahoo Messenger - E D C E- B F- D -B C - C C - C Program Files Yahoo Messenger YahooMessenger exe O - Extra Tools menuitem Yahoo Messenger - E D C E- B F- D -B C - C C - C Program Files Yahoo Messenger YahooMessenger exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF - f - bb - d -fa d f a ab YInstStarter Class - C Program Files Yahoo Common yinsthelper dll O - SharedTaskSched... Read more

Relevancy 29.67%

Hi all W32 Keylogger I'm kind of new in this computers thing and I found out that I have a W keylogger in my machine I was using norton antivirus before but it did W32 Keylogger not detected it then I install F-prot and this program detected it but it says that it W32 Keylogger could not remove it no clue why then I've been using spyware doctor Xoftspy adware Spyboat microsoft antispyware but none of these have detected it First it says that this w keylogger dll was in the forder c windows system found it remane it and I moved it to the root couple days later I could not find it and Fprot gave me this alert C System Volume Information restore CD C-DFCF- E - D-D F F RP A dll infection W SCkeylogger D pwsI don't really have a clue on how to eliminate this and if there is a way to find out what kind of information it was collecting My PC is a Compaq Presario sr nx running windows XP SP pentium Mhz SDRAM GB HDHigh speed internet before I had it directly to me computer and using windows firewall and norton firewall later I connect my PC to a Unisys router that goes to another computer too and it is set up to have access to only ip addresses I am using IE and Mozilla That is why I decided to talk to the experts so somebody please could help me this is a copy of my logfile Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Ahead InCD InCDsrv exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system crypserv exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS system wdfmgr exe C WINDOWS Explorer EXE C WINDOWS System alg exe C Program Files Java j re bin jusched exe C windows system hpsysdrv exe C WINDOWS system hkcmd exe C HP KBD KBD EXE C WINDOWS SOUNDMAN EXE C WINDOWS AGRSMMSG exe C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C Program Files Win AntiSpam gcasServ exe C Program Files MSN Apps Updater en-ca msnappau exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Ahead InCD InCD exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system spool drivers w x hpztsb exe C Program Files iPod bin iPodService exe C Program Files FSI F-Prot F-StopW EXE C Program Files FSI F-Prot F-Sched exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C PROGRA Ahead NEROPH data Xtras mssysmgr exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Compaq Connections Program Compaq Connections exe C PROGRA HEWLET COMPAQ bin nda exe C Program Files Yahoo Messenger Messenger ymsgr tray exe C Program Files Win AntiSpam gcasDtServ exe C PROGRA SPYWAR swdoctor exe C WINDOWS system wbem wmiprvse exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http www quixtar com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Start Page http www quixtar com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll O - BHO ST - EDE -C B - E- ... Read more

A:W32 Keylogger

Howdy Nerublanco and welcome to BC. The infected file is in the System Restore hierarchy and can not reinfect the system unless you choose to utilize this restore point. You can flush System Restore by turning it off and back on or run Disk Cleanup to remove all but the latest restore points. To be certain you've removed the infected restore point suggest you flush the restore hierarchy by right clicking My Computer on the Desktop and choosing Properties. Then click the System Restore tab. Check the boxnext to Turn off System Restore on all drives, click Apply, then OK. Now uncheck the box, click Apply, OK to reenable System Restore.Then go to Start, Programs, Accessories, System Tools, System Restore.Choose Create a restore point and follow the prompts.Also, go here and download the JRE 5.0 Update 3. Get the Windows Offline Installation. The one currently installed has critical vulnerabilities. Then go to Add/Remove Programs in the Control Panel and uninstall (Sun) JRE 1.4.2_03. Restart the system after uninstalling.After restarting install the latest java package with all programs and browsers closed.

http://www.bleepingcomputer.com/forums/t/20783/w32-keylogger/
Relevancy 29.67%

On my family PC my wife was complaining when she tries to play MSN Zone Backgammon it would attempt to logon then the IE or Keylogger what? window immediately closed Same problem with Eudora email and Winword When I attempted to view Application errors in Event Viewer clicking the red errors did nothing except run drwtsn exe Rebooting the PC solved the above problems I was then able to view the errors all of which indicates a problem with quot riched dll quot The PC seems to be working ok now but CSRSS Keylogger or what? EXE is running from C Windows System It should not be there it should be in C Windows system When I view the file information it says Company J us Internal Name Faldon Click Macro Original Filename FaldonClickMacro exe And of course I can t end it Windows thinks it s the other one Ideas Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C WINDOWS system CTSvcCDA EXE C WINDOWS system drivers dcfssvc exe C WINDOWS Explorer EXE C Program Files Canon Memory Card Utility PIXMA iP D PDUiP DMemCrdMgr exe C WINDOWS System svchost exe C WINDOWS system MsPMSPSv exe C WINDOWS system svchost exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Zero Knowledge Freedom Freedom exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C WINDOWS SYSTEM CSRSS EXE C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files Timex Data Link USB DataLinkLauncher exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C WINDOWS system wuauclt exe C WINDOWS system msiexec exe C Program Files Common Files Command Software dvpapi exe D hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page file C HTML start htm O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO PopKill Class - C EA -E A - E -A -D B C A - C Program Files Zero Knowledge Freedom pkR dll O - BHO ZKBho Class - E D-C B- D -B C- E A - C Program Files Zero Knowledge Freedom FreeBHOR dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Freedom C Program Files Zero Knowledge Freedom Freedom exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CSRSS C WINDOWS SYSTEM CSRSS EXE O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Timex Data Link USB Launcher lnk O - Extra context menu item Easy-WebPrint Add To Print List - res C Program Files Canon Easy-WebPrint Resource dll RC AddToList html O - Extra context menu item Easy-WebPrint High Speed Print - res C Program Files Canon Easy-WebPrint Re... Read more

A:Keylogger or what?

You should also remove Boonty Games from add/remove programs.
 

https://forums.techguy.org/threads/keylogger-or-what.569951/
Relevancy 29.67%

Hello My game account has been hacked and stolen and i rea that it is keylogger on my pc probably Would really like if someone can help with checking my log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS Keylogger?? System svchost exe C WINDOWS system spoolsv exe C PROGRA AVG AVG avgwdsvc exe C Program Files Java jre bin jqs exe C Program Files Common Files Nero Nero BackItUp NBService exe C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C PROGRA AVG AVG avgtray exe C WINDOWS system Rundll exe C WINDOWS system RUNDLL EXE C Program Files D-Link AirPlus G AirGCFG exe C Program Files ANI ANIWZCS Service WZCSLDR exe C Program Files Java jre bin jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files PowerISO PWRISOVM EXE C WINDOWS system Keylogger?? ctfmon exe C Program Files Curse CurseClient exe C Program Files DAEMON Tools Lite daemon exe C Program Files Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Lavasoft Ad-Aware AAWTray exe C PROGRA AVG AVG avgnsx exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google hr R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run P Helper Rundll SPIRun dll RunDLLEntry O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run D-Link AirPlus G C Program Files D-Link AirPlus G AirGCFG exe O - HKLM Run ANIWZCS Service C Program Files ANI ANIWZCS Service WZCSLDR exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXE O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run CurseClient C Program Files Curse CurseClient exe -silent O - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorun O - HKCU RunOnce WiseStubReboot MSIEXEC quiet SKIP PPU DRIVER INSTALL I quot C Program Files Co... Read more

https://forums.techguy.org/threads/keylogger.874446/
Relevancy 29.67%

Logfile of HijackThis v Scan saved at PM might keylogger i a Think have on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system nvsvc exe C WINDOWS system Think i might have a keylogger dllhost exe C WINDOWS system wscntfy exe C WINDOWS ehome ehtray exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS System DLA DLACTRLW EXE C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS stsystra exe C WINDOWS eHome ehmsas exe C WINDOWS system RUNDLL EXE C Program Files Logitech G-series Software LGDCore exe C Program Files Logitech G-series Software LCDMon exe C Program Files Java jre bin jusched exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Logitech G-series Software Applets LCDCountdown LCDCountdown exe C Program Files Logitech G-series Software Applets LCDPop LCDPOP exe C Program Files Logitech G-series Software Applets LCDMedia exe C Program Files Logitech G-series Software Applets LCDClock exe C Program Files Logitech Desktop Messenger Program BackWeb- exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files AIM aim exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files AIM aolsoftware exe C Program Files Logitech SetPoint KEM exe C Program Files Logitech SetPoint KHALMNPR EXE C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Java jre bin jucheck exe C Documents and Settings Doug Massie Local Settings Temporary Internet Files Content IE VEXEZ HijackThis exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Internet Explorer Main Start Page http google bearflix com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll R - URLSearchHook no name - BB D -A - B -A -C A F EC - no file O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO XBTP - F - FD- - - CC AB FB - C PROGRA BEARSH BEARSH MediaBar dll ... Read more

Relevancy 29.67%

Hello Here's the sitch A client enters her account info and transfers some money Next three unauthorized A Maybe Not...) Keylogger? Maybe (or transfers are made over the next four days Assuming the problem is with her computer it smells of a keylogger but all of my Maybe A Keylogger? (or Maybe Not...) malware scans Panda ActiveScan online Avira AntiVir Spybot S amp D and AdAware come up pretty clean only some cookies are found Those logs are available if needed I took a HJT log in hopes of finding something assuming something is there And now the request Could someone take a Maybe A Keylogger? (or Maybe Not...) look at the following log and tell me if there's anything fishy or of it's clean Thanks a Maybe A Keylogger? (or Maybe Not...) lot for the help -LJK-----Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC WINDOWS system spoolsv exeC Program Files Canon VDC AuVdc exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Symantec AntiVirus SavRoam exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS system svchost exeC Program Files Common Files Sage ServiceHost Sage ServiceHost Host exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC Program Files Digital Media Reader shwiconem exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS zHotkey exeC WINDOWS ALCWZRD EXEC Program Files GIANT Company Software GIANT AntiSpyware gcasServ exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Windows Defender MSASCui exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files WinZip WZQKPICK EXEC Program Files GIANT Company Software GIANT AntiSpyware gcasDtServ exeF PStart exeF program files HijackThis Analyse exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run CHotkey zHotkey exeO - HKLM Run ShowWnd ShowWnd exeO - HKLM Run AlcWzrd ALCWZRD EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run gcasServ C Program Files GIANT Company Software GIANT AntiSpyware gcasServ exeO - HKLM Run gcasDtServ gcasDtServ exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exeO - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Global Startup WinZip Quick Pick lnk C Program Files WinZip WZQKPICK EXEO - Extra context menu item E amp xport to Microsoft Ex... Read more

A:Maybe A Keylogger? (or Maybe Not...)

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

http://www.bleepingcomputer.com/forums/t/87225/maybe-a-keylogger-or-maybe-not/
Relevancy 29.67%

My Keylogger other....?!? and genius yro son was given Keylogger and other....?!? a computer enough said Now I need it for work and I have a lot of information that I do not need jeopardized Can you please help me I have included a HJT Log Thanks Nicole Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Users Tronwaffle AppData Roaming Spotify Data SpotifyWebHelper exe C Program Files AVAST Software Avast AvastUI exe C Program Files x Trend Micro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com HPDSK R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http https F - REG system ini UserInit userinit exe O - BHO MSS Identifier - E A AD- D - EB- D D- EF A - C Program Files McAfee Security Scan McAfeeMSS IE dll O - BHO PETN - D ED C- B- EB-A D- B D - C Users Tronwaffle AppData Local TidyNetwork petn dll file missing O - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO SweetPacks - e a -cf - - df-dcc e d d - no file O - BHO avast Online Security - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Microsoft Live Search Toolbar Helper - d ce e -f a- - e- dc f c f - c Program Files x MSN Toolbar msneshellx dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Microsoft Live Search Toolbar - E ED C- CB - d -B E -AB C C - c Program Files x MSN Toolbar msneshellx dll O - Toolbar avast Online Security - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - Toolbar no name - ae b- d - a -af - ea e - no file O - HKLM Run hpsysdrv c program files x hewlett-packard HP odometer hpsysdrv exe O - HKLM Run AvastUI exe C Program Files AVAST Software Avast AvastUI exe nogui O - HKLM Run Adobe ARM C Program Files x Common Files Adobe ARM AdobeARM exe O - HKLM Run LogMeIn Hamachi Ui C Program Files x LogMeIn Hamachi hamachi- -ui exe --auto-start O - HKCU Run Spotify Web Helper C Users Tronwaffle AppData Roaming Spotify Data SpotifyWebHelper exe O - HKCU RunOnce Application Restart C Program Files x Google Chrome Application chrome exe --flag-switches-begin --flag-switches-end --restore-last-session http feed snapdo com publisher TightropeYB amp dpid TightropeYB amp co US amp userid b f - d - d- c- d amp searchtype sc amp installDate O - HKUS S- - - RunOnce SPReview C Windows System SPReview SPReview exe sp errorfwlink http go microsoft com fwlink LinkID build User 'SYSTEM' O - HKUS DEFAULT RunOnce SPReview C Windows System SPReview SPReview exe sp errorfwlink http go microsoft com fwlink LinkID build User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button C Program Files x Windows Live Writer WindowsLiveWriterShortcuts dll - - C - CB - a-A C -D FCDDC D - C Program Files x Windows Live Writer WriterBrowserExtension dll O - Extra 'Tools' menuitem C Program Files x Windows Live Writer WindowsLiveWriterShortcuts dll - - C - CB - a-A C -D FCDDC D - C Program Files x Windows Live Writer WriterBrowserExtension dll O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra 'Tools' menu... Read more

A:Keylogger and other....?!?

Good evevning.
Are you saying that you have keyloggers and other malware on your computer, you think you might have, or want to be sure that you don't?

http://www.bleepingcomputer.com/forums/t/531789/keylogger-and-other/
Relevancy 29.67%

Hello I play a online game And the other day i downloaded keylogger had I a Hi a program stupidly I went into my recently installed programms and its Hi I had a keylogger say Showpassword i uninstalled it but how can i make sure all is well I do not want to log in to any other emails etc due to this key logger thanks in advance ASAP answer would be very much appreciated So nothing suspicious happend today i ran malwarebytes found lots of malware and quarintined it all - and i downloaded bitdefender it all looked ok anyways is there any way i can make sure it is off my pc without reformatting it here are my logs of malwarebytes Malwarebytes Anti-Malware www malwarebytes org Scan Date Scan Time PM Logfile Administrator Yes Version Malware Database v Rootkit Database v License Trial Malware Protection Enabled Malicious Website Protection Enabled Chameleon Disabled OS Windows Service Pack CPU x File System NTFS User kasey Scan Type Threat Scan Result Completed Objects Scanned Time Elapsed min sec Memory Enabled Startup Enabled Filesystem Enabled Archives Enabled Rootkits Disabled Shuriken Enabled PUP Enabled PUM Enabled Processes Adware Adpeak C Program Files yewimmxqbs exe Delete-on-Reboot fc a e d e d c Modules No malicious items detected Registry Keys Adware Adpeak HKLM SYSTEM CURRENTCONTROLSET SERVICES yewimmxqbs Quarantined fc a e d e d c PUP Optional Conduit A HKLM SYSTEM CURRENTCONTROLSET SERVICES CltMngSvc Quarantined bd dc e a dbb e be ccf PUP Optional SearchProtect A HKLM SOFTWARE WOW NODE MICROSOFT WINDOWS CURRENTVERSION UNINSTALL SearchProtect Quarantined c f a b e c b ab cd PUP Optional RRSavings A HKLM SOFTWARE rrsavings Quarantined eb a d d ea e ae da a PUP Optional RRSavings A HKU S- - - - - - - - ED FC -E E- C D-BF - C B CE - SOFTWARE APPDATALOW SOFTWARE Rr Savings Quarantined d cbcbfcd a abcb bc c Registry Values No malicious items detected Registry Data PUP Optional Conduit A HKU S- - - - - - - - ED FC -E E- C D-BF - C B CE - SOFTWARE MICROSOFT INTERNET EXPLORER MAIN Start Page http search conduit com gd amp ctid CT amp octid EB ORIGINAL CTID amp ISID MA A BE - CBF- F -A C- EA CA DF amp SearchSource amp CUI amp UM amp UP SP B CA - C - -AF F- DF A AA amp SSPV Good http www google com Bad http search conduit com gd amp ctid CT amp octid EB ORIGINAL CTID amp ISID MA A BE - CBF- F -A C- EA CA DF amp SearchSource amp CUI amp UM amp UP SP B CA - C - -AF F- DF A AA amp SSPV Replaced f f bcbf de bb ce cc a Folders PUP Optional SearchProtect A C Program Files x SearchProtect Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect Main Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect Main bin Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect Main rep Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect SearchProtect Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect SearchProtect bin Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect SearchProtect rep Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI bin Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI dialogs Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI dialogs bubble Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI dialogs Images Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI dialogs libs Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI dialogs protection Quarantined c f a b e c b ab cd PUP Optional SearchProtect A C Program Files x SearchProtect UI d... Read more

A:Hi I had a keylogger

Greetings Kwazy and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.Now let's get started ===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far. While I review our situation please run the below for me.===================================================Farbar Recovery Scan Tool (FRST)--------------------Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktopIf you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one shouldDouble click the iconClick Yes to the disclaimerMake sure the Addition.txt box is checkedClick Scan and allow the program to runClick OK on the Scan complete screen, then OK on the Addition.txt pop up screen2 Notepad documents should now be open on your desktop.Please copy and paste the contents of both in your reply===================================================System Summary Information--------------------Press the windows key + r on your keyboard at the same timeType msinfo32 and press EnterLeft click on System SummaryClick File, Save, and name the file SummaryZip and attach the file to your reply===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. FRST resultsAddition logAttached System Summary Informa... Read more

http://www.bleepingcomputer.com/forums/t/532054/hi-i-had-a-keylogger/
Relevancy 29.67%

My Wow Battle net acccount has been hacked twice now and ive been asked keylogger Possible by blizzard support to get Possible keylogger my log file checked for keyloggers ive ran AVG Adaware CCcleaner Possible keylogger and Spybot and a few others to check for anything and so far nothing has turned up on them Not sure what im looking at on this log dont suppose anything obvious is showing Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Possible keylogger SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS SOUNDMAN EXE C WINDOWS system rundll exe C Program Files PowerISO PWRISOVM EXE C WINDOWS system RUNDLL EXE C WINDOWS system RUNDLL EXE C Program Files WIDCOMM Bluetooth Software BTTray exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C Program Files Ventrilo Ventrilo exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run nwiz C Program Files NVIDIA Corporation nView nwiz exe install O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run xml RUNDLL EXE C WINDOWS system xml inc dll i O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - Global Startup BTTray lnk O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Unknown file in Winsock LSP c windows system nwprovau dll O - DPF B F -A - C A-A - A E D F F-Secure Health Check - http support f-secure com enu home onlineservices fshc fscax cab O - DPF FD B - - A -AA A-B AE DC AC Performance Viewer Activex Control - https secure logmein com activex RACtrl cab O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service MSCSPTISRV - Sony Corporation - C Program Files Common Files Sony Shared AVLib MSCSPTISRV exe O - Service NVIDIA Display Driver Service nvsvc - NVIDIA Corporation - C WINDOWS system nvsvc exe O - Service PACSPTISVR - Unknown owner - C Program Files Common Files Sony Shared AVLib PACSPTISVR exe O - Service ServiceLayer - Nokia - C Program Files PC Connectivity Solution ServiceLayer exe... Read more

https://forums.techguy.org/threads/possible-keylogger.873320/
Relevancy 29.67%

Logfile of Trend Micro HijackThis v BETA Scan saved at AM on Platform Windows XP SP WinNT Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS Keylogger system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Keylogger system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS ehome mcrdsvc exeC WINDOWS system dllhost exeC WINDOWS System alg exeC WINDOWS ehome ehtray exeC Program Files Dell Media Experience DMXLauncher exeC WINDOWS stsystra exeC WINDOWS System DLA DLACTRLW EXEC WINDOWS eHome ehmsas exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system RUNDLL EXEC Program Files Microsoft IntelliPoint point exeC Program Files Common Files Symantec Shared ccApp exeC WINDOWS system ctfmon exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Digital Line Detect DLG exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files MSN Messenger usnsvc exeC Program Files Ventrilo Ventrilo exeC Program Files Internet Explorer iexplore exeC Program Files mIRC mirc exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Hijackthis Analyze exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www worldofwarcraft com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO CBrowserHelperObject Object - CA C - B - E-A -A C DB F - C Program Files BAE BAE dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exeO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXEO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run MSKDetectorExe C Program Files McAfee SpamKiller MSKDetct exe uninstallO... Read more

A:Keylogger

Hello CoreyH, I am SifuMike and I will be helping you. Sorry for the long wait, but we are backed up. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "Java Runtime Environment (JRE) 6". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.*************************************************** We will run some scans that look for keyloggers. Please download, update and run (one at a time of course!) Spybot 1.4 and Adaware SE 1.06.r1 Fix whatever they suggest. If you need help running these tools, here are some helpful tutorials.Spybot Tutorial Adaware SE Tutorial Be sure to run Adaware SE with a Full Scan in the Safe Mode.How to Reboot into Safe Mode tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ Ad-Aware SE Setup***************************************************Please download A-Squared Free, save it to the desktop. Double-click on a2FreeSetup.exe, follow the installer's instructions. At the end of the install process, make sure Launch a-squared Free is checked, then click Finish. When it launches, it will ask you if you would like to update, click Yes, it will take a few moments to update. When done with the update, if it asks you to restart the application, click Yes. At the main menu, click Scan Now, there will be 4 options, choose Deep Scan. At the end of the scan, click Save Report. Save the report to somewhere convenient, such as your desktop. If malware is found, select all found and click Quarantine selected objects.*************************************************** Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep a... Read more

http://www.bleepingcomputer.com/forums/t/86474/keylogger/
Relevancy 29.67%

Hi my computer got infected by a keylogger last day I followed some guides on the Blizzard forum since they hacked my WoW account I have done in log - please help HJT Keylogger alot of anti-virus scans Ad-Aware Spybot S amp D MBAM ect and it havent got any results yet Can someone please take a look at my HijackThis log and tell me if Keylogger in HJT log - help please its hidden Keylogger in HJT log - help please there Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Keylogger in HJT log - help please Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows system taskeng exe C Program Files ASUS SmartLogon sensorsrv exe C Program Files ASUS ASUS Live Update ALU exe C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Program Files ASUS Security Center ASUS Security Protect Manager Bin AsGHost exe C Program Files Intel Intel Matrix Storage Manager IAANOTIF EXE C Program Files Motorola SMSERIAL sm hlpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ASUS ATK Media DMedia exe C Program Files P P P P exe C Windows ASScrPro exe C Program Files TDCSikkerhedspakke Common FSM EXE C Windows System rundll exe C Program Files Picasa PicasaMediaDetector exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Windows VM STI EXE C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Program Files Microsoft Office Office ONENOTEM EXE C Windows System rundll exe C Windows system conime exe C Program Files Infineon Security Platform Software PSDrt exe C Program Files Infineon Security Platform Software SpTna exe C Program Files TDCSikkerhedspakke FSGUI fsguidll exe C Windows ehome ehmsas exe C Program Files Lavasoft Ad-Aware AAWTray exe C Windows system wuauclt exe C Program Files Internet Explorer ieuser exe C Program Files TDCSikkerhedspakke FSGUI scanwizard exe C Program Files Microsoft Office Office WINWORD EXE C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil c exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www facebook dk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www asus com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll R - URLSearchHook XfireXO Toolbar - e ab - f - cd- -c d caaccea - C Program Files XfireXO tbXfir dll O - Hosts localhost O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO XfireXO Toolbar - e ab - f - cd- -c d caaccea - C Program Files XfireXO tbXfir dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Hj lp til tilmelding til Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO QUICKfind BHO Object - C DF A- E - E - AB -D F - C PROGRA TEXTware QUICKF PlugIns IEHelp dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program ... Read more

https://forums.techguy.org/threads/keylogger-in-hjt-log-help-please.872902/
Relevancy 29.67%

Ooohh maann I think I must have a keylogger Sometime in the last two months or so my Neopets account yeah yeah I know P was taken over and then frozen for quot trying to scam other people quot Apparently someone somehow got my password and got the stupid thing frozen I hadn't logged in since February or March sometime so maybe I've had a keylogger since then That was the first alarm bell and the second came Keylogger Have I I Think A about minutes ago when I tried to log onto another similar pet site and was told my password was wrong I just changed the stupid thing days ago And I tried to do another lost password I Think I Have A Keylogger and the e-mail never came So maybe they changed my e-mail too Argh I'm really scared now because I do my banking on this computer Heeelp D --------------------------------------------------------------------------------Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC PROGRA SECUR AVG avgamsvr exeC PROGRA SECUR AVG avgupsvc exeC PROGRA SECUR AVG avgemc exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC WINDOWS system svchost exeC WINDOWS system Tablet exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC PROGRA SECUR AVG avgcc exeC Program Files Dell QuickSet Quickset exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files iTunes iTunesHelper exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC Program Files I Think I Have A Keylogger Other I kfanGUI I kfanGUI exeC WINDOWS system drwtsn exeC WINDOWS system drwtsn exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system drwtsn exeC WINDOWS system drwtsn exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Other VisualHorse vhorse exeC WINDOWS system cleanmgr exeC Program Files Outlook Express msimn exeC Program Files Security HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell ca mywayR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell ca mywayO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Other Spybot SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Neopets - CD - F- -D -CACA AA - C PROGRA Neopets Toolbar Toolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Neopets - CD - F- -D -CACA AA - C PROGRA Neopets Toolbar Toolbar dllO - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet WirelessO - HKLM Run AVG CC C PROGRA SECUR AVG ... Read more

A:I Think I Have A Keylogger

Hello Zhuria, I am SifuMike and I will be helping you. I am not seeing much in your Hijackthis log, so we will run some scans and see what they find. I got one of those blue screen stop errors (probably the 4th or so I've gotten in the past year) the other day, but I just restarted and it never came back. It was: "page_fault_in_nonpaged_area", "atapi.sys". Oh and add that to the random lockups and shutting-downs and won't-turn-ons.. I think there's something wrong with my power supply or something.http://www.tek-tips.com/faqs.cfm?fid=4192Stop 0x00000050 or PAGE_FAULT_IN_NONPAGED_AREAThis may be caused by defective physical memory or incompatible software which caused a hardware driver or service request for data that was not in memory.I dont think I can help you with your PAGE_FAULT_IN_NONPAGED_AREA error. My expertise is malware removal and your problems sounds like it is software or memory problem. One of our other forums may be able to help you with it.Do you know what this is? Did you add it?C:\Program Files\_Other\VisualHorse\vhorse.exePlease download A-Squared Free, save it to the desktop. Double-click on a2FreeSetup.exe, follow the installer's instructions. At the end of the install process, make sure Launch a-squared Free is checked, then click Finish. When it launches, it will ask you if you would like to update, click Yes, it will take a few moments to update. When done with the update, if it asks you to restart the application, click Yes. At the main menu, click Scan Now, there will be 4 options, choose Deep Scan. At the end of the scan, click Save Report. Save the report to somewhere convenient, such as your desktop. If malware is found, select all found and click Quarantine selected objects.******************You will need to use Internet Explorer for this scan. Disable your antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status"... Read more

http://www.bleepingcomputer.com/forums/t/90606/i-think-i-have-a-keylogger/
Relevancy 29.67%

Hi all I have been having some issues with a Steam account of mine that I have lost control of twice and I don't know why I have changed all of my passwords and still it was taken again so a please I keylogger, Think help have I'm suspecting I may have a keylogger All of the scans that I ran didn't show anything but I'm still Think I have a keylogger, please help not convinced Here is a copy of my DDS fine and the attach txt as well as a hijackthis if thats even needed are attached Let me know if you need anything and thanks DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Andrew at on - - Microsoft Windows Home Premium GMT - AV avast Antivirus Enabled Updated B D - B-D C - E- FE FC C AV Emsisoft Anti-Malware Enabled Updated DEEF-CC - F - -F A F A DA SP avast Antivirus Enabled Updated CF - -DA - FCE-A D DFB SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Spybot - Search and Destroy Enabled Updated BC DF - CCA- D-A -C CA F A B SP Emsisoft Anti-Malware Enabled Updated E F B-EA E- F - B -CAD F Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files x Emsisoft Anti-Malware a service exe C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Program Files AVAST Software Avast AvastSvc exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows System spoolsv exe C Windows system taskhost exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows System svchost exe -k NetworkService C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system dlcccoms exe C Program Files x Juniper Networks Common Files dsNcService exe C Program Files Intel iCLS Client HeciServer exe C Program Files x Intel Intel reg Management Engine Components FWService IntelMeFWService exe C Program Files x Intel Intel reg Management Engine Components DAL jhi service exe C Program Files x Malwarebytes' Anti-Malware mbamscheduler exe C Program Files x Malwarebytes' Anti-Malware mbamservice exe C Program Files NetLimiter nlsvc exe C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Windows SysWOW PnkBstrA exe C Program Files x Spybot - Search amp Destroy SDFSSvc exe C ProgramData Skype Toolbars Skype C C Service c c service exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Spybot - Search amp Destroy SDUpdSvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Spybot - Search amp Destroy SDWSCSvc exe C Windows system SearchIndexer exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows System igfxpers exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files x Dell Photo AIO Printer dlccmon exe C Program Files Microsoft Xbox Accessories XBoxStat exe C Program Files Windows Media Player wmpnetwk exe C Program Files Logitech Gaming Software LCore exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x Microsoft Office Office OSA EXE C Program Files Logitech Gaming Software Applets LCDMedia exe C Program Files Logitech Gaming Software Applets LCDCountdown exe C Program Files Logitech Gaming Software Applets LCDClock exe C Program Files Logitech Gaming Software Applets LCDPop exe C Program Files Logitech Gaming Software Applets LCDRSS exe C Program Files x Intel Intel reg USB eXtensible Host Controller Driver Application iusb mon exe C Program Files AVAST Software Avast AvastUI exe C Program Files x iTunes iTunesHelper exe C Program Files x ATI ... Read more

A:Think I have a keylogger, please help

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512418 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/512418/think-i-have-a-keylogger-please-help/
Relevancy 29.67%

Got a note from EBAY that some had access to my account..they said a KEYLOGGER was possibly being used. Any suggestions on a program to stop this or way to do it? I have several malware programs running and anti virus too?
 

A:keylogger

Did the note suggest anything?

Are you sure it was from Ebay?
 

https://forums.techguy.org/threads/keylogger.586735/
Relevancy 29.67%

I think I might have a keylooger stealing my information, recently I had my bank info compromised, and they said it could be coming from my computer how can you help me make sure my computer is clean and free of key loggers and virus I have attached the two DDS files
 attach.txt   15.03KB
  1 downloads
 dds.txt   27.42KB
  5 downloads thank you in advance Marybub

A:keylogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540057 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/540057/keylogger/
Relevancy 29.67%

I am hoping perhaps for some assistance I have had a problem with the comput er Someone has accessed somehow a password from my computer im assuming and been able to get into a gaming area that i was in and as a result I lost an account and monies that I had spent in setting the account up Ive since closed down the account ran various scans and checks Im positive that Ive found a keylogger and a few other things that Ive removed But I really would appreciate if I could be assured that the computer is clean and safe so that I can get on with getting back to normal I had posted this about five days ago but i think it had perhaps gotten lost I apologize for reposting Ive Keylogger included a hijack log Regards Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Keylogger Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Keylogger Explorer EXE C Program Files AntiVir PersonalEdition Classic sched exe C Program Files AntiVir PersonalEdition Classic avguard exe C Program Files Comodo Firewall cmdagent exe C WINDOWS System svchost exe C windows system hpsysdrv exe C WINDOWS system hkcmd exe C HP KBD KBD EXE C WINDOWS system igfxtray exe C Program Files AntiVir PersonalEdition Classic avgnt exe C Program Files Comodo Firewall CPF exe C WINDOWS system ctfmon exe C Documents and Settings Owner My Documents Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - A E F- A- B -B -E C A F - no file O - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - Toolbar hp toolkit - B E - D D- DEB- B - D BCF F - C HP EXPLOREBAR HPTOOLKT DLL O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run KBD C HP KBD KBD EXE O - HKLM Run StorageGuard quot C Program Files VERITAS Software Update Manager sgtray exe quot r O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run avgnt quot C Program Files AntiVir PersonalEdition Classic avgnt exe quot min O - HKLM Run COMODO Firewall Pro quot C Program Files Comodo Firewall CPF exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Extra context menu item Customize Menu - file C Program Files Siber Systems AI RoboForm RoboFormComCustomizeIEMenu html O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Fill Forms - file C Program Files Siber Systems AI RoboForm RoboFormComFillFo... Read more

https://forums.techguy.org/threads/keylogger.564282/
Relevancy 29.67%

Since a few months ago my computer has been continuously blue screening sometimes very frequently once or twice in a Help with keylogger. row one day sometimes once Help with keylogger. a month etc I thought this was probably a problem with my RAM Was going to run memtest but very recently one of my accounts was accessed by a person from a foreign country I am not entirely sure if I have a keylogger but I am very suspicious and I don t want to take the risk of putting using any important information I would factory reset it but really don t want to go through the trouble Help with keylogger. of losing everything I have My HJT Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Bonjour mDNSResponder exe C Program Files LogMeIn Hamachi hamachi- exe C Program Files Java jre bin jqs exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files Linksys WUSB N WLService exe c WINDOWS system ZuneBusEnum exe C Program Files Linksys WUSB N WUSB N exe C WINDOWS Explorer EXE C Program Files Winamp winampa exe C Program Files Razer Tarantula razerhid exe C Program Files Java jre bin jusched exe C Program Files Zune ZuneLauncher exe C WINDOWS system RUNDLL EXE C WINDOWS RTHDCPL EXE C Program Files AirPort APAgent exe C WINDOWS system ctfmon exe C Program Files DNA btdna exe C Program Files Logitech SetPoint SetPoint exe C Documents and Settings Blobb Start Menu Programs Startup ahtoggle exe C Documents and Settings Blobb Start Menu Programs Startup minibin exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Razer Tarantula razertra exe C WINDOWS system msiexec exe c program files avira antivir desktop avcenter exe C PROGRA MOZILL FIREFOX EXE C Documents and Settings Blobb Desktop HijackThis exe C WINDOWS system wuauclt exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook DefaultSearchHook Class - C E B- - A - B- B BEFC DB - C Program Files AskSearch bin DefaultSearch dll file missing O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run Tarantula C Program Files Razer Tarantula razerhid exe O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run Ai Nap quot C Program Files ASUS AI Suite AiNap AiNap exe quot O - HKLM Run QFan Help quot C Program Files ASUS AI Suite QFan QFanHelp exe quot O - HKLM Run Cpu Level Up help C Program Files ASUS AI Suite CpuLevelUpHelp exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime Alternative QTTask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run MP EnsureFileVer C WINDOWS inf unregmp exe EnsureFileVersions O - HKLM Run Zune Launcher quot c Program Files Zune ZuneLauncher exe quot O - HKLM Run nwiz C Program Files NVIDIA Corporation nView nwiz exe install O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O -... Read more

https://forums.techguy.org/threads/help-with-keylogger.874805/
Relevancy 29.67%

Dunno This is my friends Keylogger Possible comp He wanted me to post this for him He thinks he removed it but you can never be too sure HJT Log Logfile Possible Keylogger of HijackThis v Scan saved at PM on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL Possible Keylogger C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM KB KB EXE C PROGRAM FILES GRISOFT AVG AVGFWSRV EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS SYSTEM QTTASK EXE C WINDOWS STARTER EXE C WINDOWS LOADQM EXE C PROGRAM FILES DRIVECLEANER FREE UDC EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE C WINDOWS SYSTEM WMIEXE EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE C PROGRAM FILES GRISOFT AVG AVGEMC EXE C PROGRAM FILES GRISOFT AVG AVGAMSVR EXE C PROGRAM FILES MSN MESSENGER MSNMSGR EXE C PROGRAM FILES AIM AIM EXE C PROGRAM FILES LINKSYS WMP CONFIG UTILITY WMP CFG EXE C WINDOWS SYSTEM DDHELP EXE C WINDOWS SYSTEM STIMON EXE C WINDOWS SYSTEM SPOOL EXE C WINDOWS DESKTOP HIJACKTHIS HIJACKTHIS EXE R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - EA - - DB- F -D CA FB C D - no file O - BHO BHObj Class - - F D- C- E - A C E C - C WINDOWS NEM DLL file missing O - BHO BHObj Class - F E -F E- B E- D - EA C E - C WINDOWS WSEM DLL file missing O - BHO no name - D E B - CE- B-BE B-A B E - C PROGRA SEARCH SEARCH DLL file missing O - BHO MyHlpObjectLib MyHlpObject - B E - E - ED -BCAC- BA CF - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES PBBHO DLL O - BHO PopupBlockerBHO CPopupBlockerBHO - D -C - -B AC- EF F E - C PROGRAM FILES SMARTPOPUPBLOCKER POPUPBLOCKERBHO DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar amp Pop Up Blocker - D B B - B - A - -E AD D - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES TOOLBAR DLL O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottime O - HKLM Run EnsoniqMixer starter exe O - HKLM Run LoadQM loadqm exe O - HKLM Run DriveCleaner Free quot C Program Files DriveCleaner Free UDC exe quot min O - HKLM Run SDR Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE quot O - HKLM Run PAS Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE quot O - HKLM Run UDC CW quot C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE quot -c O - HKLM Run AVG CC C PROGRA GRISOFT AVG AVGCC EXE STARTUP O - HKLM Run AVG EMC C PROGRA GRISOFT AVG AVGEMC EXE O - HKLM Run AVG AMSVR C PROGRA GRISOFT AVG AVGAMSVR EXE O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent mstask exe O - HKLM RunServices StateMgr C WINDOWS System Restore StateMgr exe O - HKLM RunServices KB C WINDOWS SYSTEM KB KB EXE O - HKLM RunServices avgfwsrv C PROGRA GRISOFT AVG AVGFWSRV EXE srvfsys O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run AIM C PROGRAM FILES AIM aim exe -cnetwait odl O - Startup Wireless-B PCI Adapter Utility lnk C Program Files Linksys WMP Config Uti... Read more

Relevancy 29.67%

I have been suspecting I have a keylogger on my machine for several days now and today it was confirmed. One of my sites was entered and a bulletin posted by someone other than myself. NO ONE has access to my machine personally other than me. My passwords are safe in that regard. The following file has been unsearchable on my machine yet scans by other sources say it is indeed on my machine. 0001000C.CI I have references to it online as being a keylogger. However, whenever I search for it on my machine about 15 seconds into the search the search box disappears, my desktop flashes as if on booting up and all icons reset themselves. I am on a HP Dv4000 running XP Home SP2. I have scanned with AVG, Spybot and Windows Defender. Any assistance as to how to remove this file, or search for and remove any other would be greatly appreciated.

A:Keylogger

http://wskills.blogspot.com/2007/01/how-to...keyloggers.htmlOne view.Louis

http://www.bleepingcomputer.com/forums/t/130951/keylogger/
Relevancy 29.67%

does any1 noe a keylogger that logs the welcome screen?

A:Keylogger

This question is contrary to the Forum Rules and shall not be replied. i will ask a moderator to close this topic

http://www.bleepingcomputer.com/forums/t/89524/keylogger/
Relevancy 29.67%

I would like to know if there is a keylogger on my computer installed by my father I am of legal age Keylogger? and not a dependent Keylogger? of his therefore this would be extremely illegal seeing that he is not respecting my right to privacy Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Keylogger? svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Norton Internet Security ISSVC exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS System wltrysvc Keylogger? exeC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC WINDOWS Explorer EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC WINDOWS system r ndll exeC WINDOWS system ctfmon exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system wdfmgr exeC Program Files iPod bin iPodService exeC WINDOWS System alg exeC WINDOWS System svchost exeC Program Files LimeWire LimeWire exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files The Weather Channel FW Desktop Weather DesktopWeather exeC WINDOWS system ICROSO NET nopdb exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - URLSearchHook no name - B E E-F E -D - D D-A B F B - C WINDOWS system bekulnch dllR - URLSearchHook no name - E E-F EB-DD - D B-AA BF F B - C WINDOWS system bekulnch dllR - URLSearchHook no name - A B-D DB- F -B D-EBB DCF - C WINDOWS system bekulnch dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - A B-D DB- F -B D-EBB DCF - C WINDOWS system bekulnch dllO - BHO no name - E E-F EB-DD - D B-AA BF F B - C WINDOWS system bekulnch dllO - BHO no name - B E E-F E -D - D D-A B F B - C WINDOWS system bekulnch dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Ru... Read more

A:Keylogger?

Hello and welcome to the forum. I do not see anything I recognize as a keylogger, but I sure see some nasty trojans and junk that needs to go. The only thing I can identify is this:C:\WINDOWS\system32\oleramic.dll <<< I am 99% sure this is bad and will schedule removal. If you want to look for more infomation, check it in one of these free online scans:http://virusscan.jotti.org/http://www.kaspersky.com/scanforvirushttp://www.virustotal.com/flash/index_en.htmlPlease post the results for me to view.This program: C:\Program Files\LimeWire\LimeWire.exe see this information: http://www3.ca.com/securityadvisor/pest/pe...px?id=453088059 and this: http://www.spywareinfo.com/articles/p2p/Limewire (The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean. Older and newer version may not be.) My suggest would be to choose one of the malware free programs available, and uninstall that junk.This: C:\WINDOWS\system32\r?ndll.exe is PurityScan adware, see the links:http://castlecops.com/startuplist-11102.htmlhttp://sarc.com/avcenter/venc/data/adware.purityscan.htmlFollow these instructions in the posted order:1) Review the information in the Symantec link above then download and run the uninstaller in the same link.2) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.3) ewido scan: Please download Ewido Security Suite it is a trial version of the program.Install ewido security suiteLaunch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.Ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.NOTE: During some scans with ewido it is finding cases of false positives.**You will need to step through the process of cleaning files one-by-one.If ewido detects a file you KNOW to be legitimate, select none as the action.DO NOT select "Perform action on all infections"If you are unsure of any entry found select none for now.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:R3 - URLSearchHook: (no name) - {3B3E157E-F4E9-D941-9D0D-A998B014F1B6} - C:\WINDOWS\system32\bekulnch.dllR3 - URLSearchHook: (no name) - {333E157E-F4EB-DD46-9D7B-AA98BF13F1B7} - C:\WINDOWS\system32\bekulnch.dllR3 - URLSearchHook: (no name) - {0A13250B-D9DB-9F72-B03D-EBB58823DCF3} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {0A13250B-D9DB-9F72-B03D-EBB58823DCF3} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {333E157E-F4EB-DD46-9D7B-AA98BF13F1B7} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {3B3E157E-F4E9-D941-9D0D-A998B014F1B6} - C:\WINDOWS\system32\bekulnch.dllO4 - HKCU\..\Run: [Jhkrh] C:\WINDOWS\system32\r?ndll.exeO21 - SSODL: Veraksys - {6FBB9606-84AB-4E18-AEE6-D883AA263768} - C:\WINDOW... Read more

http://www.bleepingcomputer.com/forums/t/46418/keylogger/
Relevancy 29.67%

Hi,

I was wondering if i can find out what my son's password is by using a keylogger, which i download on to my computer.

I know that keyloggers are illegal, but not if you use them on yourself???

Is there any other way to check my son's e-mail without him knowing??? He has a hotmail account, and I want to know who is sending him e-mails
 

A:keylogger?

we don't encourage or condone the use of such tools here and in view of the photo in the profile You look a bit young to be having a child that you need to monitor

I am closing this thread but feel free to send a pm to me or one of the other mods if you disagree
 

https://forums.techguy.org/threads/keylogger.543707/
Relevancy 29.67%

I have a keylogger problem my World of Warcraft account was recently hacked and I knew for sure it was a keylogger But just to be more sure and completely remove it I signed up to this forum to log Keylogger HJT - get help and so maybe someone can take a look at my Hijack This log file Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services Keylogger - HJT log exe C WINDOWS system lsass exe C WINDOWS system svchost exe c Program Files Microsoft Security Essentials MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe C Program Files Canon IJPLM IJPLMSVC EXE C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Security Essentials msseces Keylogger - HJT log exe C WINDOWS system ctfmon exe C Program Files DNA btdna exe C program files steam steam exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files Electronic Arts EADM Core exe C Program Files Curse CurseClient exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Xfire Xfire exe C Program Files iPod bin iPodService exe C WINDOWS system taskmgr exe C Program Files Mozilla Firefox firefox exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook no name - - no file O - Hosts scanner info O - BHO no name - D -C F - efb- B - ECA - no file O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - cd - a e- da - a c- e ef e e - C WINDOWS system fuledipu dll file missing O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO FCTB Pos - B BE B- BF- A - AB- CFF - C Program Files Gaia Online Toolbar Toolbar dll file missing O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B C AC BB E dll O - BHO d c -c - bcb- -dd ffc - cff - dd- -bcb - c c d - C WINDOWS system zrrbwq dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program F... Read more

A:Keylogger - HJT log

Bump (Just following the rules)
 

https://forums.techguy.org/threads/keylogger-hjt-log.875111/
Relevancy 29.67%

Hello So I'm rather paranoid after about months ago an account of mine was hacked and was not recovered I reformated my pc to remove whatever it was but recently Iv noticed behavior close to what it was before I was it. or a like something have i Do Keylogger? hacked now this could be just random screen hitching during resource intensive tasks or something else so i thought id ask the experts here is my log any help is appreciated Logfile of Trend Micro Do i have a Keylogger? or something like it. HijackThis v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x NVIDIA Corporation Update Core NvBackend exe C Program Files x Steam Steam exe C Program Files x Gyazo GyStation exe C Program Files x Steam bin steamwebhelper exe C Users Do i have a Keylogger? or something like it. Ellis AppData Roaming Spotify SpotifyWebHelper exe C Users Ellis AppData Roaming Spotify Spotify exe C Program Files x Skype Phone Skype exe C Users Ellis AppData Local Microsoft BingSvc BingSvc exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Roxio OEM Roxio Burn RoxioBurnLauncher exe C Windows V Mon exe C Program Files x Razer Synapse RzSynapse exe C Program Files Alienware Command Center AWCCApplicationWatcher exe C Users Ellis AppData Roaming Spotify Spotify exe C Users Ellis AppData Roaming Spotify Spotify exe C Program Files Alienware Command Center AlienFusionController exe C Program Files x Razer InGameEngine bit RazerIngameEngine exe C Users Ellis AppData Local razer InGameEngine cache RzSynapse RzCefRenderProcess exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Users Ellis Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell co uk alienware R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Bing Bar Helper - d ce e -f a- - e- dc f c f - C Program Files x Microsoft BingBar BingExt dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Bing Bar - dcb -df - - - fa b f - C Program Files x Microsoft BingBar BingExt dll file missing O - HKLM Run IAStorIcon C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe O - HKLM Run THX Audio Control Panel C Program Files x Creative THX TruStudio PC THXAudioCP THXAudio exe r O - HKLM Run UpdReg C Windows UpdReg EXE O - HKLM Run Adobe Reader Speed Launcher C Program Files x Adobe Reader Reader Reader sl exe O - HKLM Run Adobe ARM C Program Files x Common Files Adobe ARM AdobeARM exe O - HKLM Run RoxWatchTray C... Read more

A:Do i have a Keylogger? or something like it.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.POST THE LOG FOR MY REVIEW.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.==========Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.Let me know what problems persists.===p.s.HijackThis is no longer supported.I suggest your remove it Using the Add/Remove programs applet.Use the Farbar tool from now on to report problems.<<<>>>

http://www.bleepingcomputer.com/forums/t/607536/do-i-have-a-keylogger-or-something-like-it/
Relevancy 29.67%

Hello So I'm rather paranoid after about months ago an account of mine was hacked and was not recovered I reformated my pc to remove whatever it was but recently Iv noticed behavior close to what it was before I was hacked now this could be just random screen hitching during resource intensive tasks or something else so i thought id ask the experts here is my log any help is appreciated Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x NVIDIA Corporation Update Core NvBackend exe C Program Files Do something have or i it. Keylogger? like a x Steam Steam exe C Program Files x Gyazo GyStation exe C Program Files x Steam bin steamwebhelper exe C Users Ellis AppData Roaming Spotify SpotifyWebHelper exe C Users Ellis AppData Roaming Spotify Spotify exe C Program Files x Skype Phone Skype exe C Users Ellis AppData Local Microsoft BingSvc BingSvc exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Roxio OEM Roxio Burn RoxioBurnLauncher exe C Windows V Mon exe C Program Files x Razer Synapse RzSynapse exe C Program Files Alienware Command Center AWCCApplicationWatcher exe C Users Ellis AppData Roaming Spotify Spotify exe C Users Ellis AppData Roaming Spotify Spotify exe C Program Files Alienware Command Center AlienFusionController exe C Program Files x Razer InGameEngine bit RazerIngameEngine exe C Users Ellis AppData Do i have a Keylogger? or something like it. Local razer InGameEngine cache RzSynapse RzCefRenderProcess exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Do i have a Keylogger? or something like it. Application chrome exe C Program Files x Google Chrome Application Do i have a Keylogger? or something like it. chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Users Ellis Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell co uk alienware R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Bing Bar Helper - d ce e -f a- - e- dc f c f - C Program Files x Microsoft BingBar BingExt dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Bing Bar - dcb -df - - - fa b f - C Program Files x Microsoft BingBar BingExt dll file missing O - HKLM Run IAStorIcon C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe O - HKLM Run THX Audio Control Panel C Program Files x Creative THX TruStudio PC THXAudioCP THXAudio exe r O - HKLM Run UpdReg C Windows UpdReg EXE O - HKLM Run Adobe Reader Speed Launcher C Program Files x Adobe Reader Reader Reader sl exe O - HKLM Run Adobe ARM C Program Files x Common Files Adobe... Read more

A:Do i have a Keylogger? or something like it.

Duplicate.This topic will be closed.

http://www.bleepingcomputer.com/forums/t/607537/do-i-have-a-keylogger-or-something-like-it/
Relevancy 29.67%

Hi I recently have had my credit card used illegally and then today someone accessing my ebay account as well I am hoping you could help me check if I had something like a keylogger causing this Thanks so much Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by jtate administrator on DESKTOP- RB MT - - Running from C Users jtate may a have Keylogger I Desktop Computer Clean Loaded Profiles jtate Available Profiles jtate Platform Windows Pro Version X Language English United States Internet Explorer Version Default browser FF Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in I may have a Keylogger the fixlist the process will be closed The file will not be moved NVIDIA Corporation C Windows System nvvsvc exe NVIDIA Corporation C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe NVIDIA Corporation C Program Files NVIDIA Corporation Display nvxdsync exe NVIDIA Corporation C Windows System nvvsvc exe AVAST Software C Program Files AVAST Software Avast AvastSvc exe NVIDIA Corporation C Program Files NVIDIA Corporation GeForce Experience Service GfExperienceService exe Apple Inc C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Nero AG C Program Files x Common Files Nero Nero BackItUp NBService exe NVIDIA Corporation C Program Files x NVIDIA Corporation NetService NvNetworkService exe Apple Inc C Program Files Bonjour mDNSResponder exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamService exe WIBU-SYSTEMS AG C Program Files x CodeMeter Runtime bin CodeMeter exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamNetworkService exe NVIDIA Corporation C Program Files NVIDIA Corporation NvStreamSrv NvStreamUserAgent exe C Program Files WindowsApps Microsoft Messaging x wekyb d bbwe SkypeHost exe NVIDIA Corporation C Program Files x NVIDIA Corporation Update Core NvBackend exe NVIDIA Corporation C Program Files NVIDIA Corporation Display nvtray exe Microsoft Corporation C Windows System SettingSyncHost exe Apple Inc G Program Files iTunes iTunesHelper exe Valve Corporation G Steam Steam exe Apple Inc C Program Files iPod bin iPodService exe C Program Files x Datacolor Spyder Pro Utility SpyderUtility exe AVAST Software C Program Files AVAST Software Avast AvastUI exe Adobe Systems Incorporated C Program Files x Adobe Acrobat Acrobat acrobat sl exe Adobe Systems Inc C Program Files x Adobe Acrobat Acrobat acrotray exe Oracle Corporation C Program Files x Common Files Java Java Update jusched exe Valve Corporation G Steam bin steamwebhelper exe Valve Corporation C Program Files x Common Files Steam SteamService exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run NvBackend gt C Program Files x NVIDIA Corporation Update Core NvBackend exe - - NVIDIA Corporation HKLM Run ShadowPlay gt C WINDOWS system rundll exe C WINDOWS system nvspcap dll ShadowPlayOnSystemStart HKLM Run iTunesHelper gt G Program Files iTunes iTunesHelper exe - - Apple Inc HKLM-x Run AvastUI exe gt C Program Files AVAST Software Avast AvastUI exe - - AVAST Software HKLM-x Run AdobeCS ServiceManager gt C Program Files x Common Files Adobe CS ServiceManager CS ServiceManager exe - - Adobe Systems Incorporated HKLM-x Run Adobe Acrobat Speed Launcher gt C Program Files x Adobe Acrobat Acrobat Acrobat sl exe - - Adobe Systems Incorporated HKLM-x Run gt X HKLM-x Run Acrobat Assistant gt C Program Files x Adobe Acrobat Acrobat Acrotray exe - - Adobe Systems Inc HKLM-x Run SunJavaUpdateSched gt C Program Files x Common Files Java Java Update jusched exe - - Oracle Corporation HKU S- - - - - - - Run Steam gt G Steam steam exe - - Valve Corporation HKU S- - - - - - - Run GoogleChromeAutoLaunch E E A C F A E D CD gt C Program Files ... Read more

A:I may have a Keylogger

Hi Kremit222, My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.Please do not install any new software while we are working on this system as it may hinder our process.Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.Please do not try to fix anything without being ask.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.If you are confused about any instruction, stop and ask. Do not keep on going.Do not repeat the steps if you face any problems.I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.  I am seeing nothing out of ordinary. Did you visit any shady websites or download/install any dubious content? Step #1 Fix with FRSTMake sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.Open Notepad.exe. Do not use any other text editor software;Copy and Paste the contents inside the code-box to your Notepad --Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\Users\jtate\AppData\Local\Temp\nscEC1A.tmp\Installer-75803003.exe
2016-02-25 09:37 - 2016-02-25 09:37 - 0000000 ____H () C:\ProgramData\cm-lock
HKLM-x32\...\Run: [] => [X]
EndClick on File > Save as...Inside the File Name box type fixlist.txt;From the Save as type drop down list, choose All FilesSave the file to your Desktop;Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.After the completion, a log will be produced;Copy and Paste the contents of the log in your next reply. Step #2 Run Malwarebytes' Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.Update the program if asked.In the Scan System option check all the boxes and click on Scan.Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.After the clean-up process; locate two logs in the mbar folder namely--mbar-log.txt; andsystem-log.txtCopy and paste the contents of the log in your next reply. Required Log(s):FRST Fix Logmbar-log.txt; andsystem-log.txtRegards,Valinorum

http://www.bleepingcomputer.com/forums/t/606404/i-may-have-a-keylogger/
Relevancy 29.67%

As in topic, I might think I have it. I would appreciate if any of you could help?

Thanks in advance

A:I think I might have keylogger?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.POST THE LOG FOR MY REVIEW.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===What problems are you having with this computer.Wait for further instructions.

http://www.bleepingcomputer.com/forums/t/603666/i-think-i-might-have-keylogger/
Relevancy 29.67%

days ago my computer was infected by a Keylogger and it stole some of my accounts informations then i start to download Kaspersky instead of my Nod and also downloaded Malwarbytes-Antimalware spybot and i run full scan with all of them they found some Registry Problems and then programs fixed it and now seems my computer is clean now i put my Help Keylogger plz .. Hijacked Log here and hope u guys can help me out if Keylogger Help plz .. u see anything wrong thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Sony ISB Utility ISBMgr exe C Program Files x Java jre bin jusched exe C Program Files x Sony VAIO Wireless Keylogger Help plz .. Wizard AutoLaunchWLASU exe C Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Sony Corporation SmartWi Connection Utility CCP exe C Program Files Sony Corporation SmartWi Connection Utility PowerManager exe C Program Files Sony Corporation SmartWi Connection Utility ThirdPartyAppMgr exe C Program Files Sony Corporation SmartWi Connection Utility UIManager exe C Program Files WIDCOMM Bluetooth Software BluetoothHeadsetProxy exe C Windows SysWOW conime exe C Program Files x Spybot - Search amp Destroy SpybotSD exe C Program Files x Malwarebytes Anti-Malware mbam exe C Program Files x Mozilla Firefox firefox exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page Keylogger Help plz .. URL http www sony com vaiopeople R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www sony com vaiopeople R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeople R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files x Kaspersky Lab Kaspersky Anti-Virus ievkbd dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO AOL Toolbar BHO - C - CB - A -B F - EA C F - C Program Files x AOL AOL Toolbar aoltb dll O - BHO link filter bho - E CF -D - A- F - F A F - C Program Files x Kaspersky Lab Kaspersky Anti-Virus klwtbbho dll O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Program Files x AOL AOL Toolbar aoltb dll O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run ISBMgr exe quot C Program Files x Sony ISB Utility ISBMgr exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run AML quot C Program Files x Sony VAIO Launcher AML exe quot InitApp O - HKLM Run VAIOMyMemCenter quot C Program Files Sony VAIO My Memory Center VAIO MyMemCenter exe quot O - HKLM Run VWLASU quot C Program Files x Sony VAIO Wireless Wizard AutoLaunchWLASU exe quot O - HKLM Run SmartWiHelper quot C Program Files Sony Corporation SmartWi Connection Utility SmartWiHelper exe quot WindowsStartup O - HKLM Run VAIO Help and Support Demo quot C Program Files Sony VAIO Help and Support Demo LaunchVHSD exe quot O - HKLM Run VAIORegistration quot C Program Files Sony First Experie... Read more

Relevancy 29.67%

I used Ad-Aware SE and found Win Trojan Downloader and Or Keylogger? More? deleted could there be more I found that when i pressed some special key like Volum Up Volum Down on my keyboard then my keyboard turn out unresponing Still my computer is working normally After deleting Keylogger? Or More? Win trojan downloader it remain UNCHANGEDI just simply scanned in normal mode Check this out I used AVG Free and Window Defender at first and they says they found NOTHING -----------------------------------------------------------------------------Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Keylogger? Or More? WINDOWS system RUNDLL EXEC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files AGEIA Technologies TrayIcon Keylogger? Or More? exeC Program Files Intel Audio Studio IntelAudioStudio exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Java jre bin jusched exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Defender MSASCui exeC Program Files Internet Explorer iexplore exeC WINDOWS system ctfmon exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Valve Steam Steam exeC PROGRA Grisoft AVGFRE avgamsvr exeC Program Files HP Digital Imaging bin hpqtra exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system cisvc exeC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system nvsvc exeC WINDOWS System snmp exeC WINDOWS system svchost exeC Program Files HP hpcoretech comp hptskmgr exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system wscntfy exeC WINDOWS system cidaemon exeC WINDOWS system cidaemon exeC Program Files FlashGet flashget exeC Program Files Internet Explorer iexplore exeC Documents and Settings Anthony HijackThis exeO - Hosts update nf com cnO - Hosts game nf com cnO - Hosts game nf com cnO - Hosts shgame nf com cnO - Hosts game nf com cnO - Hosts game nf com cnO - Hosts shgame nf com cnO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO IeCatch Class - F -AA - B - F D- A B E EF - C PROGRA FlashGet jccatch dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - Toolbar FlashGet Bar - E E AB-F - D - D - BA E - C PROGRA FlashGet fgiebar dllO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run C-Media Speaker Configuration C PROGRA C-Media WIN ME Setup exe SPEAKERO - HKLM Run AGEIA PhysX SysTray C Program Files AGEIA Technologies TrayIcon exeO - HKLM Run SigmatelSysTrayApp sttray exeO - HKLM Run IntelAudioStudio quot C Program Files Intel Audio Studio IntelAudioStudio exe quot TRAYO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run SunJ... Read more

A:Keylogger? Or More?

PLZZZZZZZZZZZZZzzz I REALLY NEEED HEEEEEEEEEEELPPPPPPPPPP!!!!!!!!

http://www.bleepingcomputer.com/forums/t/58614/keylogger-or-more/
Relevancy 29.67%

Please can anybody look at this log and confirm if I am safe or not Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes H WINDOWS System smss exeH WINDOWS SYSTEM winlogon exeH WINDOWS system services exeH WINDOWS system lsass exeH WINDOWS system svchost exeH WINDOWS System svchost exeH WINDOWS system spoolsv exeH PROGRA Grisoft AVGFRE avgamsvr exeH PROGRA Grisoft AVGFRE avgupsvc exeH Program Files Cisco Systems VPN Client cvpnd exeH Program Files Common Files Microsoft Shared VS DEBUG MDM EXEH Program Files File System Information Keylogger? SystemFolder PVService exeH WINDOWS System svchost exeH WINDOWS Explorer EXEH Program Files Webroot Spy Sweeper SpySweeper exeH WINDOWS System spool drivers w x hpztsb exeH Program Files ScreenPrint v ScreenPrint exeH WINDOWS System hphmon exeH Program Files Java jre bin jusched exeH Program Files Ulead Systems Ulead Photo Explorer SE Basic Monitor exeH PROGRA Grisoft AVGFRE avgcc exeH Program Files Common Files Real Update OB realsched exeH Program Files SPYWAREfighter spfprc exeH WINDOWS Keylogger? System ctfmon exeH Program Files IEEE g Wireless LAN Utility wlanIG exeH WINDOWS twain CSUSB WATCH exeH Program Files WinZip Keylogger? WZQKPICK EXEE Program Files Ghosts wash exeH WINDOWS System HPHipm exeH WINDOWS System wuauclt exeH Program Files Mozilla Firefox firefox exeH PROGRA Grisoft AVGFRE avgwb datH WINDOWS system rundll exeH Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy pandora be R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride lt local gt R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName KoppelingenF - REG system ini UserInit H WINDOWS regedit s H pav reg H WINDOWS System pavdr exe H WINDOWS System userinit exe O - BHO no name - - F - D - - D F - H PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - H Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - H Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Private view Helper - E FE -C - F - D - BDE C AC - H Program Files File System Information SystemFolder PVPlugin dllO - Toolbar amp Radio - E - F- D - E- A C - H WINDOWS System msdxm ocxO - HKLM Run HPDJ Taskbar Utility H WINDOWS System spool drivers w x hpztsb exeO - HKLM Run ScreenPrint quot H Program Files ScreenPrint v ScreenPrint exe quot -startupO - HKLM Run HPHmon H WINDOWS System hphmon exeO - HKLM Run SunJavaUpdateSched quot H Program Files Java jre bin jusched exe quot O - HKLM Run Ulead AutoDetector quot H Program Files Ulead Systems Ulead Photo Explorer SE Basic Monitor exe quot O - HKLM Run SpySweeper quot H Program Files Webroot Spy Sweeper SpySweeperUI exe quot startintrayO - HKLM Run AVG CC quot H PROGRA Grisoft AVGFRE avgcc exe quot STARTUPO - HKLM Run TkBellExe quot H Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run spywarefighterguard quot H Program Files SPYWAREfighter spfprc exe quot O - HKCU Run CTFMON EXE H WINDOWS System ctfmon exeO - Startup Ghosts Wash lnk E Program Files Ghosts wash exeO - Global Startup Cisco Systems VPN Client lnk H Program Files Cisco Systems VPN Client vpngui exeO - Global Startup IEEE g Wireless LAN Utility lnk O - Global Startup Watch lnk H WINDOWS twain CSUSB WATCH exeO - Global Startup WinZip Quick Pick lnk H Program Files WinZip WZQKPICK EXEO - Extra context menu item amp Dictionary - http www ezreference com ie-com-p htmO - Extra context menu item amp eBay Search - res H Program Files eBay eBay Toolbar eBayTb dll RCSearch htmlO - Extra context menu item amp Encyclopedia - http www ezreference com ie-com-e-p htmO - Extra context menu item amp Google Search - res H Program Files Google GoogleToolbar dll cmsearch htmlO - Extra context menu item Download amp Flash Movies - H Program Files Flash X Flash ... Read more

A:Keylogger?

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

http://www.bleepingcomputer.com/forums/t/65246/keylogger/
Relevancy 29.67%

I think it was a keylogger i've been scanning my computer repeatedly and it's coming up clean But i want to verify that it's gone Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services Keylogger Wow exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS Wow Keylogger ehome ehtray exeC Program Files Java jre bin jusched exeC Program Files Intel Intel Matrix Storage Manager iaanotif exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exeC WINDOWS system Rundll exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Adobe Acrobat Distillr Acrotray exeC WINDOWS System spool DRIVERS W X E S I J EXEC Program Files Logitech iTouch iTouch exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC Program Files Logitech MouseWare system em exec exeC WINDOWS system RUNDLL EXEC WINDOWS system rundll exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC PROGRA Greatis REGRUN WatchDog exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system CTsvcCDA EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files ewido anti-spyware guard exeC Program Files Intel Intel Matrix Storage Manager iaantmon exeC WINDOWS system nvsvc exeC Program Files QUICKENW QWDLLS EXEC WINDOWS system svchost exeC WINDOWS system MsPMSPSv exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Documents and Settings Carrie Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DER - HKCU Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exeO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run CTSysVol C Program Files Creative Sound Blaster Live -bit Surround Mixer CTS... Read more

A:Wow Keylogger

Hi bleed Welcome to BC. Before we do anything, you'll need to place HijackThis.exe in a folder of its own for it to function properly. Right click on an empty space on your desktop. Go to New>Folder to create a new folder. Name it HijackThis. Drag and drop HijackThis.exe into the new folder.============================================Looks like you're running two antivirus programs, i.e. AVG and Kaspersky. That's not a good idea. They will conflict with each other leaving your computer more vulnerable rather than making it more secure. Please decide on one of them and uninstall the other.============================================Logitech Desktop Messenger uses "BackWeb" proactive technology to retrieve information about your Logitech devices by downloading content in the background during network idle time. Eventhough they claim not to upload any other information to their servers or any other internet servers, it's still spying in my book. So, if you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panelGo to Start>Control Panel>Add/Remove Programs and remove the following programs:C:\Program Files\MyWaySAC:\Program Files\Logitech\Desktop Messenger============================================Now we can start with the fix. Pleas disable Windows Defender and Ewido guard so that they will not interfere with the fix. You can re-enable them once the system is clean.To disable Windows Defender: Open Windows Defender Click Tools Click General Settings Scroll down to Real Time Protection Options Uncheck Turn on Real Time Protection (recommended)After you uncheck this, click on the Save button Close Windows DefenderTo disable Ewido:From the system tray:Right-click the system tray icon and uncheck real time protection.

or
From within Ewido -Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.============================================Make sure that you can see hidden files " Click Start " Open My Computer " Select the Tools menu and click Folder Options " Select the View Tab " Under the Hidden files and folders heading select Show hidden files and folders " Uncheck the Hide protected operating system files (recommended) option " Click Yes to confirm " Click OK** These files are hidden to stop you accidentally removing something important. It is advisable to hide them again after fixing your computer. **============================================Scan with HijackThis and put a checkmark against the following entries:R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dllO2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dllO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ControlDiskTsk] winzrs32.exeClose all browsers/windows/applications/email, etc., except HijackThis and click on fix checked.. Exit HijackThis.============================================Restart your computer in Safe Mode.If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode.Look in here for more information.============================================In Safe Mode, using Windows' Search function, search for and delete the following file ... Read more

http://www.bleepingcomputer.com/forums/t/66041/wow-keylogger/
Relevancy 29.67%

Heres my log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system acs exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files NETGEAR Wireless Smart Configuration Utility NetgearAG exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files Common Files AOL ee AOLHostManager exe C Program Files Messenger msmsgs exe C PROGRA MOZILL FIREFOX EXE C Documents and Settings Zach My Documents i-hate-keyloggers exe C Program Files Common Files AOL ee AOLServiceHost exe C Program Files Belkin PCI F D Wireless Utility Belkinwcui exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Documents and Settings Zach Desktop - c exe C PROGRA Mozilla Firefox firefox exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Think keylogger got a I ;( Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - URLSearchHook AOLTBSearch Class - Think I got a keylogger ;( EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll Think I got a keylogger ;( R - Think I got a keylogger ;( URLSearchHook no name - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AOL Toolbar aoltb dll O - HKLM Run LXCFCATS rundll C WINDOWS System spool DRIVERS W X LXCFtime dll email protected O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run HostManager C Program Files Common Files AOL ee AOLHostManager exe O - HKLM Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe O - HKLM Run Starter C WINDOWS system STARTER EXE O - HKLM Run AS Netgear C Program Files NETGEAR Wireless Smart Configuration Utility NetgearAG exe -hide O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run EnsoniqMixer C WINDOWS System Starter Exe O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Steam quot c program files steam steam exe quot -silent O - HKCU Run AIM C Program Files AIM aim exe -cnetwait odl O - HKCU Run I-Hate-Keyloggers C Documents and Settings Zach My Documents i-hate-keyloggers exe O - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quiet O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Belkin Wireless Utility lnk C Program Files Belkin PCI F D Wireless Utility Belkinwcui exe O - Global Startup HPAiODevice hp officejet g series - lnk C Program Files Hewlett-Packard AiO hp officejet g series Bin hpoavn exe O - Extra context menu item amp AOL Toolbar Search - c program files aol aol toolbar resources en-... Read more

A:Think I got a keylogger ;(

Anyone gonna help me ?
 

https://forums.techguy.org/threads/think-i-got-a-keylogger.561455/
Relevancy 29.67%

Hi all ive ran scans with ad aware spybot and i have avg etc i installed the software a while back and the win spy software keeps appearing in the tray and i dont know how to get rid of it any advice would be great hers my log Logfile of Trend I Get To It! How Win Rid Keylogger Spy Of Micro HijackThis v BETA Scan saved at on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C Program Files Common Files AOL Win Spy Keylogger How To I Get Rid Of It! ACS AOLAcsd exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system slserv exe C WINDOWS System svchost exe C WINDOWS wanmpsvc exe C WINDOWS Explorer EXE C WINDOWS System igfxtray exe C WINDOWS System hkcmd exe C WINDOWS System igfxpers exe C Program Files QuickTime qttask exe C Program Files BT Voyager ADSL Modem dslstat exe C Program Files VoyagerTest fts exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files Logitech LComMgr Communications Helper exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C Program Files Java jre bin jusched exe C Program Files USB Disk Win Driver Res EXE C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Common Files Logitech LComMgr LVComSX exe C PROGRA Grisoft AVG avgcc exe C WINDOWS system ctfmon exe C Program Files MSN Messenger msnmsgr exe C Program Files AOL aoltray exe c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe C Program Files SpywareGuard sgmain exe c program files common files aol ee aolsoftware exe C Program Files SpywareGuard sgbhp exe C Program Files AOL waol exe C Program Files AOL shellmon exe C Program Files Common Files AOL aoltpspd exe C WINDOWS system OS check services exe C Program Files Mozilla Firefox firefox exe C Documents and Settings DARREN Desktop HiJackThis v exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKLM Software Microsoft Internet Explorer Main First Home Page C Program Files AOL Toolbar welcome html R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run Persistence C WINDOWS System igfxpers exe O - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run DSLSTATEXE C Program Files BT Voyager ADSL Modem dslstat exe icon O - HKLM Run FP Friendly fts exe quot C Program Files VoyagerTest fts exe quot O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files Logitech LComMgr Communications Helper exe quot O - HKLM Run High Definition Audio Property Page Shortcut HDA... Read more

https://forums.techguy.org/threads/win-spy-keylogger-how-to-i-get-rid-of-it.562403/
Relevancy 29.67%

I just had one of my online game accounts hacked and am thinking i might have a keylogger I Keylogger? just ran a virus scan last night and didnt find anything It is McAfee security and is updated I ran a HJT and here is the log Really appreciate any help so that I can go back to playing games on my gaming rig Here is the HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files SiteAdvisor SiteAdv exe C WINDOWS system RUNDLL EXE C WINDOWS system CTHELPER EXE C Program Files Google Gmail Notifier gnotify exe C Program Files Java jre bin jusched exe C WINDOWS system rundll exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C Program Files SiteAdvisor SAService exe c PROGRA mcafee com agent mcagent exe C WINDOWS System alg exe C WINDOWS system ntvdm exe c PROGRA mcafee VIRUSS mcvsshld exe C Program Files World of Warcraft WoW exe C Program Files Anti-keylogger Anti-keylogger exe c program files mcafee msc mcshell exe C PROGRA Mozilla Firefox firefox exe C Documents and Settings CPZ My Documents Downloads HijackThis exe O - BHO no name - FD D- B- FC- - Keylogger? AE - C Program Files SiteAdvisor SiteAdv dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - Keylogger? DB D A - - E -B D- F C - c program files mcafee virusscan scriptcl dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - Keylogger? C Program Files SiteAdvisor SiteAdv dll O - HKLM Run SiteAdvisor C Program Files SiteAdvisor SiteAdv exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe r O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run e - f c- e -a ec-b a b c C Program Files Google Gmail Notifier gnotify exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SpyHunter C Program Files Enigma Software Group SpyHunter SpyHunter exe O - HKLM Run Anti-keylogger C Program Files Anti-keylogger Anti-keylogger exe autorun O - HKCU Run DAEMON Tools quot C Program Files DAEMON Tools daemon exe quot -lang O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF BF - BF- D -BE - DF F SimCityX Control - http simcity ea com play classic SimCityX cab O - DPF D C -DB B- - B - EE A C F SproutLauncherCtrl Class - http www gamehouse com games SproutLauncher cab O - Protocol siteadvisor - A DC - - EAA- EE -AF BCF - C Program Files SiteAdvisor SiteAdv dll O - Winlogon Notify WgaLogon - C WINDOWS SYSTEM WgaLogon dll O - SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - C WINDOWS system WPDShServiceObj dll O - Service McAfee E-mail Proxy Emproxy - McAfee Inc - C PROGRA COMMON McAfee EmProxy emproxy exe O - Service McAfee HackerWatch Serv... Read more

Relevancy 29.67%

Hello i got a keylogger recently and really need help asap I m a newbie on these things so i have tried my best i have scanned with norton but nothing came up but then i downloaded AVG and a few things came up http img imageshack us my php image mesadpandakc jpg I deleted the rest but the thing i think is the keylogger Trojan Wow is in Quarantine and its supposed not to make any harm there http img imageshack us my php Keylogger help. image mesadpanda bv jpg So how am im sure im safe Because i cant Keylogger help. risk losing my passwords to several games and accounts And whould rather not have to start windows over as i have many important files Here is the Hijackthis log Logfile of Trend Keylogger help. Micro HijackThis v BETA Scan saved at on - - Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe Keylogger help. C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Norman Npm bin ELOGSVC EXE C Norman Npm Bin Zanda exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C WINDOWS system nvsvc exe C WINDOWS Explorer EXE C Norman Npm bin NJEEVES EXE C WINDOWS System alg exe C WINDOWS system rundll exe C Program Java jre bin jusched exe C Program VIA RAID raid tool exe C WINDOWS RTHDCPL EXE C WINDOWS sm hlpr exe C Program Synaptics SynTP SynTPEnh exe C Norman Npm bin ZLH EXE C Program Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program iTunes iTunesHelper exe C Program QuickTime qttask exe C WINDOWS system ctfmon exe C Program MSN Messenger msnmsgr exe C Program DAEMON Tools daemon exe C Program AIM aim exe C WINDOWS system svchost exe C Program AIM aolsoftware exe C Program iPod bin iPodService exe C WINDOWS system wbem wmiprvse exe C WINDOWS system wbem unsecapp exe C Program Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program MSN Messenger usnsvc exe C Program Grisoft AVG Anti-Spyware guard exe C Program Grisoft AVG Anti-Spyware avgas exe C Program Mozilla Firefox firefox exe C Documents and Settings Patrik Skrivbord ATF-Cleaner exe C Norman Nvc BIN NIP EXE C Norman Nvc bin nvcoas exe C Norman Nvc BIN NVCSCHED EXE C Norman Nvc bin cclaw exe C Program Internet Explorer IEXPLORE EXE C Program Delade filer Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings Patrik Skrivbord P promo exe C Documents and Settings Patrik Skrivbord HiJackThis v exe C WINDOWS system wbem wmiprvse exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Delade filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Delade filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Windows Live Toolbar msntb dll O - Toolbar amp Google - C B - - d - B - A CD F - c program google googletoolbar dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Windows Live Toolbar msntb dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl Bluet... Read more

Relevancy 29.67%

Hello I m not that ace when it comes to pc s but i did have soemthing suspicios happening to me when i keylogger Possible started Possible keylogger up my pc the other day Looked like something sneakinstalled in startup process and i immediately got suspicious ran a scan but found nothing but tracking cookies Now i found myself Possible keylogger hacked on quot world of warcraft quot today and i ofc suspect a keylogger wich i seam unable to find The current thing i have tried or steps taken are http forums wow-europe com thread html topicId amp sid amp pageNo I am now at the final step of posting my logs to see if they can be of any help I would appreciate any help in the matter Here is the log from Hijack This Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Windows vmsnap exe C Windows Domino exe C Program Files x Windows Live Messenger msnmsgr exe C Users Sandra AppData Roaming Octoshape Octoshape Streaming Services OctoshapeClient exe C Program Files x uTorrent uTorrent exe C Program Files x Personal bin Personal exe C Program Files x Java jre bin jusched exe C Program Files x OpenOffice org program soffice exe C Program Files x iTunes iTunesHelper exe C Program Files x OpenOffice org program soffice bin C Program Files x Lavasoft Ad-Aware AAWTray exe C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files x Ventrilo Ventrilo exe C Windows SysWOW DllHost exe C Program Files x Windows Live Contacts wlcomm exe C Program Files x AVG AVG avgtray exe C Program Files x AVG AVG avgui exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows SysWow Macromed Flash FlashUtil c exe C Program Files x Internet Explorer iexplore exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www mmo-champion com index php R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files x AVG AVG Toolbar IEToolbar dll O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files x Malwarebytes Anti-Malware mbam exe quot runcleanupscript O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRun O - HKCU Run msnmsgr quot C Program ... Read more

Relevancy 29.67%

Hi guys thanks in advance for any help I recently have been getting a popup from comodo firewall everytime i open an online game Keylogger?! I will use the popup i get from quot Knight Online quot as an example Knight online client is Keylogger?! trying to connect to the internet what would you like to do Details Application KnightOnLine exe Security considerations C Program Files Micosoft Games Halo halo exe has loaded dinput dll into KnightOnline exe using a global hook which could be used by keyloggers to steal private imformation I thought that somehow halo was corrupted so i removed it from my computer and it still happens to all my online games Anyone got any ideas and is this actually a keylogger Got a hijackthis log too Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Comodo Firewall cmdagent exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C WINDOWS System svchost exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C Program Files Adobe Reader Reader Reader sl exe C Program Files Comodo Firewall CPF exe C WINDOWS AGRSMMSG exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Volumouse volumouse exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C WINDOWS system wuauclt exe C Documents and Settings Owner My Documents Trones Stuff HiJackThis v exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO ADSTechnology module - CBAC - - - D -FEB F F E C - C Program Files ADSTechnology ADSTechnology dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dll O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run AlcWzrd ALCWZRD EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run COMODO Firewall Pro quot C Program Files Comodo Firewall CPF exe quot background O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run... Read more

https://forums.techguy.org/threads/keylogger.635944/
Relevancy 29.67%

I clicked on a link that is a known keylogger I want to make sure that I'm in the clear Any information on this or any other issues you may see is greatly appreciated I followed all of the steps listed prior to posting this log file --------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss Possible Keylogger exeC Possible Keylogger WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS Explorer EXEC Program Possible Keylogger Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system HPZipm exeC Program Files Common Files Intuit DatabaseServer QBPOSDBService exeC WINDOWS system svchost exeC Program Files Common Files Intuit DatabaseServer QBDBMgrN exeC Program Files Common Files Intuit DatabaseServer QBDBMgrN exeC windows system hpsysdrv exeC WINDOWS AGRSMMSG exeC Program Files Common Files Real Update OB realsched exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS ALCXMNTR EXEC HP KBD KBD EXEC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Possible Keylogger MSN Messenger msnmsgr exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Microsoft SQL Server Tools Binn sqlmangr exeC WINDOWS System svchost exeC Program Files MSN Messenger usnsvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files iPod bin iPodService exeC Program Files Intuit QuickBooks Point of Sale qbpos exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run DXDllRegExe dxdllreg exeO - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM ... Read more

A:Possible Keylogger

Hello Achiras and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

http://www.bleepingcomputer.com/forums/t/111846/possible-keylogger/
Relevancy 29.67%

Long story short I'm convinced someone has installed a keylogger on my computer I've checked all the obvious places but it's pretty unlikely they'd just leave the program out in the open I downloaded HijackThis did a scan and now I have no idea how to read the log x So I guess that's where you guys come in Running processes C WINDOWS System smss exeC WINDOWS system Possible Keylogger winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Possible Keylogger Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Possible Keylogger system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Symantec Norton Ghost GhostStartService exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC Program Files Norton AntiVirus SAVScan exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS SOUNDMAN EXEC WINDOWS system igfxtray exeC WINDOWS system Possible Keylogger hkcmd exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Java jre bin jusched exeC WINDOWS system LVCOMSX EXEC Program Files Logitech Video LogiTray exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead lib NMBgMonitor exeC WINDOWS System svchost exeC Program Files iPod bin iPodService exeC Program Files Logitech Video FxSvr exeC Program Files MSN Messenger usnsvc exeC Program Files MSN Messenger msnmsgr exeC Program Files iTunes iTunes exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Trend Micro HijackThis HijackThis exeC Program Files Messenger msmsgs exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run LVCOMSX C WINDOWS system LVCOMSX EXEO - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run LogitechSoftwareUpdate quot C Program Files Logitech Video ManifestEngine exe quot bootO - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot backgroundO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead lib NMBgMonitor exe quot O - HK... Read more

A:Possible Keylogger

Hi LooseCharm, Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

http://www.bleepingcomputer.com/forums/t/113988/possible-keylogger/
Relevancy 29.67%

Hi I'm truly a newbee at this thanks to all for this site I've been trying to get rid of a keylogger for awhile now and have 'learned' just enough to be bewildered and afraid that I'll have to always be on Keylogger the look out for one in the future I have ran all of the scans that were listed as well as running my own Uniblue Spyeraser Keylogger The Spyeraser has found one on numerous occasions so I guess it's being re-installed or activated at will I appreciate any help and education that you can give me or point me to Just wanted thought to add that it has been a Blazing Tool's brand keylogger Thanks again Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system Keylogger lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Microsoft Windows OneCare Live Antivirus MsMpEng exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS eHome ehRecvr Keylogger exeC WINDOWS eHome ehSched exeC WINDOWS system lxddcoms exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC Program Files Microsoft Windows OneCare Live Firewall msfwsvc exeC Program Files Microsoft Windows OneCare Live winss exeC WINDOWS system dllhost exeC WINDOWS ehome ehtray exeC Program Files Digital Media Reader readericon G exeC WINDOWS eHome ehmsas exeC Program Files Microsoft Windows OneCare Live winssnotify exeC WINDOWS RTHDCPL EXEC Program Files Lexmark Series lxddmon exeC Program Files Lexmark Series lxddamon exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system ctfmon exeC Program Files Uniblue SpyEraser SpyEraser exeC Program Files BigFix bigfix exeC Program Files Mozilla Firefox firefox exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http google icq com search search frame phpR - HKCU Software Microsoft Internet Explorer Main Start Page http start icq com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Lexmark Toolbar - A C- F - -A D-EDD AC F - C Program Files Lexmark Toolbar toolband dllO - BHO LiveSearchClubToolbarBhoApp Class - D - FBC- d f- E C- A C DC - C Program Files Live Search Club Toolbar LiveSearchClubToolbarBho dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - Toolbar Lexmark Toolbar - A C- F - -A D-EDD AC F - C Program Files Lexmark Toolbar toolband dllO - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Live Search Club Toolbar - D AB- AF - a - C -D D E - C Program Files Live Search Club Toolbar Toolbar dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run readericon C Program Files Digital Media Reader readericon G exeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run Recguard WINDIR SMINST RECGUARD EXEO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exeO - HKLM Run MSKDetectorExe C Program Files McAfee SpamKiller MSKDetct exe uninstallO - HKLM Run lxddmon exe quot C Program Files Lexmark Series lxddmon exe quot O - HKLM Run lxddamon quot C... Read more

A:Keylogger

Hello newbb and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

http://www.bleepingcomputer.com/forums/t/119080/keylogger/
Relevancy 29.67%

Every time I run malwarebytes it finds keylogger exe I remove and restart but it still shows up I also run sometimes another file pops up like this get Keylogger.exe need rid of to in todays scan Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Policies need to get rid of Keylogger.exe Explorer ForceClassicControlPanel Hijack ControlPanelStyle - gt Quarantined and deleted successfully yesterday there was a Vundo in a spybot scan and I removed it Iam scanning with Spybot right now to see if there is anything else to be found Thanks in advance any help is appreciated Hijack log Logfile need to get rid of Keylogger.exe of Trend Micro HijackThis v Scan saved at need to get rid of Keylogger.exe on -Oct- Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system cisvc exe C Program Files ComputerAssociates NTAgent Ntagent exe C WINDOWS system crypserv exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Kaseya Agent AgentMon exe C WINDOWS LogWatNT exe C Program Files McAfee VirusScan Enterprise EngineServer exe C Program Files McAfee Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system mfevtps exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS Explorer EXE C WINDOWS system rundll exe C WINDOWS system RunDLL exe C WINDOWS system WLTRAY exe C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe C Program Files Wave Systems Corp SecureUpgrade exe C WINDOWS stsystra exe C WINDOWS system KADxMain exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell QuickSet quickset exe C PROGRAM FILES EQUANT AUTOUPDT EACUPDT EXE C Program Files Java jre bin jusched exe C Program Files DellTPad Apoint exe C Program Files Kaseya Agent KaUsrTsk exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Program Files McAfee Common Framework udaterui exe C Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exe C Program Files McAfee Common Framework McTray exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Spark Spark exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Uniblue ProcessQuickLink ProcessQuickLink exe C Program Files Gadwin Systems PrintScreen PrintScreen exe C Program Files WinSplit Revolution WinSplit exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files SigmaTel C-Major Audio WDM StacSV exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C Program Files RealVNC VNC WinVNC exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files ComputerAssociates ARCserveITDS asdscsvc exe C Program Files ComputerAssociates ARCserveITDS Liccheck exe C WINDOWS system dllhost exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files Malwarebytes Anti-Malware mbam ex... Read more

Relevancy 29.67%

Please help I recently clicked an email attachment that was titled Runme from a classmate I did and it restarted my computer and installed something keylogger! Now this classmate is hinting that they know private information of mine as is customary I have included a hijackthis log Thank you in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows system igfxsrvc exe C Windows System tp serv exe C Program Files Analog Devices Core smax pnp exe C Program Files ThinkPad ConnectUtilities ACTray exe C Program Files ThinkPad ConnectUtilities ACWLIcon exe C Program Files ThinkVantage AMSG Amsg exe C Program Files keylogger! Lenovo AwayTask AwaySch EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files Lenovo Client Security Solution cssauth exe C Program Files Lenovo Drag-to-Disc DrgToDsc exe C Program Files Java jre bin jusched exe C Program Files Lenovo NPDIRECT tpfnf sp exe C Program Files Lenovo HOTKEY TPOSDSVC exe C Windows System TpShocks exe C Program Files Common Files Lenovo Scheduler scheduler proxy exe C Program Files ThinkPad Utilities EZEJMNAP EXE C Program Files ThinkVantage PrdCtr LPMGR EXE C Windows System rundll exe C keylogger! Program Files Symantec AntiVirus VPTray exe C Program Files Adobe Adobe Acrobat Distillr AcroTray exe C Program Files Lenovo HOTKEY TPONSCR exe C Program Files iTunes iTunesHelper exe C Program Files Lenovo Zoom TpScrex exe C Program Files Windows Sidebar sidebar exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Windows ehome ehtray exe C Windows system taskeng exe C Windows ehome ehmsas exe C Program Files ThinkPad Bluetooth Software BTTray exe C Program Files Digital Line Detect DLG exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files Lenovo Client Security Solution tvtpwm tray exe C Program Files Thunderbird-Tray TBTray exe C Program Files Adobe Adobe Acrobat Acrobat Acrobat exe C Program Files Microsoft Office Office OUTLOOK EXE C Users Salina AppData Local Temp Adobelm Cleanup C Users Salina AppData Local Temp Adobelm Cleanup C Windows system taskeng exe C Program Files Windows Sidebar sidebar exe C Program Files Mozilla Thunderbird thunderbird exe C Program Files Diskeeper Corporation Diskeeper DkIcon exe C Program Files Mozilla Firefox firefox exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe C Windows System osk exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENUS SAOS FORM TOOLBR R - HKCU Software Microsoft Internet Explorer Main Search Page http g msn com SEENUS SAOS FORM TOOLBR R - HKLM Software Microsoft Internet Explorer Main Default Page URL http lenovo live com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn com SEENUS SAOS FORM TOOLBR R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO Skype add-on m... Read more

https://forums.techguy.org/threads/keylogger.646505/
Relevancy 29.67%

I have recently gotten a key logger from something Im pretty sure its a key logger but im not sure who ever it is has been able to get gone it Have keylogger need all my passwords ive recently entered then hijack the Have keylogger need it gone accounts gmail Citibank credit card minecraft ext ext change the passwords to what he wants If its not a key logger i dont know any other type of virus it may be I ran a Malbytes malware scan it picked up this program Files Detected E System Volume Information restore C- A F- Have keylogger need it gone D - A- D B DF RP A exe Packer ModifiedUPX - gt Quarantined and deleted successfully I thought that was it but no its poped back up and its the same thing because he keeps switching my gmail secondary Recovery email to his own its been the same one both times Im getting sick of this thing and really need some help on how to get rid of it I havnt logged on any financial sites and the one i did log onto and he hijacked i recovered and changed the password from a different PC Any help is greatly appreciated My DDS log also attached DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Brian at on - - Microsoft Windows Home Premium GMT - AV Norton Security Suite Enabled Updated DF - - D- - DC EFD BF SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Norton Security Suite Enabled Updated D BEB -B A- E - B -B B FW Norton Security Suite Enabled BE D -DB F- - AD - F E C FC Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Program Files x Common Files Adobe ARM armsvc exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Microsoft BingBar SeaPort EXE C Windows system dleacoms exe C Program Files x Norton Security Suite Engine ccSvcHst exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows System igfxpers exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files x Dell V -V Series dleamon exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Norton Security Suite Engine ccSvcHst exe C Program Files NVIDIA Corporation Display nvtray exe C Program Files x Dell V -V Series ezprint exe E Program Files x Steam Steam exe C Program Files x AIM aim exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system SearchIndexer exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe C Program Files x Common Files Steam SteamService exe C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Program Files x Malwarebytes Anti-Malware mbamservice exe C Program Files x NVIDIA Corporation NVIDIA Updatus daemonu exe C Program Files x Intel Intel reg Management Engine Components UNS UNS exe C Windows system wuauclt exe E Games Anarchy Online client exe C Program Files x Mozilla Firefox firefox exe C Windows system NOTEPAD EXE C Program Files x Mozilla Firefox plugin-container exe E Downloads Firefox HijackThis exe C Windows SysWOW NOTEPAD EXE C Windows system NOTEPAD EXE C Windows system DllHost exe C Windows system DllHost exe C Windows SysWOW cmd exe C Windows system conho... Read more

A:Have keylogger need it gone

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/444434/have-keylogger-need-it-gone/
Relevancy 29.67%

Hey wasn't sure if I had a key logger due to a recent event involving a password stolen Therefore I was hoping you guys could help me out Here's my log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS system acs exeC Keylogger WINDOWS Explorer EXEC WINDOWS system spoolsv exeE Program Files IVT Corporation BlueSoleil BTNtService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC WINDOWS SOUNDMAN EXEC Program Files Java jre Keylogger bin jusched exeC WINDOWS system ctfmon exeE program files steam steam exeC Program Files UnHackMe hackmon exeC Program Files MSN Messenger msnmsgr exeC Program Files Mbps Wireless LAN Adapter WLANPRO exeE Program Files IVT Corporation BlueSoleil BlueSoleil exeE Program Files Xfire xfire exeC Program Files MSN Messenger usnsvc exeC Program Files Uniblue RegistryBooster RegistryBooster exeE Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ZoneLabs vsmon exeE Program Files Zone Labs ZoneAlarm MailFrontier mantispm exeC PROGRA Mozilla Firefox firefox exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files uTorrent uTorrent exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Documents and Settings Xavier Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http ninemsn com au R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Winamp Toolbar BHO - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - E PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run ZoneAlarm Client quot E Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run SRS Audio Sandbox quot E Program Files SRS Labs Audio Sandbox SRSSSC exe quot hidemeO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Nero Lib NMBgMonitor exe quot O - HKCU Run Steam quot e program files steam steam exe quot -silentO - HKCU Run UnHackMe Monitor C Program Files UnHackMe hackmon exeO - HKCU Run Uniblue RegistryBooster C Program Files Uniblue RegistryBooster RegistryBooster exe SO - Startup Hush Messenger lnk O - Startup Xfire lnk E Program Files Xfi... Read more

A:Keylogger

Hello and welcome to BC Apologies for the delay in response. We have a large number of HijackThis logs to handle and it's taking us longer to catch up. If you haven't received help elsewhere already and still require assistance please post a fresh HijackThis log and I'll be happy to help you. Thanks for your patience.

http://www.bleepingcomputer.com/forums/t/121092/keylogger/
Relevancy 29.67%

Hello I have been hacked on wow and I want to know whats the problem with my computer I have an Authenticator to the account and still the hacker can log in and steal things I have changed account information from different computers and still it doesn t work Possible keylogger Please I need help Heres my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Possible keylogger Normal Running processes C Program Files DigitalPersona Bin DpAgent exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE Possible keylogger C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Adobe Reader Reader reader sl exe C Program Files Hewlett-Packard HP Health Check HPHC Scheduler exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files AVG AVG avgtray exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Windows system wbem unsecapp exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system taskeng exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Secunia PSI psi exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www wowhead com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale sv se amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale sv se amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO L nkhj lp till Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO ... Read more

https://forums.techguy.org/threads/possible-keylogger.866770/
Relevancy 29.67%

Hi!
I believe my computer was compromised by someone I know. My paypal and bank account have had money transferred out. I'm currently acquiring evidence to prove my case. Ive tried to install many Antivirus programs but none will install. Is there a program I can use to identify if and when a keylogger was installed on my computer? Thanks for any advice you can give.

A:Keylogger

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===I need more information about your system.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.

http://www.bleepingcomputer.com/forums/t/439001/keylogger/
Relevancy 29.67%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System have keylogger a think i smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe Z Program Files Avira AntiVir PersonalEdition Classic avguard exe C Program Files Apoint K Apoint exe C WINDOWS AGRSMMSG exe C Program Files Java jre bin think i have a keylogger jusched exe C think i have a keylogger Program Files Netropa Multimedia Keyboard MMKeybd exe C Program Files Google Google Talk googletalk exe C Program Files Netropa Multimedia Keyboard TrayMon exe C Program Files Netropa Onscreen Display OSD exe C Program Files Apoint K Apntex exe C WINDOWS system mdm exe C WINDOWS system ctfmon exe Z Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files Google Google Desktop Search GoogleDesktop exe Z Program Files WinRoll winroll exe Z Program Files Strokeit strokeit exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Google Google Desktop Search GoogleDesktop exe Z Program Files DAEMON Tools daemon exe Z Program Files Spybot - Search amp Destroy TeaTimer exe Z Program Files AIM aim exe Z Program Files Logitech SetPoint KEM exe Z Program Files Logitech SetPoint KHALMNPR EXE C Program Files Netropa Multimedia Keyboard nhksrv exe Z Program Files Avira AntiVir PersonalEdition Classic sched exe C WINDOWS System svchost exe Z Program Files NetLimiter Pro nlsvc exe C WINDOWS System nvsvc exe C Program Files Analog Devices SoundMAX SMAgent exe Z Program Files NetLimiter Pro NLClient exe C WINDOWS system taskmgr exe C Program Files MSN Messenger usnsvc exe Z Program Files Ventrilo Ventrilo exe C Program Files Zune Zune exe C WINDOWS explorer exe C Program Files uTorrent uTorrent exe Z Program Files Xilisoft Zune Video Converter videoenc exe C Program Files Common Files Real Update OB realsched exe Z Program Files Xilisoft Zune Video Converter avc exe Z Program Files Mozilla Firefox firefox exe Z Program Files Spybot - Search amp Destroy SpybotSD exe C WINDOWS PCHealth HelpCtr Binaries MSConfig exe E HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http google daemonsearch com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf laptop O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - Z Program Files FlashGet jccatch dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - Z Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - Z Program Files FlashGet getflash dll O - HKLM Run Apoint C Program Files Apoint K Apoint exe O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run Cpqset C Program Files HPQ Default Settings cpqset exe O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run MULTIMEDIA KEYBOARD C Program Files Netropa Multimedia Keyboard MMKeybd exe O - HKLM Run Zune Launcher quot C Program Files Zune ZuneLauncher exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run googletalk C Program Files Google Google Talk googletalk exe autostart O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - H... Read more

https://forums.techguy.org/threads/think-i-have-a-keylogger.649142/
Relevancy 29.67%

[attachment=117671:gmr2.zip][attachment=117670:gmer.zip][attachment=117669:Attach.zip]
I hope i did this right

A:Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/439551/keylogger/
Relevancy 29.67%

here is my hijack log i hope think help have a me i please i keylogger i did this correct someone changed my passwrd to WoW abd deleted all my stuff please take a look at this and see if u can see anything out of the ordinary Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS stsystra exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Java jre bin jusched exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe C Program Files Ventrilo Ventrilo exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe c program files winamp toolbar WinampTbServer exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings aarons Desktop HijackThis exe R - HKCU please help me i think i have a keylogger Software Microsoft Internet Explorer Main Start Page http my alot com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http search alot com sidebar pr a tb version amp q amp url http my alot com obfuscated R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn com SEENUS SAOS FORM TOOLBR O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Winamp Toolbar BHO - CEE EC- - bc- B - please help me i think i have a keylogger DDC AB C - C Program Files Winamp Toolbar winamptb dll O - BHO ALOT Toolbar - AA BA - - dc - - AB FA AE - C Program Files alot bin alot dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF please help me i think i have a keylogger D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dll O - Toolbar ALOT Toolbar - AA BA - - dc - - AB FA AE - C Program Files alot bin alot dll O - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run UfSeAgnt exe quot C Program Files Trend Micro Internet Security UfSeAgnt exe... Read more

Relevancy 29.67%

I got hacked on World of Warcraft some days ago just got the account back and I m pretty sure I still have the keylogger on my comp I run on windows xp bit if this can help at all Also I ran multiple scan with various antivirus such as Antimalwarebytes Ad-Aware AVG free have I keylogger might think a I Avast and Spybot - Search and Destroy Here s my HJT log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Program Files x Lavasoft Ad-Aware AAWService exe I think I might have a keylogger C PROGRA AVG AVG avgwdsvc exe C Program Files I think I might have a keylogger x Java jre bin jqs exe C WINDOWS SysWOW PnkBstrA exe C WINDOWS SysWOW PnkBstrB exe C Program Files x CyberLink Shared Files RichVideo exe C I think I might have a keylogger PROGRA AVG AVG avgemc exe C Program Files x AVG AVG avgcsrvx exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files x Lavasoft Ad-Aware AAWTray exe C WINDOWS RTHDCPL EXE C Documents and Settings Administrator Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe C WINDOWS SysWOW ctfmon exe C Program Files x Belkin Nostromo nost LM exe C Program Files ASUS Ai Suite AiNap AiNap exe C Program Files ASUS Ai Suite AiGear CpuPowerMonitor exe C Program Files x CyberLink PowerDVD PDVDServ exe C PROGRA ALWILS Avast ashDisp exe C Program Files x Java jre bin jusched exe C WINDOWS system RUNDLL EXE C PROGRA AVG AVG avgtray exe C Program Files x Pidgin pidgin exe C Program Files x Mozilla Firefox firefox exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http fr msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files x Java jre lib deploy jqs ie jqs plugin dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files x AVG AVG Toolbar IEToolbar dll O - HKLM Run Ai Nap quot C Program Files ASUS Ai Suite AiNap AiNap exe quot O - HKLM Run CPU Power Monitor quot C Program Files ASUS Ai Suite AiGear CpuPowerMonitor exe quot O - HKLM Run Cpu Level Up help C Program Files ASUS Ai Suite CpuLevelUpHelp exe O - HKLM Run RemoteControl quot C Program Files x CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LanguageShortcut quot C Program Files x CyberLink PowerDVD Language Language exe quot O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run NiwradSoft Welcome C WINDOWS NiwradSoft Shell Pack Tools NS Welcome exe O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run xml RUNDLL EXE C WINDOWS system xml inc dll i O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Malwarebytes An... Read more

https://forums.techguy.org/threads/i-think-i-might-have-a-keylogger.865699/
Relevancy 29.67%

I had a recent problem with a keylogger on my system I can't tell if its gone Here is the log Keylogger? Logfile of Keylogger? Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system spoolsv exeC Program Files Apache Software Foundation Apache bin httpd exeC Program Files CVSNT cvslock exeC Program Files CVSNT cvsservice exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS System svchost exeC WINDOWS system inetsrv inetinfo exeC Program Files Apache Software Foundation Apache bin httpd exeC Program Files Kaseya Agent AgentMon exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files MySQL MySQL Server bin mysqld-nt exeC Program Files CyberLink Shared files RichVideo exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system slClient exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS System vssvc exeC WINDOWS system slagent exeC WINDOWS Explorer EXEC Program Files Analog Devices Core smax pnp exeC Program Files Java jre bin jusched exeC Program Files Nitro PDF Professional NitroPDFPrinterMonitor exeC Program Files Microsoft Office OFFICE OUTLOOK EXEC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Kaseya Agent KaUsrTsk exeC WINDOWS system ctfmon exeC Program Files CCleaner ccleaner exeC Program Files Adobe Acrobat Distillr acrotray exeC Program Files RDS PLTBar exeC Program Files Google Google Updater GoogleUpdater exeC Program Files Apache Software Foundation Apache bin ApacheMonitor exeC Program Files Symantec AntiVirus DoScan exeC Program Files RDS RMClient PMCTray exeC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - no file O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar no name - DE C F- - A - B-AA ED D - no file O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run LogMeIn GUI quot C Program Files LogMeIn x LogMeInSystray exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run JobHisInit C Program Files RDS RMClient JobHisInit exeO - HKLM Run M... Read more

A:Keylogger?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/128847/keylogger/
Relevancy 29.67%

Well I just started getting d/ced from WoW about 10-15 seconds after logging in. Tried changing my password and it still happens. It is not my internet connection so I downloaded and ran Hijack this. Any help would be appreciated.
 

A:I think I have a keylogger

I'll just post it, please any help would be appreciated

Logfile of HijackThis v1.99.1
Scan saved at 11:14:55 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\COMMON~1\AOL\119403~1\EE\AOLHOS~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194031511\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -... Read more

https://forums.techguy.org/threads/i-think-i-have-a-keylogger.658102/
Relevancy 29.67%

Hello I recently installed KL-Detector from dewasoft com privacy kldetector htm I ran and it says KL-Detector has found a suspicious file C Windows System config SOFTWARE Here is my HiJack Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer Keylogger EXE C Windows System hkcmd exe C Windows System igfxpers exe C hp support hpsysdrv exe C Windows RtHDVCpl exe C Program Files HP HP Software Update hpwuSchd exe C Windows ehome ehtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Common Files Symantec Shared ccSvcHst exe C Windows system igfxsrvc exe C Windows ehome ehmsas exe C hp kbd kbd exe C Windows system taskeng exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C Users Derrick Documents HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www runescape com Keylogger R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Symantec Intrusion Prevention - D EC - AAE- Keylogger -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run hpsysdrv c hp support hpsysdrv exe O - HKLM Run KBD C HP KBD KbdStub EXE O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run Adobe Reader Speed Launcher C Program Files Adobe Reader Reader Reader sl exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM RunOnce Launcher WINDIR SMINST launcher exe O - HKCU Run Weather C Program Files AWS WeatherBug Weather exe O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU RunOnce ypagerps cmd exe C del quot C Program Files Yahoo Messenger ypagerps dll quot O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User LOCAL SERVICE O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User NETWORK SERVICE O - Global Startup Microsoft Office ... Read more

Relevancy 29.67%

well Possible keylogger today Possible keylogger i got on WoW and and i couldnt get n my account So i jumped on my other account And i ll be damn someone was on it they sold my stuff to damn same but neway I think he either got a keylogger on me or just figured out my password but for just incase reasons i would like to see so heres my hijackthis and my combofix Ok here s my problem I was playin WoW and my account password was changed I got it back but I think i have keylogger Possible keylogger I ran my scanners and they found nothing If u guys kno anything on keyloggers and there removal could you pls helpa guy out Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files McAfee Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe C WINDOWS system mqsvc exe C Program Files Hewlett-Packard Shared hpqwmiex exe C WINDOWS system mqtgsvc exe C WINDOWS system dllhost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files Java jre bin jusched exe C WINDOWS system wuauclt exe C WINDOWS eHome ehmsas exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files HP QuickPlay QPService exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files D-Tools daemon exe C Program Files McAfee Common Framework UdaterUI exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files McAfee Common Framework McTray exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Hewlett-Packard HP Pavilion Webcam HPWebcam exe c program files common files installshield updateservice isuspm exe C Program Files Common Files InstallShield UpdateService agent exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger usnsvc exe C Program Files internet explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd pavilion amp pf laptop R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Install... Read more

https://forums.techguy.org/threads/possible-keylogger.628692/
Relevancy 29.67%

Hi there I think I downloaded a keylogger because all of my passwords where changed also I have been trying non stop to get rid of cant also keylogger, Possible ask.com get rid of ask com becasue it comes up as my home page and new tag I have trie everything to get rid of it but I cant help needed desperatly Not to mention my laptop has been very slow Possible keylogger, also cant get rid of ask.com recently and there is nothing out of the ordinary on my task manager Also my computer blue screans quite often when I try to shutdown Thanks DDS LOG -------- -------- --------- --------- ------ ------ DDS Ver - - - NTFS AMD Internet Explorer Run by vaio at on - - Microsoft Windows Home Premium GMT AV Kaspersky Internet Security Enabled Updated C FBF- BCB- -D D- EDFEC E AV AVG Internet Security Enabled Updated E C - B - FA - AB - E CB ECD SP Kaspersky Internet Security Enabled Updated DE B- DF - BEF-ED D- AD D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP AVG Internet Security Enabled Updated B F C - - E- - BB D A FW AVG Internet Security Enabled AFA E - CDC- EF - EE-C C ABA FW Kaspersky Internet Security Enabled FB ABE A- A - -FCD -C EA D E Running Processes C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bluetooth Suite Ath CoexAgent exe C Program Files x Bluetooth Suite adminservice exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgidsagent exe C Program Files x AVG AVG avgwdsvc exe C Windows system taskhost exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files x Microsoft BingBar SeaPort EXE C Program Files Bonjour mDNSResponder exe C Program Files x Realtek Realtek PCIE Card Reader RIconMan exe C Windows system lxcecoms exe C Program Files x Malwarebytes' Anti-Malware mbamscheduler exe C Program Files x Malwarebytes' Anti-Malware mbamservice exe C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Program Files CONEXANT cAudioFilterAgent cAudioFilterAgent exe C Program Files Apoint Apoint exe C Program Files Microsoft Mouse and Keyboard Center itype exe C Program Files Microsoft Mouse and Keyboard Center ipoint exe C Windows System igfxtray exe C Windows System hkcmd exe C ProgramData Skype Toolbars Skype C C Service c c service exe C Windows System igfxpers exe C Program Files Windows Sidebar sidebar exe C Program Files x ContourStoryteller ContourAutoplay exe C Program Files x Clarus Samsung Drive Manager ABRTMon exe C Program Files Microsoft Office Office ONENOTEM EXE C Windows system svchost exe -k imgsvc C Program Files x AVG AVG avgnsa exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x AVG AVG avgemca exe C Program Files x Sony ISB Utility ISBMgr exe C Program Files x Clarus Samsung Drive Manager SZDrvSvc exe C Program Files x AVG AVG avgui exe C Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files x Common Files Research In Motion USB Drivers RIMBBLaunchAgent exe C Program Files x Sony VAIO Event Service VESMgr exe C Program Files Sony VCM Intelligent Analyzing Manager VcmIAlzMgr exe C Program Files Sony VCM Intelligent Network Service Manager VcmINSMgr exe C Program Files x Sony VAIO Event Service VESMgrSub exe C Program Files x Common Files AVG Secure ... Read more

A:Possible keylogger, also cant get rid of ask.com

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Kaspersky or AVG.   Scan with Malwarebytes Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'.Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

http://www.bleepingcomputer.com/forums/t/501481/possible-keylogger-also-cant-get-rid-of-askcom/
Relevancy 29.67%

I was on AOL late last evening and someone sent me an IQ test that I ve never heard of Obviously I did not click the link just closed out the box Well this morning I wake up and find out Keylogger? I ve sent the same link to numerous people including myself because I have myself on there I ran Spybot AVG and Housecall Trendmicro that found nothing Any suggestions Here s my HJT log Logfile of Trend Micro Keylogger? HijackThis v Scan saved at AM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes I Windows system taskeng exe I Windows system Dwm exe I Windows Explorer EXE I Program Files Logitech GamePanel Software LCD Manager LCDMon exe I Program Files Logitech GamePanel Software G-series Software LGDCore exe I Windows System rundll exe I Program Files Windows Sidebar sidebar exe I Windows ehome ehtray exe I Windows ehome ehmsas exe I Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe I Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exe I Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe I Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exe I Program Files Windows Sidebar sidebar exe I Program Files AVG AVG avgtray exe F Gaming Teamspeak Keylogger? Server server windows exe I Program Files Windows NT Accessories wordpad exe I Windows system wuauclt exe I Program Files Windows Media Player wmplayer exe F Gaming Teamspeak RC TeamSpeak exe I Program Files Windows NT Accessories wordpad exe I Windows System mobsync exe I Program Files Windows NT Accessories wordpad exe C Program Files Mozilla Firefox firefox exe C Program Files Spybot - Search amp Destroy SpybotSD exe I Program Files Lavasoft Ad-Aware Ad-Aware exe I Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http forums slickdeals net forumdisplay amp f R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AIM Toolbar Search Class - f - dc - -bc - e fefafe - I Program Files AIM Toolbar aimtb dll O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - I Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - I Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO TBSB - ED D-FD - -B CA- E E - I Program Files IEToolbar ChaCha Guide Universe Toolbar tbu Universe dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - I Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - I PROGRA SPYBOT SDHelper dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - I Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - I Program Files Google GoogleToolbarNotifier swg dll O - BHO AIM Toolbar Loader - b cda -b - eef-a - a ac dbf - I Program Files AIM Toolbar aimtb dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C... Read more

https://forums.techguy.org/threads/keylogger.871821/
Relevancy 29.67%

hi im having trouble with a key logger called keylog-ardamax.dll mcafee has blocked but is still making my pc go very slow and may not have blocked it and also i have looked for it in all my files and it says that it can not be removed plz post soon i need help urgently
 

A:keylogger

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

https://forums.techguy.org/threads/keylogger.596487/
Relevancy 29.67%

Hi, this is my first time here and I'm hoping to get some answers. First off this is how i think i got a keylogger or other malicious software. I went into some urban 75 useless java site and a pop up came. Knowing it might be dangerous i immediately clicked back. Im pretty paranoid when it comes to my computer. I think i might be holding a virus or keylogger. Not too sure. I have done a SpySweep check on Safe Mode. Thank you.
 

A:I think i have a keylogger

Hi, I'm not sure if my computer has any sort or viruses or malicious software but when everything seems to be a little bit slower and when I am typing it lags a little bit inbetween words. Do I have a keylogger of some sort?
 

https://forums.techguy.org/threads/i-think-i-have-a-keylogger.599821/
Relevancy 29.67%

Recently i have received an email looking like this:


As silly as it sounds i did click "open content" because it was from someone i know over the internet, i "trusted" them, but obviously it was the wrong thing to do.

They seem to have obtained my passwords for different accounts etc.

I wasnt sure that you could get keyloggers by methods like that, but it wouldnt surprise me nowdays.

Does anyone have any advice as to how to get rid of it?

Thanks.
 

A:Keylogger?

Cant anyone help me out?
 

https://forums.techguy.org/threads/keylogger.602266/
Relevancy 29.67%

i think i have a keylogger on my computer anyway heres the hijack log anything rubbish there tell me to remove it please R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided by blueyonder R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO DAPHelper Class - CC -ACF - cac-A A -DD E - F Program Files DAP DAPBHO dll O - BHO McBrwHelper Class - B AA -DAF - -BD D- F BCB E - f PROGRA mcafee com mps mcbrhlpr dll O - BHO McAfee PopupKiller - EC F-E - cae- B B-B C A - f program files mcafee com mps popupkiller dll O - BHO McAfee AntiPhishing Filter - D ED - CFF- - A - EBB AF - f program files mcafee spamkiller mcapfbho dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - f program files google googletoolbar dll O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - f progra mcafee com vso Keylogger mcvsshl dll O - Toolbar DAP Bar - - FC- baf- C C-BCE BD F - F Program Files DAP DAPIEBar dll O - Toolbar amp Google - C B - - d - B - A CD F - Keylogger f program files google googletoolbar dll O - HKLM Run MCUpdateExe F PROGRA mcafee com agent McUpdate exe O - HKLM Run TkBellExe quot F Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run MCAgentExe f PROGRA mcafee com agent mcagent exe O - HKLM Run NeroFilterCheck F WINDOWS system NeroCheck exe O - HKLM Run VSOCheckTask quot F PROGRA McAfee com VSO mcmnhdlr Keylogger exe quot checktask O - HKLM Run VirusScan Online F Program Files McAfee com VSO mcvsshld exe O - HKLM Run OASClnt F Program Files McAfee com VSO oasclnt exe O - HKLM Run MPFExe F PROGRA McAfee com PERSON MpfTray exe O - HKLM Run MPSExe f PROGRA mcafee com mps mscifapp exe embedding O - HKLM Run MSKAgentExe F PROGRA McAfee SPAMKI MskAgent exe O - HKLM Run CameraFixer C WINDOWS CameraFixer exe O - HKLM Run tsnpstd F WINDOWS tsnpstd exe O - HKLM Run snpstd F windows vsnpstd exe O - HKLM Run Sony Ericsson PC Suite quot F Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe quot startoptions O - HKLM Run AtiPTA atiptaxx exe O - HKLM Run ATICCC quot F Program Files ATI Technologies ATI ACE cli exe quot runtime -Delay O - HKLM Run QuickTime Task quot F Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot F Program Files iTunes iTunesHelper exe quot O - HKLM Run NSLauncher F Program Files Nokia Nokia Software Launcher NSLauncher exe startup O - HKCU Run CTFMON EXE F windows system ctfmon exe O - HKCU Run McAfee QuickClean Imonitor F Program Files McAfee McAfee QuickClean Plguni exe START O - HKCU Run Window Washer C Program Files Webroot Washer wwDisp exe O - HKCU Run MSKAGENTEXE f PROGRA mcafee SPAMKI mskagent exe O - HKCU Run STYLEXP F Program Files TGTSoft StyleXP StyleXP exe -Hide O - HKCU Run NBJ quot F Program Files Ahead Nero BackItUp NBJ exe quot O - HKCU Run DAEMON Tools quot F Program Files DAEMON Tools daemon exe quot -lang O - HKCU Run PcSync F Program Files Nokia Nokia PC Suite PcSync exe NoDialog O - HKCU Run Steam quot F Program Files steam Steam exe quot -silent O - Startup UMScheduler lnk F Nokia Update Manager bin UMScheduler exe O - Startup Adobe Gamma lnk F Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup HP Digital Imaging Monitor lnk F Program Files HP Digital Imaging bin hpqtra exe O - Global Startup HP Image Zone Fast Start lnk F Program Files HP Digital Imaging bin hpqthb exe O - Extra context menu item amp AOL Toolbar search -... Read more

A:Keylogger

Nice try, but the same answer still applies. We can't help with an illegal installation of Windows.

Closing thread just like the last one: http://forums.techguy.org/windows-nt-2000-xp/605399-computer-really-messed-up.html
 

https://forums.techguy.org/threads/keylogger.605430/
Relevancy 29.67%

Hi Boopme Please see results below as requested MiniToolBox by Farbar Version - - Ran by Administrator administrator on - - at Running from C Documents and Settings Administrator Desktop Microsoft Windows XP Service Pack X Boot Mode Normal Flush DNS Windows IP Configuration Successfully flushed the DNS Resolver Cache IE Proxy Settings Proxy is not enabled No Proxy Server is set Reset IE Proxy Settings Keylogger IE Proxy Settings were reset FF Proxy Settings Reset FF Proxy Settings Firefox Proxy settings were reset Hosts content localhost IP Configuration Net Adapter Connection Connected Intel reg PRO Wireless ABG Network Connection Wireless Network Connection Connected Broadcom x Integrated Keylogger Controller Local Area Connection Media disconnected ---------------------------------- Interface IP Configuration ---------------------------------- pushd interface ip Interface IP Configuration for Local Area Connection set address name Local Area Connection source dhcp set dns name Local Area Connection source dhcp Keylogger register PRIMARY set wins name Local Area Connection source dhcp Interface IP Configuration for Wireless Network Connection set address name Wireless Network Connection source dhcp set dns name Wireless Network Connection source dhcp register PRIMARY set wins name Wireless Network Connection source dhcp popd End of interface IP configuration Windows IP Configuration Host Name me Primary Dns Suffix Node Type Unknown IP Routing Enabled No WINS Proxy Enabled No Ethernet adapter Local Area Connection Media State Media disconnected Description Broadcom x Integrated Controller Physical Address - C- -AB-B -EB Ethernet adapter Wireless Network Connection Connection-specific DNS Suffix Description Intel reg PRO Wireless ABG Network Connection Physical Address - C-BF- - - E Dhcp Enabled Yes Autoconfiguration Enabled Yes IP Address Subnet Mask Default Gateway Keylogger DHCP Server DNS Servers Lease Obtained Wednesday March a m Lease Expires Thursday March a m Server dslrouter Address Name google com Addresses Pinging google com with bytes of data Reply from bytes time ms TTL Reply from bytes time ms TTL Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Server dslrouter Address Name yahoo com Addresses Pinging yahoo com with bytes of data Reply from bytes time ms TTL Request timed out Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Pinging with bytes of data Reply from bytes time lt ms TTL Reply from bytes time lt ms TTL Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Interface List x MS TCP Loopback interface x c ab b eb Broadcom x Integrated Controller - Packet Scheduler Miniport x c bf e Intel reg PRO Wireless ABG Network Connection - Packet Scheduler Miniport Active Routes Network Destination Netmask Gateway Interface Metric Default Gateway Persistent Routes None Winsock entries Catalog C Windows System mswsock dll Microsoft Corporation Catalog C Windows System winrnr dll Microsoft Corporation Catalog C Windows System mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system rsvpsp dll Microsoft Corporation Catalog C Windows system rsvpsp dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswsock dll Microsoft Corporation Catalog C Windows system mswso... Read more

A:Keylogger

and ESET
 
 
C:\Documents and Settings\Administrator\My Documents\Downloads\Keylogger.zip Win32/KeyLogger.Gratis.A application deleted - quarantined
C:\RECYCLER\S-1-5-21-602162358-1677128483-1801674531-500\Dc13.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-602162358-1677128483-1801674531-500\Dc24.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined

http://www.bleepingcomputer.com/forums/t/489107/keylogger/
Relevancy 29.67%

I've been hacked on a game recently and I'm sure it's due to a keylogger. Also, my computer has been running a bit slower than usual. I've run an AVG scan but it didn't seem to find much. Thanks for any help!

A:I believe I have a keylogger

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleanerby Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please post the logs for my review. Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/490048/i-believe-i-have-a-keylogger/
Relevancy 29.67%

Ok I play a game called tibia and today someone gained access to my account and changed my Keylogger password among other things I am pretty sure they did this through a keylogger called tibiaownage exe I found Keylogger this thread http forums techguy org malware-removal-hijackthis-logs -ggf-exe-trojan-ruining-my html which talks about the tibiaownage process and how to get rid of it To disable it I disabled it under quot services quot and also deleted the files with tibiaownage in their name is that all I need to do or can I do more Keylogger to delete it it still lists tibiaownage under services but it is disabled Please help Here is my hijack this log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS SOUNDMAN EXE C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C WINDOWS system wuauclt exe C PROGRA Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - HKLM System CCS Services Tcpip -F BB- - B -B C EFD A NameServer O - HKLM System CS Services Tcpip -F BB- - B -B C EFD A NameServer O - Service Ad-Aware Service aawservice - Lavasoft AB - C Program Files Lavasoft Ad-Aware aawservice exe O - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS system Ati evxx exe O - Service ATI Smart - Unknown owner - C WINDOWS system ati sgag exe O - Service Id String F B CC BB B Bonjour Service - Apple Computer Inc - C Program Files Bonjour mDNSResponder exe O - Service FLEXnet Licensing S... Read more

A:Keylogger

can someone just confirm that my hijack this file is clean please?
 

https://forums.techguy.org/threads/keylogger.606154/
Relevancy 29.67%

Hello everyone I really hope I can get some help here I'll start off with Really Help! Need Keylogger, Possible some background here About a year Possible Keylogger, Really Need Help! ago I had someone start stealing my e-mail accounts which was a hotmail one along with various forum and website logins and passwords too I went through hell to get everything redone and I got a new address I thought was more secure Up until about a week ago everything was fine until I found out that my yahoo account had been stolen as well as forum passwords and sites like myspace etc I believe it is most likely the same person based on some actions they took Anyways I have done everything I can and for a couple days I thought I had gotten rid of the guy until I realized another site had been compromised So I then tried to find an anti-keylogger program because I am pretty certain that something of this nature is installed on my computer allowing him to get my passwords etc So I installed one and it froze my computer bringing me to a blue screen that said windows was shut down because of a hardware or software problem So I restarted and I got the same screen I went in in safe mode and uninstalled it and I restarted fine I went and looked for a better one since I thought the one I installed might have been crappy and I found one called Advanced Anti-Keylogger I downloaded it and it looked a lot better So I installed and it told me I had to restart to finish the installation I did so and then I was given an error that quot memory could not be read quot having to do with explorer exe and it made my icons and taskbar disappear I restarted and got the same thing however when I unistall it in safe mode I can restart fine I think the person messing with my computer has something preventing me from installing a program that would detect his I really have no idea how to fix this situation I have scanned with Ad-Aware SE Panda Antivirus Spy Bot Search and Destory and I already have the free version of Zone Alarm I deleted everything I have found but nothing seemed to actually be relevant to keylogging I did a scan with HiJack This and I am providing the log but I didn't notice anything out of the ordinary Even so ANY help would be appreciated I would love to know of some programs that could prevent the keyloggers from being installed or where to look on my comp for them Thank you and I hope I get help in time before he takes anymore accounts Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS system ZoneLabs vsmon exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS System GEARSec exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC Program Files Panda Software Panda Antivirus PsCtrls exeC Program Files Panda Software Panda Antivirus pavsrv exeC WINDOWS system PnkBstrA exeC Program Files Panda Software Panda Antivirus PsImSvc exeC Program Files Panda Software Panda Antivirus AVENGINE EXEC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS Explorer EXEC Program Files Dell Media Experience DMXLauncher exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS System DLA DLACTRLW EXEC Program Files Microsoft IntelliType Pro type exeC Program Files Microsoft IntelliPoint point exeC WINDOWS system LVCOMSX E... Read more

A:Possible Keylogger, Really Need Help!

Hello Kiva and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

http://www.bleepingcomputer.com/forums/t/100741/possible-keylogger-really-need-help/
Relevancy 29.67%

Hi Recently my World of Warcraft account got hacked I followed the steps Do have keylogger? still a I in this thread to clean my computer from a possible keylogger http forums wow-europe com thread html topicId amp sid amp pageNo No one of the used cleaners found anything Do I still have a keylogger? suspicious only Ad-Aware removed some cookies I ll post the log from MBAM MalwareBytes Anti-Malware too sorry for the Danish version Do I still have a keylogger Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS Do I still have a keylogger? System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Programmer Windows Defender MsMpEng exe C WINDOWS System svchost exe C Programmer Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Programmer Avira AntiVir Desktop sched exe C WINDOWS Explorer EXE C Programmer Google Update GoogleCrashHandler exe C WINDOWS system RUNDLL EXE C WINDOWS system oodtray exe C Programmer Lavasoft Ad-Aware AAWTray exe C Programmer Windows Defender MSASCui exe C Programmer Microsoft Office Office GrooveMonitor exe C Programmer Avira AntiVir Desktop avgnt exe C WINDOWS system ctfmon exe C Programmer Windows Live Messenger msnmsgr exe C Programmer Skype Phone Skype exe C Programmer Avira AntiVir Desktop avguard exe C Programmer Canon IJPLM IJPLMSVC EXE C Programmer Java jre bin jqs exe C WINDOWS System nvsvc exe C WINDOWS system oodag exe C WINDOWS system PnkBstrA exe C WINDOWS System svchost exe C Programmer F lles filer Microsoft Shared Windows Live WLIDSVC EXE C Programmer F lles filer Microsoft Shared Windows Live WLIDSvcM exe C Programmer Skype Plugin Manager skypePM exe C Programmer Mozilla Firefox firefox exe C Programmer Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http dk msn com R - HKCU Software Microsoft Internet Explorer Main Start Page http dk msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Programmer Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Programmer Microsoft Office Office GrooveShellExtensions dll O - BHO Hj lp til tilmelding til Windows Live ID - D - C - ABF- ECC- C - C Programmer F lles filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Programmer Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Programmer Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Programmer Java jre lib deploy jqs ie jqs plugin dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Programmer DAEMON Tools Toolbar DTToolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInit O - HKLM Run OODefragTray C WINDOWS system oodtray exe O - HKLM Run Ad-Watch C Programmer Lavasoft Ad-Aware AAWTray exe O - HKLM Run Windows Defender quot C Programmer Windo... Read more

A:Do I still have a keylogger?

Bring Up My Post please !
 

https://forums.techguy.org/threads/do-i-still-have-a-keylogger.870638/
Relevancy 29.67%

Recently my email and website passwords have been changing all of the sudden not by me ofcourse Just yesterday I was watching a youtube video and my mouse started moving around in circles and it WAS NOT ME I am certain that I have a RAT or something that gives control of my computer Please help me find what it is and remove it Thanks Here is my DDS log DDS I a think keylogger/RAT I have Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by James at on - - Microsoft Windows Home Premium GMT - AV AVG Internet Security Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Internet Security Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW AVG Firewall Enabled CC - -F -D - E EA B Running Processes C PROGRA AVG AVG avgchsva exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C I think I have a keylogger/RAT Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Common Files logishrd LVMVFM UMVPFSrv exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Windows SysWOW svchost exe -k Akamai C Program Files Alienware Command Center AlienFusionService exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Autodesk ds Max mentalimages satellite raysat dsmax server exe c Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Program Files x AVG AVG avgam exe C Program Files x AVG AVG avgnsa exe C Program Files x AVG AVG avgemca exe C Windows system conhost exe C Program Files x Common Files Nero Nero BackItUp NBService exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files x TeamViewer Version TeamViewer Service exe C Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system atieclxx exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe C Windows system SearchIndexer exe C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Realtek Audio HDA RAVCpl exe C Program Files Alienware Command Center AlienwareAlienFXController exe C Program Files Alienware Command Center ThermalController exe C Windows System rundll exe C Program Files x Windows Live Messenger msnmsgr exe C Windows system wbem wmiprvse exe C Users James AppData Local Akamai netsession win exe C Users James AppData Local Akamai netsession win exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x AVG AVG avgtray exe C Program Files x AVG Secure Search vprot exe C Program Files x iTunes iTunesHelper exe C Program Files x NETGEAR WN v WN v exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Windows system wuauclt exe C Program Files x Logitech LWS Webcam Software CameraHelperShell exe C Program Files iPod bin iPodService exe C Program Files x AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files x Common Files Logishrd LQCVFX COCIManager exe C Program ... Read more

A:I think I have a keylogger/RAT

Greetings jp09 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button but use the button instead.
In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.Now let's get started ===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.

http://www.bleepingcomputer.com/forums/t/472074/i-think-i-have-a-keyloggerrat/
Relevancy 29.67%

I recently has someone try to open banking accounts, Verizon accounts and request credit cards in my name. Their information was accurate and the only source I can understand would be for a keylogger to have been installed on my computer.

I am running Windows 7 Ultimate SP1, Microsoft Security Essentials, Windows firewall. I did a scan of my computer using Malwarebytes and MS Security Essentials and the results were clean with no quarantined items.

As a belt and suspender measure I found out about ComboFix and ran the program. The enlosed log is much, much longer than the log in the user manual and I do not know how to interpret the results.

I realize this is a free service and that is much appreciated. Please contact me if you have any questions about the .log file.
 20120914 MAP ComboFix.txt   26.08KB
  5 downloads

A:KeyLogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/468578 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.comDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly... Read more

http://www.bleepingcomputer.com/forums/t/468578/keylogger/
Relevancy 29.67%

hi guys, i logged intoday to find adaware had blocked world of warcraft due to there beeing a keylogger in the software. i ran all the stuff, avg, spybot, ccleaner and adaware (which picked it up on 2 runs), would you guys take a look at the hijack this log to see if it is clear as i also do online banking with this pc.thanks

A:Is the keylogger still there

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/306158/is-the-keylogger-still-there/
Relevancy 29.67%

Hi I believe I have a possible Keylogger in my system There are a few reasons why I think so The person that KeyLogger Possible I think installed the KeyLogger was really into what I was doing Was always looking over my shoulder and was always writing people messages who he didn t think I should Possible KeyLogger be talking to He would spy on the websites that I viewed than randomly out-of-nowhere tell me things about Possible KeyLogger it when we clearly never spoke of the website prior Also I noticed yesterday I went to log on to one of my accounts on a website and the password was changed It never was changed before - ever I will wait even more patiently for someone to help me remove this KeyLogger he installed I appreciate it Thanks in advance Programs I ve tried thus far SpyBot Search amp Destroy Malwarebytes Avast Avira Norton Super Anti-Spyware Avira picked up on something about not being able to go inside the folder due to it being password protected I searched on line and other people were having similar problems Vamred

A:Possible KeyLogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458028 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just... Read more

http://www.bleepingcomputer.com/forums/t/458028/possible-keylogger/
Relevancy 29.67%

I'm another one of those people from the World of Warcraft community I was on their forums and clicked on a link that I shouldn't have I searched my computer using several different virus protection removal programs which I'll list further down and they didn't bring up anything serious I logged into my account and had my Keylogger password changed shortly after by someone else who then Keylogger partially looted me before I changed the password back I tried to find the keylogger using StingerAd-aware SESpybot Search amp DestroyPanda TotalscanKLdetector AVG free scanHijackthis log ogfile of HijackThis v Scan saved at PM on Platform Windows XP SP Keylogger WinNT MSIE Internet Explorer v SP Running processes C Keylogger WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Panda Software Panda Antivirus pavsrv exeC Program Files Panda Software Panda Antivirus AVENGINE EXEC WINDOWS System svchost exeC Program Files Stardock Object Desktop ThemeManager wbload exeC WINDOWS system spoolsv exeC WINDOWS SYSTEM Ati evxx exeC WINDOWS Explorer EXEC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEC Program Files Intel Intel reg Active Monitor imontray exeC WINDOWS Logi MwX ExeC PROGRA WinFax WFXSWTCH exeC WINDOWS system wfxsnt exeC Program Files Logitech Video LogiTray exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC WINDOWS System CTsvcCDA exeC Program Files Logitech G-series Software LGDCore exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Logitech G-series Software LCDMon exeC WINDOWS CTHELPER EXEC Program Files Analog Devices SoundMAX SMax PNP exeC WINDOWS system ctfmon exeC Program Files Logitech G-series Software Applets LCDPop LCDPOP exeC Program Files Logitech G-series Software Applets LCDClock exeC Program Files Logitech G-series Software Applets LCDMedia exeC Program Files Panda Software Panda Antivirus PsImSvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exeC Program Files Kodak KODAK Software Updater Program Kodak Software Updater exeC WINDOWS system WFXSVC EXEC WINDOWS system LVComsX exeC Program Files WinFax WFXMOD EXEC WINDOWS System MsPMSPSv exeC Program Files Logitech SetPoint KEM exeC Program Files Intel Intel reg Active Monitor imonnt exeC Program Files Logitech SetPoint KHALMNPR EXEC Program Files Logitech Video FxSvr exeC WINDOWS system wscntfy exeC Program Files Internet Explorer iexplore exeC PROGRA WINZIP winzip exeC Documents and Settings Joshua R Seats Local Settings Temp HijackThis exeR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe rO - HKLM Run CTDVDDET C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEO - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe rO - HKLM Run IMONTRAY C Program Files Intel Intel reg Active Monitor imontray exeO - HKLM Run nwiz nwiz exe installO - HKLM Run Logitech Utility Logi MwX ExeO - HKLM Run WFXSwtch C PROGRA WinFax WFXSWTCH exeO - HKLM Run WinFaxAppPortStarter wfxsnt exeO - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run Microsoft Office Quick Launcher iau exeO - HKLM Run Launch LGDCore quot C Program Files Logitech G-series Softwa... Read more

A:Keylogger

Update :

I ran several of the scans again in safe mode. I finally came up with something : Trojan.small.edz

Not even certain if this can work as a keylogger, but will try to find out. I hope this helps. If anyone has any information already please let me know, or if you need a new Hijackthis log let me know. I did let AVG Anti-Spyware 7.5 quarantine it. I don't know if that was a good thing or not.

Thanks again in advance

http://www.bleepingcomputer.com/forums/t/102914/keylogger/
Relevancy 29.67%

According to Trusteer Rapport we have a keylogger on my Step-Daughters machine Scans with Eset Ad-Aware and Mbam Mbam in Safe Mode have turned up one Trojan installmon exe today Sunday When PC was started up Saturday morning my pictures music FF bookmarks had all disappeared and the Recycle bin had been renamed sh te bin We believe whatever this was was caught from Facebook Cos She s always Possible Keylogger bloody on there After the Mbam scan Saturday all those were back in their rightful places But we still have this keylogger It according to Trusteer is taking screenshots as well as trying to log key strokes I help on a couple of forums with blue screens which I m OK with but I ll admit I haven t a clue about how to deal with keyloggers We ve run a system bsod diagnostics tool SF Diagnostics which has Possible Keylogger collected information about the system This file appears too big to attach here though at mb so I ve stuck it on Mediafire http www mediafire com p stbppt bI ve downloaded dds and gmer to run when my Step-Daughter surfaces and I ll attach the logs here Whether they are relevant to keyloggers though Aah I hear you ask what is it It s a Lenovo G UK laptop running Windows bit If I ve posted this in the wrong area accept my apologies move it and give me a slap on the wrist Off Topic I d forgot my user password To reclaim it the quot I am human stuff quot had me type in Old Codger How did it know D

A:Possible Keylogger

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/430828/possible-keylogger/
Relevancy 29.67%

hi all my wow account has been accesed and now banned as someone has gained access to it by which i believe was a keylogger so a friend suggested i use this site for your friendly reliable help so doctore keylogger Possible here s my log am i gonna be alright O Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system Possible keylogger spoolsv exe C Program Files Spyware Doctor BDT BDTUpdateService exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Alwil Software Avast ashMaiSv exe C WINDOWS Explorer EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS System RunDll exe C WINDOWS System sistray EXE C WINDOWS System keyhook exe C WINDOWS System ctfmon exe C Program Files Curse CurseClient exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files NETGEAR WG v Configuration Utility RtlWake exe C Program Files NETGEAR WG v Configuration Utility RtWLan exe C Program Files Mozilla Firefox firefox exe C WINDOWS system osk exe C WINDOWS system MSSWCHX EXE C Program Files Trend Micro HijackThis HijackThis exe O - BHO Possible keylogger AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Browser Defender BHO - A F D B- - FF -B - CCE E - C Program Files Spyware Doctor BDT PCTBrowserDefender dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar PC Tools Browser Guard - EA- A- B-ADF - D E CC - C Possible keylogger Program Files Spyware Doctor BDT PCTBrowserDefender dll O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run SiSUSBRG C WINDOWS SiSUSBrg exe O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run SiS Tray C WINDOWS System sistray EXE O - HKLM Run SiS Windows KeyHook C WINDOWS System keyhook exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKCU Run CurseClient C Program Files Curse CurseClient exe -silent O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User LOCAL SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User NETWORK SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User Default user O - Global Startup WG v Smart Wizard Wireless Setting lnk O - Extra button Related - c fe - f d- d -a b- aa c a - C WINDOWS web related htm O - Extra Tools menuitem Show amp Related Links - c fe - f d- d -a b- aa c a - C WINDOWS web related htm O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Service avast iAVS Control Service aswUpdSv - ALWIL Software - C Program Files Alwil Software Avast aswUpdSv exe O - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast ashServ exe O - Service avast Mail Scanner - ALWIL Software - C Program Files Alwil Software Avast ashMaiSv exe O - Service avast Web Scanner - ALWIL Software - C Program Files Alwil Software Avast ashWebSv exe O - Service Browser Defender Update Service - Threat Expert Ltd - C Program Files Spyware Doctor BDT BDTUpdateService exe O - Service nProtect GameGuard Service npggsvc - Unknown owner - C... Read more

Relevancy 29.67%

I m a WoW gamer My computer was infected somehow with something that allowed a third party access to my account What s relevant here however is that I m not sure if I removed the program I changed from McAfee to AVG When AVG scanned they found some quot support software quot called quot Wownode quot or something to that effect I removed the program and quarantined it That said my keylogger Possible computer s now acting funny re my task manager Possible keylogger It won t display I was wondering if anyone here could help me I ve attached my Hijack log Logfile of Trend Micro HijackThis v BETA Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Dell DataSafe Local Backup Components scheduler STService exe C Program Files x Dell DataSafe Local Backup Toaster exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files x Creative Sound Blaster X-Fi Volume Panel VolPanlu exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Windows SysWOW Ctxfihlp exe C Program Files x Java jre bin jusched exe C Program Files x Google Gmail Notifier gnotify exe C Windows SysWOW CTXFISPI EXE C Program Files x AVG AVG avgtray exe C Program Files x AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Logitech GamePanel Software Applets ColorOnly LCDYT exe C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files Logitech GamePanel Software Applets ColorOnly LCDMovieViewer exe C Program Files x Windows Media Player wmplayer exe C Users Shawn AppData Local Google Chrome Application chrome exe C Program Files x Common Files Adobe Updater Adobe Updater exe C Program Files x TrendMicro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http g msn com USCON R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - c Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files x Windows Live Toolbar wltcore dll O - Toolbar amp Windows Live To... Read more

https://forums.techguy.org/threads/possible-keylogger.887214/
Relevancy 29.67%

So my Webroot service was down for a while and I noticed that my Facebook account had apparently sent a friend request without me wanting it to. I logged on and a random musican had accepted a friend request that I never remembered sending. My Webroot is working again but It hasnt detected anything so far and I even used my other program, Trend Micro, to search before I got Webroot back up and it did not detect anything strange. However, while my Webroot was not working, I tried to use a special browser for academic purposes but it said it could not run while "Remote Control Pro" was working. I don't have that program on my computer as far as I have searched. I'm afraid to set new accounts on the Internet or to even make money transactions if this keylogger is still on my laptop. So what do I do?

A:I think I have a keylogger but I don't know what to do!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f100/i-think-i-have-a-keylogger-but-i-dont-know-what-to-do-510749.html
Relevancy 29.67%

I have a keylogger on my computer I keylogger believe its a trojan ive done a full scan with -CCleaner -Ad-aware Free Anti-Malware -Spybot Search amp Destroy -MalwareBytes' Anti-Malware -AVG anti-virus All shower my computer as clean but some of my accounts keep getting passwords changed i downloaded HIjackthis here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Program Files Microsoft Windows OneCare Live winssnotify exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Lavasoft Ad-Aware AAWTray exe C Windows RtHDVCpl exe C Windows System SysMonitor exe C Program Files Winamp winampa exe C Acer Empowering Technology eDataSecurity eDSloader exe C Program Files Common Files Java Java Update keylogger jusched exe C Program Files AVG AVG avgtray exe C Windows System rundll exe C Program Files TELUS TELUS Support Centre bin McciTrayApp exe C Program Files TELUS TELUS Wireless Connection keylogger Manager McciTrayApp exe C Program Files TELUS eProtect Advisor TEPA exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files iTunes iTunesHelper exe C Program Files ANI ANIWZCS Service WZCSLDR exe C Program Files D-Link DWA- revA AirGCFG exe C Program Files Windows Sidebar sidebar exe C Program Files Windows Live Messenger msnmsgr exe C Users Cody AppData Roaming Octoshape Octoshape Streaming Services OctoshapeClient exe C Windows ehome ehtray exe C Program Files Skype Phone Skype exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files FinePixViewerS QuickDCF exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Logitech SetPoint SetPoint exe C Program Files shaw bin shawsupport exe C Program Files LimeWire LimeWire exe C Program Files OpenOffice org program soffice exe C Windows ehome ehmsas exe C Acer Empowering Technology eRecovery ERAGENT EXE C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe C Program Files Logitech GamePanel Software Applets LCDCountdown exe C Program Files Logitech GamePanel Software Applets LCDPop exe C Program Files Logitech GamePanel Software Applets LCDRSS exe C Program Files OpenOffice org program soffice BIN C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files Mozilla Firefox firefox exe C Windows system wuauclt exe C Program Files Mozilla Firefox plugin-container exe C Program Files Common Files Java Java Update jucheck exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http ca rd yahoo com customize yco ca yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http en ca acer yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http en ca acer yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer SearchURL Default http ca rd yahoo com customize yco ca yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - EF BD -C FB- D - F- D F - no file R - URLSearchHook AVG... Read more

A:keylogger

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-500584.html
Relevancy 29.67%

Hi Keylogger Possible all I think I have a keylogger Possible Keylogger as my Wow account was hacked into Ive run avira malwarebytes and cc cleaner buut found Possible Keylogger nothing so heres my hijack log Logfile of HijackThis v Scan saved at on Platform Unknown Windows WinNT SP MSIE Internet Explorer v Running processes C Windows system Dwm exe C Windows Possible Keylogger system taskeng exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files Common Files Java Java Update jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Windows PixArt Pac Monitor exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files Malwarebytes' Anti-Malware mbamgui exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Steam Steam exe C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Program Files uTorrent uTorrent exe C Program Files ArcSoft TotalMedia TMMonitor exe C Program Files MagicDisc MagicDisc exe C Windows ehome ehmsas exe C Program Files LogMeIn x LogMeInSystray exe C Program Files LogMeIn x LMIGuardian exe C Windows System mobsync exe C Users kinkster AppData Local Apps MDYJVGC H VTJ H B JY curs tion eee a b d e e CurseClient exe C Program Files Mozilla Firefox firefox exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Windows system wuauclt exe C Windows system SearchFilterHost exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http uk ask com o amp l dis R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - ba e- - -b f - e d cc - no file O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO QFX Software KeyScrambler - B F - A - - E -C B BC E - C Program Files KeyScrambler KeyScramblerIE dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO no name - ba e- - -b f - e d cc - no file O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar no name - CCC A -B CA- -B A - F DD - no file O - Toolbar no name - ba e- - -b f - e d cc - no file O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar ... Read more

A:Possible Keylogger

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-499344.html
Relevancy 29.67%

Hi all -

First: I am not good with computers and will need very explicit directions, down to the level of "right-click here, then click this button." If that's not possible, I have someone who can guide me through broader instructions, so anything you can do will be very helpful.

My daughter's email account got hacked and sent me a spam link that I clicked without thinking. We now have reason to believe that it was a keylogger. I changed my email address from a different machine, but I'm worried about paying bills. My computer isn't showing any signs of trouble, so I don't know how to describe my problem beyond that.

Can I tell you anything else? Otherwise, what is my first step?

Thanks!

A:Keylogger?

Hello and welcome.. I will try to comply as best I can..I changed my email address Did you change your address or password?What is your antivirius?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default... Read more

http://www.bleepingcomputer.com/forums/t/456697/keylogger/
Relevancy 29.67%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE keylogger have i i a think Internet Explorer v Boot mode Normal Running i think i have a keylogger processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System i think i have a keylogger svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files DNA btdna exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Documents and Settings ken KENBO Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe C Program Files Skype Phone Skype exe C Program Files MagicDisc MagicDisc exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files M-Audio Fast Track GBInst exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files supportsoft bin sprtlisten exe C Program Files Hewlett-Packard Shared hpqwmiex exe C WINDOWS system dllhost exe C Program Files Skype Plugin Manager skypePM exe C WINDOWS System svchost exe C WINDOWS system wscntfy exe C WINDOWS system Rundll EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Skype Toolbars Shared SkypeNames exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com F - REG system ini Shell Explorer exe logon exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar no name - FFDE - - f -B D-FC A F C - no file O - HKLM Run hidetask quot C Hide taskbar exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run MS MASTER RUNDLL EXE C WINDOWS system xml inc dll i O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run taskhide quot C Hide Taskbar exe quot O - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKCU Run Octoshape Streaming Services quot C Documents and Settings ken KENBO Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe quot -inv bootrun O - HKCU Run MobiLink Lite C Program Files Novatel Wireless MobiLink Lite exe O - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimized O - S- - - Startup Hide taskbar exe User SYSTEM O - S- - - Startup MagicDisc lnk C Program Files MagicDisc MagicDisc exe User SYSTEM O - DEFAULT Startup Hide taskbar exe User Default user O - DEFAULT Startup MagicDisc lnk C Program Files MagicDisc MagicDisc exe User Default user O - Startup Hide taskbar exe O - Startup MagicDisc lnk C Program Files MagicDisc MagicDisc exe O - Global Startup Hide taskbar exe O - Global Startup Shortcut to Hide taskbar lnk C Hide taskbar exe O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - E... Read more

A:i think i have a keylogger

I wasn't sure if i should post these in 2 separate posts or combine them. My world of warcraft account keeps getting stolen. I think i have a keylogger on one or both of my computers. This computer is a desktop and my other computer is a laptop. I posted the log for my laptop in a separate thread. If you see anything wrong with this log please let me know
this is the log for my desktop:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:50 AM, on 12/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Intel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe&quo... Read more

https://forums.techguy.org/threads/i-think-i-have-a-keylogger.886989/
Relevancy 29.67%

Hi guys I'm sure a Keylogger is living on my OS This morning a message from Gmail sent We believe an access from Keylogger help me please... China I play with a game called World of warcraft and two days ago someone was able to enter in my account and change something always From China I Keylogger help me please... will post here the log of HiJackThis Can u help me to find the terrible keylogger Thank you Logfile of Trend Micro HijackThis v BETA Scan saved at Keylogger help me please... on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files AVG AVG avgtray exe C Program Files Logitech Logitech WebCam Software LWS exe C Program Files Apoint K Apoint exe C Windows WindowsMobile wmdcBase exe C Program Files Java jre bin jusched exe C Program Files Apoint K ApMsgFwd exe C Program Files Apoint K Apntex exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Users lconforti AppData Local Google Chrome Application chrome exe C Users lconforti AppData Local Google Chrome Application chrome exe C Users lconforti AppData Local Google Chrome Application chrome exe C Users lconforti AppData Local Google Chrome Application chrome exe C Users lconforti AppData Local Google Chrome Application chrome exe C Users lconforti AppData Local Google Chrome Application chrome exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Users lconforti AppData Local Google Chrome Application chrome exe C Windows system SearchFilterHost exe C Program Files TrendMicro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http companyweb R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google it R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxyrm wind root it R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech Logitech WebCam Software LWS exe quot hide O - HKLM Run Apoint C Program Files Apoint K Apoint exe O - HKLM Run Windows Mobile-based device management WINDIR WindowsMobile wmdcBase exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run Google Update quot C Users lconforti AppData Local Google Update GoogleUpdate exe quot c O -... Read more

A:Keylogger help me please...

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-help-me-please-471274.html
Relevancy 29.67%

hello,
first of all thank you for this website.

Ok so, I have had some strange things happen to my credit cards, and facebook account that lead me to believe I have a key logger. Facebook told me someone from china attempted to log into my account. And my CC and my wifes Debit card have been compromised. The facebook issue could have been done without a keylogger, but the creditcard and debit card have me worried.

Im at work so I don?t remember all of my pc?s specs but im using xp pro. it?s a dual core with like 1 gig of ram I believe. when I get home for lunch I will get more info.
Just let me know what you need.

I patiently await your instructions.

A:I believe i have a keylogger.

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/457082/i-believe-i-have-a-keylogger/
Relevancy 29.67%

Hi,

My Hotmail account has been hijacked. Do you think I have a keylogger?

A:Do I have a keylogger?

I use Avira Free Antivirus and I scanned my system. It found some malware and moved it to quarentine. Do you think my computer is clean now?
Here is the Avira report:

Avira Free Antivirus
Report file date: domingo, 17 de Junho de 2012 16:49

Scanning for 3842267 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DINIS-TOSH

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02-05-2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08-05-2012 19:55:08
AVSCAN.DLL : 12.3.0.15 54736 Bytes 08-05-2012 19:55:08
LUKE.DLL : 12.3.0.15 68304 Bytes 08-05-2012 19:55:10
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08-05-2012 19:55:10
AVREG.DLL : 12.3.0.17 232200 Bytes 10-05-2012 19:55:25
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06-11-2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 00:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20-12-2011 09:10:53
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01-02-2012 09:11:02
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28-03-2012 19:51:51
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10-05-2012 19:55:12
VBASE006.VDF : 7.11.29.137 2048 Bytes 10-05-2012 19:55:12
VBASE007.VDF : 7.11.29.138 2048 Bytes 10-05-2012 19:55:13
VBASE008.VDF : 7.11.29.139 2048 Bytes 10-05-2012 19:55:13
VBASE009.VDF : 7.11.29.140 2048 Bytes 10-05-2012 19:55:13
VBASE010.VDF : 7.11.29.141 2048 Bytes 10-05-2012 19:55:13
VBASE011.VDF : 7.11.29.142 2048 Bytes 10-05-2012 19:55:13
VBASE012.VDF : 7.11.29.143 2048 Bytes 10-05-2012 19:55:13
VBASE013.VDF : 7.11.29.144 2048 Bytes 10-05-2012 19:55:13
VBASE014.VDF : 7.11.30.3 198144 Bytes 14-05-2012 19:56:47
VBASE015.VDF : 7.11.30.69 186368 Bytes 17-05-2012 19:57:50
VBASE016.VDF : 7.11.30.143 223744 Bytes 21-05-2012 19:59:57
VBASE017.VDF : 7.11.30.207 287744 Bytes 23-05-2012 20:00:33
VBASE018.VDF : 7.11.31.57 188416 Bytes 28-05-2012 20:00:04
VBASE019.VDF : 7.11.31.111 214528 Bytes 30-05-2012 20:00:27
VBASE020.VDF : 7.11.31.151 116736 Bytes 31-05-2012 20:00:07
VBASE021.VDF : 7.11.31.205 134144 Bytes 03-06-2012 20:00:25
VBASE022.VDF : 7.11.32.9 169472 Bytes 05-06-2012 20:01:25
VBASE023.VDF : 7.11.32.85 155648 Bytes 08-06-2012 16:42:17
VBASE024.VDF : 7.11.32.133 127488 Bytes 11-06-2012 18:43:30
VBASE025.VDF : 7.11.32.171 182784 Bytes 12-06-2012 18:43:31
VBASE026.VDF : 7.11.32.251 119296 Bytes 14-06-2012 19:47:12
VBASE027.VDF : 7.11.32.252 2048 Bytes 14-06-2012 19:47:12
VBASE028.VDF : 7.11.32.253 2048 Bytes 14-06-2012 19:47:12
VBASE029.VDF : 7.11.32.254 2048 Bytes 14-06-2012 19:47:12
VBASE030.VDF : 7.11.32.255 2048 Bytes 14-06-2012 19:47:12
VBASE031.VDF : 7.11.33.42 74240 Bytes 16-06-2012 19:47:12
Engine version : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01-06-2012 20:00:05
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14-06-2012 19:50:07
AESCN.DLL : 8.1.8.2 131444 Bytes 09-02-2012 09:11:19
AESBX.DLL : 8.2.5.12 606578 Bytes 14-06-2012 19:50:15
AERDL.DLL : 8.1.9.15 639348 Bytes 15-12-2011 00:32:23
AEPACK.DLL : 8.2.16.18 807287 Bytes 14-06-2012 19:49:51
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14-06-2012 19:49:33
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14-06-2012 19:49:29
AEHELP.DLL : 8.1.21.0 254326 Bytes 10-05-2012 19:55:15
AEGEN.DLL : 8.1.5.30 422261 Bytes 14-06-2012 19:47:32
AEEXP.DLL : 8.1.0.52 82293 Bytes 14-06-2012 19:50:16
AEEMU.DLL : 8.1.3.0 393589 Bytes ... Read more

http://www.bleepingcomputer.com/forums/t/457288/do-i-have-a-keylogger/
Relevancy 29.67%

so my world of warcraft account was scammed several times in a few days therefore im guessing i have a keylogger of some kind I have scanned my comp with ad-aware avg anti-virus dr web kaspersky bitdefender spybot s amp d and mbam also i ran HJT and kinda need your help with the log so if you find anything could you tell me what i have to do to get rid of keylogger possible it using as simple words as possible cheers Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP possible keylogger WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C PROGRA AVG AVG avgwdsvc exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system nvsvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files TomTom HOME TomTomHOMEService exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system wbem wmiapsrv exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS system winsys exe C PROGRA AVG AVG avgtray exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system ctfmon exe C Program Files TomTom HOME TomTomHOMERunner exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C Documents and Settings intel Omat tiedostot Lataukset HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www suomi fi R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www samsungodd com liveupdate asp type en R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Linkit O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Liven kirjautumisapuohjelma - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM ... Read more

https://forums.techguy.org/threads/possible-keylogger.886825/
Relevancy 29.67%

I am not sure if I have one However I do play world of warcraft and have been receiving an EXTREME amount of hack emails So I checked online and one of the things I picked up was quot hijack this quot I will post below what it came up with Please can some one see if they can help I also work from here and would changing my email for WOW help at Keylogger Help? all Hijack This Info Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Firebird Firebird bin fbguard exe C Program Files Java jre bin jqs exe C Program Files Common Keylogger Help? Files Nero Nero BackItUp NBService exe C Program Files AVG AVG avgam exe C WINDOWS system nvsvc Keylogger Help? exe C Program Files AVG AVG avgnsx exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS System svchost Keylogger Help? exe C Program Files TuneUp Utilities TuneUpUtilitiesService exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C Program Files Firebird Firebird bin fbserver exe C Program Files TuneUp Utilities TuneUpUtilitiesApp exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files AVG AVG avgcsrvx exe C Documents and Settings Angel Local Settings Application Data Google Update GoogleCrashHandler exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Documents and Settings Angel Local Settings Application Data TheWeatherNetwork WeatherEye WeatherEye exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run UVS Preload C Program Files Corel Corel VideoStudio uvPL exe O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run AdobeCS ServiceManager quot C Program Files Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbylogin O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM RunOnce Uninstall Adobe Download Manager quot C WINDOWS system rundll exe quot quot C Program Files NOS bin getPlus Helper dll quot... Read more

A:Keylogger Help?

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-help-448082.html
Relevancy 29.67%

Due to some strange events going on both online and offline tell I I if How keylogger? can a have I m a little concerned that I might have a keylogger on my PC The chances are that I am just being paranoid but I still would like to check this out before I push the idea out of my mind In How can I tell if I have a keylogger? the meantime I just don How can I tell if I have a keylogger? t feel quite safe doing anything online Would anyone be able to talk me through how to determine if I have a keylogger If I do have one it is one that was done through a file attachment as no one has had direct access to my PC but me Thus far I have run Malwarebytes Anti-Malware Windows Defender and done avast virus protection Windows Defender and Avast s full system scans didn t find anything This was the log from Malwarebytes Malwarebytes Anti-Malware www malwarebytes org Database version v Windows Service Pack x NTFS Internet Explorer PM mbam-log- - - - - txt Scan type Full scan C D E Q Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed hour s minute s second s Memory Processes Detected C Program Files x RelevantKnowledge rlservice exe PUP Adware RelevantKnowledge - gt - gt Delete on reboot C Program Files x RelevantKnowledge rlvknlg exe PUP Adware RelevantKnowledge - gt - gt Delete on reboot C Program Files x RelevantKnowledge rlvknlg exe PUP Adware RelevantKnowledge - gt - gt Delete on reboot Memory Modules Detected C Program Files x RelevantKnowledge rlls dll PUP Adware RelevantKnowledge - gt Delete on reboot C Users Sara AppData Local Google Chrome User Data Default Extensions mkndcbhcgphcfkkddanakjiepeknbgle plugins rlcm dll PUP Adware RelevantKnowledge - gt Delete on reboot Registry Keys Detected HKLM SYSTEM CurrentControlSet Services RelevantKnowledge PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully HKLM SOFTWARE Microsoft Windows CurrentVersion Uninstall d d f - c - - e - b d PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully HKLM SOFTWARE Microsoft Internet Explorer Low Rights ElevationPolicy - - - - Adware GamePlayLab - gt Quarantined and deleted successfully HKLM SOFTWARE Microsoft Windows CurrentVersion Ext PreApproved - - - - Adware GamePlayLab - gt Quarantined and deleted successfully Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected C Program Files x RelevantKnowledge PUP Spyware MarketScore - gt Delete on reboot Files Detected C Program Files x RelevantKnowledge rlls dll PUP Adware RelevantKnowledge - gt Delete on reboot C Program Files x RelevantKnowledge rlservice exe PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge rlvknlg exe PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge rlvknlg exe PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Users Sara AppData Local Google Chrome User Data Default Extensions mkndcbhcgphcfkkddanakjiepeknbgle plugins rlcm dll PUP Adware RelevantKnowledge - gt Delete on reboot C Program Files x RelevantKnowledge rlls dll PUP Adware RelevantKnowledge - gt Delete on reboot C Program Files x RelevantKnowledge rlph dll PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge rlxf dll PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge components rlxg dll PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge firefox rlnx dll PUP Adware RelevantKnowledge - gt Quarantined and deleted successfully C Program Files x RelevantKnowledge rloci bin PUP Spyware MarketScore - gt Quarantined and deleted successfully end

A:How can I tell if I have a keylogger?

For reference, I am using a Toshiba Satellite Laptop that's running Windows 7.

http://www.bleepingcomputer.com/forums/t/473683/how-can-i-tell-if-i-have-a-keylogger/
Relevancy 29.67%

I just did Have Do Keylogger?? I a spyware scan through Pest Patrol and it came up that I have Advanced Keylogger Of course now I m envisioning my bank account getting wiped out since I bought Do I Have Keylogger?? something online today and am sick wondering how this got onto my laptop I just read an article about how sometimes there can be quot false positives quot and Pest Patrol was specifically mentioned Here is the information it came up with key quot hkey local machine software licenses quot value quot k c db a f c quot key quot hkey local machine software licenses quot value quot r c db a f c quot If anyone Do I Have Keylogger?? can help me determine if I actually do have keylogger and how to get rid of it if I do I d certainly appreciate it I should also mention that I ve done just about every free online spyware search available and none of the other programs have come up with keylogger Thanks nbsp

A:Do I Have Keylogger??

xandermom said:

I just did a spyware scan through Pest Patrol and it came up that I have Advanced Keylogger. Of course now I'm envisioning my bank account getting wiped out since I bought something online today and am sick wondering how this got onto my laptop. I just read an article about how sometimes there can be "false positives" and Pest Patrol was specifically mentioned. Here is the information it came up with:

key "hkey_local_machine \software\licenses" value "{k7c0db872a3f777c0}"
key "hkey_local_machine \software\licenses" value "{r7c0db872a3f777c0}"

If anyone can help me determine if I actually do have keylogger and how to get rid of it if I do, I'd certainly appreciate it. I should also mention that I've done just about every free online spyware search available and none of the other programs have come up with keylogger.

Thanks!Click to expand...

Hi zandermom,

I checked my own registry and I have one of the two you mention, the first one. I also checked my software licenses and I have the following licensed software reported by Belarc [Note: license numbers are deleted]:
Ahead - Nero Fast CD-Burning Plug-in
Belarc - Advisor
Hewlett-Packard - WebReg
Microsoft - Internet Explorer
Microsoft - Office 2000 SR-1 Professional
Microsoft - WebFldrs XP
Microsoft - Windows Resource Kit Tools
Microsoft - Windows Support Tools
Microsoft - Windows XP Professional

I have the key "hkey_local_machine \software\licenses" value "{k7c0db872a3f777c0}" , and that refers to the name only, not the type and data value in the registy.

You can check to see if you have any of the above licenses I do by downloading, installing, running Belarc Advisor (free) from: http://www.belarc.com There is a new verification file after every Windows Update Tuesday (2nd Tues. of every month) - might have to wait until Thursday.

Please post your Belarc list of licenses - not the acutal license number itself, just the name of the software for which you have a license. Note: I deleted the actual license numbers reported by Belarc, and you should do the same when you reply to this request. I just want to check to see what licensed software we have in common - and that would be the one license whose value I cited that I have - but, I don't know which license the registry name refers to.

Most likely these are false positives from Pest Patrol - I bought a copy, no longer use it - can't stand the very long updates over the web - horribly slow on my dialup.

-- Tom
 

https://forums.techguy.org/threads/do-i-have-keylogger.440323/
Relevancy 29.67%

Hi I recently got infected by a kelogger at least and that pretty much stole a lot of my accounts I got various anti viruses recommended and used them all and removed some malware spyware adware etc but I guess it's better to be safe than sorry so my friend suggested I post a hijackthis log here Hope I didn't do anything wrong and thanks in advance Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows System mobsync exe C Program Files Windows Defender MSASCui exe keylogger Possible C Windows RtHDVCpl exe C hp support hpsysdrv exe C Program Files Possible keylogger Hewlett-Packard On-Screen OSD Indicator OSD exe C Program Files Windows Media Player wmpnscfg exe C Program Files Java jre bin jusched exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Common Files Symantec Shared ccSvcHst exe C Windows System rundll exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files PowerISO PWRISOVM EXE C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Windows Live Messenger msnmsgr exe C Program Files DAEMON Tools Lite daemon exe C Program Files MagicDisc MagicDisc exe C Windows ehome ehmsas exe C Program Files Windows Sidebar sidebar exe C Program Files Lavasoft Ad-Aware AAWTray exe E World of Warcraft BackgroundDownloader exe C hp kbd kbd exe C Windows System NOTEPAD EXE C Program Files Mozilla Firefox firefox exe C Windows system wuauclt exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Windows System NOTEPAD EXE C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Common Files Symantec Shared coShared Browser CoIEPlg dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run h... Read more

A:Possible keylogger

Hello and welcome to TSF.

HijackThis is no longer used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-438747.html