Windows Support Forum

Possible keylogger or backdoor software

Q: Possible keylogger or backdoor software

Hallo,
 
my emploeyer is running true divorce and his wife is possibly spying on his computer. An IT guy is helping her to do this, and we think, that he might have installed some keylogger or backdoor tool on my bosses computer.
 
Please can you help me to analyze the HijackThis log, and check if you find something "fishy"?
 
Thank you

Relevancy 100%
Preferred Solution: Possible keylogger or backdoor software

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Possible keylogger or backdoor software

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own actions! Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

http://www.bleepingcomputer.com/forums/t/571798/possible-keylogger-or-backdoor-software/
Relevancy 56.76%

Hi about a week ago i got postmaster failures in my Hotmail account which i read about and turns Need my with or in backdoor Did have it computer this!! help a keylogger? a out it comes from your account being hacked I did a scan and Did my computer have a backdoor in it or a keylogger? Need help with this!! it shown Trojans on my machine here are the names of the Trojans and what they can do on Microsoft's encyclopedia Encyclopedia entry Trojan Win Vundo gen H - Learn more about malware - Microsoft Malware Protection Center Encyclopedia entry TrojanDownloader Win Cutwail BD - Learn more about malware - Microsoft Malware Protection Center Encyclopedia entry Exploit Java CVE- - UB - Learn more about malware - Microsoft Malware Protection Center On these pages it says that none of these particular Trojans are Did my computer have a backdoor in it or a keylogger? Need help with this!! backdoor or keyloggers What exactly do they do and with the java Trojan i do remember when i was on the internet about a week ago seeing the java icon in the bottom right hand side of my screen when it normally runs while i was on the internet i was a bit mystified by this but just thought it might have been something normal in the background etc I have uninstalled java since All of these viruses have been removed or quarantined using my anti virus and malware software But because i have important files on my desktop that contain passwords bank information for a number of people COULD any of these Trojans of seen any of my files or gotten into my machine From what i have read they aren't those type of Trojans but i really want to make sure One more thing that confuses me then HOW could they of hacked my Hotmail account if they aren't backdoor or keylogger Trojans All the help Did my computer have a backdoor in it or a keylogger? Need help with this!! i can get on this would be GREATLY appreciated Thanks

http://www.techsupportforum.com/forums/f284/did-my-computer-have-a-backdoor-in-it-or-a-keylogger-need-help-with-this-637951.html
Relevancy 56.76%

Hi guys I have had two of my online gaming accounts hacked in the past weeks I know something is up Tried AVG and got nothing so here is my Keylogger Backdoor / / Trojan hijack log Please tell me what you think as I have no clue as Keylogger / Trojan / Backdoor to what this means I have had TWO World of Warcraft accounts hacked One was banned and the other I changed the password on another computer and have not logged in since This is very frustrating as I have invesed a lot of time into these accounts Any input would be great AVG Has only come up with tracking cookies Keylogger / Trojan / Backdoor Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x GigabyteGigabyte WP GS Wireless PCI Adapter SoftAPInstallerWINX RaUI exeC WINDOWSsystem Rundll exeC Program Files x CreativeSound Blaster X-FiVolume PanelVolPanlu exeC Program Files x CreativeShared FilesCTSched exeC Program Files x CreativeShared FilesSoftware UpdateAutoUpdate exeC Program Files x iTunesiTunesHelper exeC Program Files x HPhpcoretechhpcmpmgr exeC PROGRA AVGAVG avgtray exeC Program Files x Common FilesAppleMobile Device SupportbinAppleMobileDeviceService exeC PROGRA AVGAVG avgwdsvc exeC Program Files x BonjourmDNSResponder exeC WINDOWSSysWOW CTsvcCDA exeC WINDOWSSysWOW svchost exeC WINDOWSSysWOW PnkBstrA exeC WINDOWSSysWOW PnkBstrB exeC Program Files x iPodbiniPodService exeC Program Files x Mozilla Firefoxfirefox exeC Program Files x AVGAVG avgui exeC Documents and SettingsAdministratorMy DocumentsDownloadsHijackThis exeR - HKLMSoftwareMicrosoftInternet ExplorerMain Default Page URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Default Search URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Search Page http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Start Page http go microsoft com fwlink LinkId F - REG system ini UserInit userinitO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common FilesAdobeAcrobatActiveXAcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVGAVG avgssie dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files x Microsoft OfficeOffice GrooveShellExtensions dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Javajre binssv dllO - Toolbar no name - CCC A -B CA- -B A - F DD - no file O - HKLM Run P Helper Rundll SPIRun dll RunDLLEntryO - HKLM Run GrooveMonitor quot C Program Files x Microsoft OfficeOffice GrooveMonitor exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x AdobeReader ReaderReader sl exe quot O - HKLM Run VolPanel quot C Program Files x CreativeSound Blaster X-FiVolume PanelVolPanlu exe quot rO - HKLM Run CreativeTaskScheduler quot C Program Files x CreativeShared FilesCTSched exe quot logonO - HKLM Run Creative Software Update quot C Program Files x CreativeShared FilesSoftware UpdateAutoUpdate exe quot SilentO - HKLM Run QuickTime Task quot C Program Files x QuickTimeQTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files x iTunesiTunesHelper exe quot O - HKLM Run HP Component Manager quot C Program Files x HPhpcoretechhpcmpmgr exe quot O - HKLM Run AVG TRAY C PROGRA AVGAVG avgtray exeO - HKUSS- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'LOCAL SERVICE' O - HKUSS- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'NETWORK SERVICE' O - HKUSS- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'SYSTEM' O - HKUS DEFAULT RunOnce tscuninstall systemroot system tscupgrd exe User 'Default user' O - Global Startup GN-WP GS Utility lnk C Program Files x GigabyteGigabyte WP GS Wireless PCI Adapter SoftAPInstallerWINX RaUI exeO - Global Startup Logitech Desktop Messenger lnk C Program FilesLog... Read more

A:Keylogger / Trojan / Backdoor

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/259962/keylogger-trojan-backdoor/
Relevancy 55.9%

Hello My keylogger?!?! maybe Possible infection and backdoor/trojan neighbors have hacked my router a few times and Possible backdoor/trojan infection and maybe keylogger?!?! seem to get my passwords before I even write them I think of myself as pretty computer literate but def not my first job I have gotten root kit infections all same on all comps I own since removed and wiped There're my neighbors so I sometimes can overhear them they know when I'm on and seem to know what I am streaming even when I have my VPN on I just moved in here and I dont have a smoking gun proof that could warrant me just going over there John Wayne style I have wiped my comps at least times careful not to add any old exe's I am at a loss Currently I am not even going on the wifi and hardwired most everything I think they were getting through the living room roku that was on bluetooth I would like to know if I am now clean i just got a new router and If you could tell me what is vulnerable on Windows when just getting it going Holes in Firewall Bluetooth They are close and they are younger so it seems they just like testing their script kitty bs on me My gf and I miserable I appreciate any help Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Jared administrator on PRUOB - - Running from C Users Jared Desktop Loaded Profiles Jared Available Profiles Jared Platform Windows Home Version X Language English United States Internet Explorer Version Default browser Chrome Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Intel Corporation C Windows System igfxCUIService exe Tesline-Service SRL C Program Files x Rohos ntserv exe Intel Corporation C Windows SysWOW IntelCpHeciSvc exe Realtek Semiconductor C Program Files Realtek Audio HDA RtkAudioService exe Microsoft Corporation C Windows System wlanext exe Broadcom Corporation C Windows System BtwRSupportService exe Intel Corporation C Windows System Intel DPTF esif uf exe Malwarebytes C Program Files x Malwarebytes Anti-Malware mbamservice exe Malwarebytes C Program Files x Malwarebytes Anti-Malware mbamscheduler exe Waves Audio Ltd C Program Files Waves MaxxAudio WavesSysSvc exe Microsoft Corporation C Program Files Windows Defender MsMpEng exe Microsoft Corporation C Program Files Windows Defender NisSrv exe Dell Inc C Program Files Dell DellDataVault DellDataVaultWiz exe Intel Corporation C Program Files Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe Dell Inc C Program Files x Dell SupportAssistAgent bin SupportAssistAgent exe Dell Inc C Program Files Dell DellDataVault DellDataVault exe Piriform Ltd C Program Files CCleaner CCleaner exe Intel Corporation C Program Files Intel Intel reg Rapid Storage Technology IAStorIcon exe Intel Corporation C Windows Temp DPTF esif assist exe C Users Jared AppData Roaming Dashlane Dashlane exe C Users Jared AppData Roaming Dashlane DashlanePlugin exe Microsoft Corporation C Windows ImmersiveControlPanel SystemSettings exe Malwarebytes C Program Files x Malwarebytes Anti-Malware mbam exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Microsoft Corporation C Windows System NetworkUXBroker exe Microsoft Corporation C Windows System dllhost exe Microsoft Corporation C Windows System dllhost exe Google Inc C Program Files x Google Chrome Application chrome exe Microsoft Corporation C Windows System CompatTelRunner exe Microsoft Corporation C Windows System CompatTelRunner exe Microsoft Corporation C Windows Temp B D - - B -AAD - C EC D A DismHost exe Google Inc C Program Files x Google Chrome Application ch... Read more

A:Possible backdoor/trojan infection and maybe keylogger?!?!

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Yor logs are completely normal - no malware infection is there.But we make some scans to be sure!Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".With some infections, you may see two messages boxes.'Could not load protection driver'. Click 'OK'.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.If there is no malware found, please let me know as well.*** Please download AdwCleaner by Xplode and save to your Desktop.Double-click AdwCleaner.exeVista / Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.*** Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1457094484-3505798086-3378261310-1001\...\MountPoints2: {d99ba2cc-0aa1-11e6-9bd2-204747f44453} - "D:\VZW_Software_upgrade_assistant.exe"
SearchScopes: HKU\S-1-5-21-1457094484-3505798086-3378261310-1001 -> DefaultScope {8D90FE02-100C-44A4-85BB-1676E0ABA104} URL =
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CMD: type C:\TDSSKiller.3.1.0.9_26.04.2016_19.12.07_log.txt
CMD: type C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CMD: type C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat... Read more

http://www.bleepingcomputer.com/forums/t/612493/possible-backdoortrojan-infection-and-maybe-keylogger/
Relevancy 55.9%

Hello I am here to request your help me about my computer health I realised my computer slows down sometimes and loaded kaspersky antiviurus After scan it found many unwanted softwares and advertisements on my pc Also it reported a function of some kind of keylogger at every minutes I uninstalled kaspersky and loaded avg anti-virus afterwards while scanning my pc avg found a trojan that called quot backdoor agent quot Looking forward to hear your help and thanks in advance You can find the requested log files below DDS Ver - - - NTFSx Run by Cansay at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV AVG AntiiVirus Free On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C PROGRA AVG AVG avgwdsvc exe C Program Files TOSHIBA ConfigFree CFSvcs exe C Documents and Settings All Users Application Data EPSON EPW SSRP E S infections: Backdoor Possible Agent,,Keylogger,,etc. RP EXE C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system igfxtray Possible infections: Backdoor Agent,,Keylogger,,etc. exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C WINDOWS tsnp std exe C WINDOWS vsnp std exe C Program Files Toshiba Windows Utilities Hotkey exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS system igfxext exe C WINDOWS system ctfmon exe C WINDOWS system wbem wmiapsrv exe C Documents and Settings Cansay Desktop dds scr Pseudo HJT Report uStart Page about Possible infections: Backdoor Agent,,Keylogger,,etc. blank uSearchMigratedDefaultURL hxxp search live com results aspx q searchTerms amp src referrer source uInternet Connection Wizard ShellNext wmplayer exe ICWLaunch BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat ce reader activex AcroIEHelper dll BHO BF B-C D - d - A -A F BA C - No File BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg Possible infections: Backdoor Agent,,Keylogger,,etc. avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO E D - A- EC-A -BA D E E - No File BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO EpsonToolBandKicker Class e fb- dd- f -b ac-b cae f a - c program files epson epson web-to-page EPSON Web-To-Page dll BHO EWPP - No File TB EPSON Web-To-Page ee d f- b- - d-c b aaeba d - c program files epson epson web-to-page EPSON Web-To-Page dll TB B EAC - D - B E- B -A C A A - No File uRun CTFMON EXE c windows system ctfmon exe uRun MsnMsgr quot c program files windows live messenger MsnMsgr Exe quot background uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun EPSON Stylus DX Series c windows system spool drivers w x e faticee exe fu quot c windows temp E S tmp quot EF quot HKCU quot uRun DownloadAccelerator quot c program files dap DAP EXE quot STARTUP mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun tsnp std c windows tsnp std exe mRun snp std c windows vsnp std exe mRun DAEMON Tools quot c program files daemon tools daemon exe quot -lang mRun QuickTime Task quot c program files k-lite codec pack quicktime qttask exe quot -atboottime mRun Toshiba Hotkey Utility quot c program files toshiba windows utilities Hotkey exe quot l... Read more

A:Possible infections: Backdoor Agent,,Keylogger,,etc.

Hello.What is the file name that AVG is detecting? Some information on backdoors. Your computer may be already compromised.Backdoor ThreatIMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/200341/possible-infections-backdoor-agentkeyloggeretc/
Relevancy 55.47%

I've just finished my rd re-reading of quot Rootkits Spyware Adware Keyloggers and Backdoors quot by Oleg Zaytsev Unless & & Rootkit, Removal Backdoor Keylogger, Detection you possess a degree Rootkit, Keylogger, & Backdoor Detection & Removal in some area of computer science or you're a genius you will probably find the book pretty much impenetrable as Rootkit, Keylogger, & Backdoor Detection & Removal I did I am not a genius but I'm not depriving some village somewhere of their idiot either After reading the book for the rd time I have a few comments and Rootkit, Keylogger, & Backdoor Detection & Removal have come to a few conclusions The Russians are pretty smart and surprisingly prolific in the number of publications out there regarding quot malware quot topics You may think you have your system quot locked down quot or you are smart enough to lock it down but don't kid yourself an intelligent cunning and resourceful hacker WILL hack you once they've decided to put you on their quot owned quot list The really good hackers including those who work for government agencies will hack you in the twinkling of an eye A fairly long period of time will have elapsed before you discover that you've been had if you ever do Unless as I said earlier you possess a degree in some area of computer science good luck detecting let alone removing some of the more malicious malware lurking about out there Although I only dimly understood some of the examples Zaytstev included in his book it was all I needed to know that most detection amp removal applications are at best limited in their usefulness and at worst useless Hackers being on the offensive are naturally going to stay one step ahead of us Unless someone devises the hack-proof OS we will always be playing catch-up About the only bright spot I see is the new generation of applications that protect your system by using quot virtualization quot technology Instead of using definition updates or heuristic engines and there ARE some good heuristic engines that do manage to catch a lot these newer applications protect at the application level Used properly write requests never make it to your OS and or registry But there's probably someone somewhere out there who is developing code that will crack even this technology So don't be surprised the next time your mucking about in your system open a file and are horrified to find function intercept code ZWSetValueKey ZWDeleteValueKey ZWOpenProcess etc from some Kernel-Mode Rootkit Short of reformatting your drive and doing a full-blown OS reinstall maybe more than once or in a worst-case scenario buying a new hard drive good luck getting rid of this type of Rootkit as it quot knows quot you're looking for it and modifies registry keys faster than you can fix or delete them Zaytstev happens to mention Autoruns in his book While he was quick to praise its merits he didn't pull any punches regarding its drawbacks either To name a few lack of protection against the most common and simplest rootkits inability to detect automatic startup malware programs that create autostart registry keys during shutdown said keys are deleted after the startup of a malicious program when the system is booting lack of modification protection malware programs can forcibly terminate Autoruns exe process or modify its functionality in the memory Zaytstev's book has lead me to formulate hijakd's st Law THERE IS NO SUCH THING AS quot ANONYMOUS quot SURFING

A:Rootkit, Keylogger, & Backdoor Detection & Removal

Well, unless you have sensitive material on your computer, which you shouldn't have (like bank account numbers, credit card numbers, important passwords,...) you don't have too much to worry about. Get the most effective antimalware software with excellent heuristic capabilities (NOD32) with a good firewall or router and you're decently protected.

Use common sense on the Internet:

- Stay away from porn sites or other questionable sites;

- Don't download files (P2P, torrents), it's illegal anyway;

- Don't open questionable emails from people you don't know or their attachments, especially .exe files;

- Don't be a victim of "phishing". Never give personal informations to a bank requesting them by email because legitimate institutions will never proceed that way;

- Disable AutoComplete from your Web browser (with this function, passwords are stored on your computer and can be easily obtained with backdoor trojans);

- And so on...

If you want a certain level of acceptable anonymity but don't mind a slower connection, use anonymous proxies to surf the web.

http://www.bleepingcomputer.com/forums/t/190801/rootkit-keylogger-backdoor-detection-removal/
Relevancy 55.47%

Hello I've been having consistent problems with some malware program s since late April when I accidentally clicked on a shady-looking link posted to Reddit I've installed antivirus program after antivirus program to some avail mostly nailing registry keys and toolbars but all were ultimately unable to root out whatever's generating the symptoms suspicious tasks constantly respawning in the task scheduler generic Windows processes doing things they're not supposed to very high disk usage etc and were even unable to erase some the stuff they detected I first suspected a keylogger when after some incompetent messing around with my Windows security settings the function key started malfunctioning and sometimes ceased to work altogether In addition the audio on my computer and Keylogger, Other Backdoor Trojan, Multiple Viruses Possible would also randomly cut out I kept trying to update and or rollback the keyboard and audio drivers with no lasting results In addition some of the antivirus programs had discovered a backdoor trojan in their scans which may or may not have been completely removed However I soon discovered that not only were both functions tied together in the Local System Network Possible Backdoor Trojan, Keylogger, and Multiple Other Viruses Restricted process but the audio and Stickykeys would restart after I terminated audiodg exe in the Task Manager Webroot had completely deleted the audiodg exe file from my computer once before which resulted in a frustrating evening of using resources from the Microsoft website to fix the ensuing damage so I suspect that file might have gotten reinfected I certainly hope this isn't the case but I can imagine pulling out malware that infects system files is a very difficult task So here's the FRST log Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Christina administrator on CHRISTINA-PC on - - Running from C Users Christina Downloads Loaded Profiles Christina Available Profiles Christina Platform Windows X OS Language English United States Internet Explorer Version Default browser FF Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Avast Software s r o C Program Files AVAST Software Avast AvastSvc exe Avast Software C Program Files AVAST Software Avast ng vbox AvastVBoxSVC exe AVAST Software C Program Files AVAST Software Avast ng ngservice exe Avast Software s r o C Program Files AVAST Software Avast avastui exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components LMS LMS exe Microsoft Corporation C Windows Microsoft NET Framework v ngentask exe Microsoft Corporation C Program Files Microsoft Office ClientX officeclicktorun exe Microsoft Corporation C Windows System dasHost exe Microsoft Corporation C Windows System dasHost exe Microsoft Corporation C Windows Microsoft NET Framework v WPF PresentationFontCache exe Apple Inc C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Microsoft Corporation C Windows System dllhost exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run gt X HKLM Run TecoResident gt C Program Files TOSHIBA Teco TecoResident exe - - TOSHIBA Corporation HKLM Run TCrdMain gt C Program Files TOSHIBA Hotkey TCrdMain Win exe - - TOSHIBA Corporation HKLM Run TSSSrv gt C Program Files x TOSHIBA System Setting TSSSrv exe - - TOSHIBA Corporation HKLM Run SynTPEnh gt C Program Files Synaptics SynTP SynTPEnh exe - - Synaptics Incorporated HKLM Run iTunesHelper gt C Program Files iTunes iTunesHelper exe - - Apple Inc HKLM-x Run TSVU gt c Program Files TOSHIBA TOSHIBA Smart View Utility TosSmartViewLauncher exe - - TOSHIBA HKLM-x Run ISUSPM gt C ProgramData FLEXnet Connect isuspm exe... Read more

A:Possible Backdoor Trojan, Keylogger, and Multiple Other Viruses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581226 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.FRST Download LinkWhen you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.Double click on the FRST icon and allow it to run. Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button. Notepad will open with the results. Post the new logs as explained in the prep guide. Close the program window, and delete the program from your desktop.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/581226/possible-backdoor-trojan-keylogger-and-multiple-other-viruses/
Relevancy 54.61%

A malicious possible computers, targeting Malicious Hacker keylogger/backdoor hacker has been targeting me for months now I changed my psychical address and started to use a new computer and there was no problems for a while but now Malicious Hacker targeting computers, possible keylogger/backdoor they suddenly gained access to accounts of mine Before it was just a game account where they stripped me of everything including the money spent on Malicious Hacker targeting computers, possible keylogger/backdoor the account However now they are going further and I fear that my computer is in danger they now hacked my msn DDS Ver - - - NTFSx Run by anon at on Sat Internet Explorer Microsoft Windows Vista Home Premium GMT - AV PC-cillin Internet Security - Virus Protection On-access scanning enabled Outdated D BC- CC- - E- E AF SP PC-cillin Internet Security - Spyware Malicious Hacker targeting computers, possible keylogger/backdoor Protection enabled Outdated DD A - A - CF- BA- D CAD E SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF FW PC-cillin Internet Security - Firewall enabled E E E- A D- -A F - EC F EB Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Program Files Dell DellDock DockLogin exeC Windows system svchost exe -k NetworkServiceC Windows System WLTRYSVC EXEC Windows System bcmwltry exeC Windows system WLANExt exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Windows system taskeng exeC Program Files DellTPad Apoint exeC Program Files Intel Intel Matrix Storage Manager IAAnotif exeC Windows System WLTRAY EXEC Windows System igfxpers exeC Program Files Sigmatel C-Major Audio WDM sttray exeC Program Files Winamp winampa exeC Program Files VMware VMware Player hqtray exeC Program Files uTorrent uTorrent exeC Program Files Windows Live Messenger msnmsgr exeC Program Files DAEMON Tools Lite daemon exeC Program Files Digital Line Detect DLG exeC Program Files Dell QuickSet quickset exeC Windows System DriverStore FileRepository stwrt inf c c a aestsrv exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows System DriverStore FileRepository stwrt inf c c a STacSV exeC Windows system svchost exe -k imgsvcC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC PROGRA TRENDM INTERN tmproxy exeC Program Files Common Files VMware USB vmware-usbarbitrator exeC Windows system vmnat exeC Windows System svchost exe -k WerSvcGroupC Windows system DRIVERS xaudio exeC Program Files VMware VMware Player vmware-authd exeC Windows system vmnetdhcp exeC Windows system igfxsrvc exeC Program Files DellTPad ApMsgFwd exeC Program Files DellTPad HidFind exeC Windows system wbem wmiprvse exeC Program Files DellTPad Apntex exeC Windows Explorer exeC Program Files Dell Support Center bin sprtsvc exeC Program Files Mozilla Firefox firefox exeC Program Files Windows Live Contacts wlcomm exeC Windows SYSTEM WISPTIS EXEC Program Files Steam Steam exeC Program Files Steam steamapps common prince of persia the warrior within asx-pop asx-p -pop exec program files steam steamapps common prince of persia the warrior within PrinceOfPersia exec program files steam steamapps common prince of persia the warrior within POP exeC Program Files Steam steamapps common prince of persia the warrior within popwarriortrain asx-p -pop exeC Nexon Mabinogi client exeC Users anon Downloads HijackThis exeC Windows system NOTEPAD EXEC Windows system conime exeC Windows system notepad exeC Windows system wbem wmiprvse exeC Users anon D... Read more

A:Malicious Hacker targeting computers, possible keylogger/backdoor

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/285732/malicious-hacker-targeting-computers-possible-keyloggerbackdoor/
Relevancy 54.18%

Hi there I have had a raft of infections on my windows XP professional PC the last few trojans removed Loads remains to worried of but have keylogger/backdoor been seem a - days Trojan zeroaccess Trojan zeroaccess A Trojan zeroaccess C Trojan midhos Trojan winlock P SecShieldFraud gen and more I didn t write down I have Symantec anti-virus and Malware bytes both of which were up to date and ran the day before this Loads of trojans - seem to have been removed but worried a keylogger/backdoor remains happened It s all a bit of a blur but when it first happened symantec was picking up infection after infection and eventually told me to restart which I did From then Loads of trojans - seem to have been removed but worried a keylogger/backdoor remains on my CPU was running at symantec would not open google results in IE were clicking through to spam sites more and more trojans were being discovered by malware bytes Also I could not run the trojan zeroaccess removal tool I downloaded I tried to do a system restore but the only restore point was after the attack i restarted in safe mode and ran malwarebytes When I restarted again I was able to run Symantec and malwarebytes again which both got rid of more trojans The situation now is that my CPU is back to normal and symantec malware bytes are returning clear scans Things seem fine except a couple of red flags Google links in IE click through to spam sites sometimes but not always and all my cookies have disappeared so I have to type in ALL my registration details for each website I visit so I m worried there s a keylogger in place Is there something I can do please to check if there s a keylogger or backdoor in place please Many thanks if you can spare some time to help I would really appreciate it Clare

A:Loads of trojans - seem to have been removed but worried a keylogger/backdoor remains

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/465726/loads-of-trojans-seem-to-have-been-removed-but-worried-a-keyloggerbackdoor-remains/
Relevancy 49.88%

Hi,

I am sure this is posted in the wrong place but I thought I would try anyway. You guys have helped me fix my computer several times and I figured you know everything there is to know.
I just got a new laptop for my home as a family computer and I want to put a really good keylogger on it to monitor the activites on the computer. I don't want my teenaged son or my husband for that matter to wander someplace on the net they have no business being.

Can you reccommend one the will do a great job but not kill my pocket in the process. I want it to monitor chat room activity as well as take screenshots of pages visited.

Thanks,

Janice

A:KeyLogger Software

Hi Janice,I'm not sure anybody hereabouts will be willing to help you with this, as most will not agree with what you are trying to accomplish and see it as an invasion of privacy. I understand your concerns, but maybe you might consider tackling this from a different angle. Why not have a look at OpenDNS and K9, both offer services that can be setup to restrict where a user might venture on the internet.

http://www.bleepingcomputer.com/forums/t/280841/keylogger-software/
Relevancy 49.88%

I have a new Dell Windows computer My other laptop was comprimised to the point the keylogger Possible software? hacker would steal my Gmail Facebook and Yahoo passwords I now have the new Dell and somehow the same thing is happening again I don t open email from people Possible keylogger software? I don t know I m very particular of where I surf and use https whenever possible I Possible keylogger software? ran almost every software malware antivirus there is and it hasn t found anything Yet while I m typing an entire paragraph will disappear and the cursor moves This is the same behavior that was in my old computer My Gmail was hacked again on this new computer I m running ESET Anti-virus I use CCleaner everytime I log out of the internet My startup is down to this Yes HKCU Run SpybotSD TeaTimer C Program Files x Spybot - Search amp Destroy TeaTimer exeYes HKLM Run IgfxTray C Windows system igfxtray exeYes HKLM Run Persistence C Windows system igfxpers exeYes HKLM Run Broadcom Wireless Manager UI C Program Files Dell Dell Wireless WLAN Card WLTRAY exeYes HKLM Run egui quot C Program Files ESET ESET Smart Security egui exe quot hide waitserviceHere s is my Hijack this log Can anyone analyze this for me and tell me if there is something wrong Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x Spybot - Search amp Destroy TeaTimer exeC Program Files x Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Windows SysWOW Macromed Flash FlashUtil h ActiveX exeC Users Artemisia Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page https encrypted google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exeO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO QFX Software KeyScrambler - B F - A - - E -C B BC E - C Program Files x KeyScrambler KeyScramblerIE dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SearchHelper dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dllO - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files x Windows Live Toolbar wltcore dllO - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files x Windows Live Toolbar wltcore dllO - Toolbar no name - CCC A -B CA- -B A - F DD - no file O - HKCU Run SpybotSD TeaTimer C Program Files x Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - Run... Read more

A:Possible keylogger software?

Hi Artemisia,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - Preparation GuidePlease follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.STEP 2 - MBAMNote: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.STEP 3 - GMERPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet an... Read more

http://www.bleepingcomputer.com/forums/t/333849/possible-keylogger-software/
Relevancy 49.88%

I was wondering if anyone knew of any good freeware keylogger software programs. I believe that someone is using my computer while I am away, and I would like to find out what it is being used for. Any input would be greatly appreciated. Thanks.
 

Relevancy 49.02%

Hello I am wondering if you can direct me to what you may consider a good Keylogger application I can use, preferably free or affordable. I do a lot of writing daily and have found that keyloggers are a good backup for retriving text immediately if I happen to delete something in error as I type. I have used Absolute Keylogger but presently am having trouble with it. It all of sudden just stopped recording. I really liked Absolute Keylogger on my Macintosh because I can have total control over the actual files it creates daily as a separate files but Absolute Keylogger on my PC is just one continuous format. Do you know of something along these preferences that will work on a PC. I am on a Pent4/XPPro system Thank you. Lexx
 

A:Keylogger Software question

I use a hardware based Keylogger that connects in between my pc and my keyboard.
 

https://forums.techguy.org/threads/keylogger-software-question.505351/
Relevancy 49.02%

I have reason to believe that keylogging software or other surveillance software may have been installed remotely on a laptop I own without my consent. Whilst I am not 100% sure that this is the case I would like to find out if / how it is possible to discover if a keylogger or other spy software is running on the machine.

A:Keylogger and Surveillance Software

Hello, please scan with these//EDIT: I moved thos down one to the Am I Infected forumNext run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push NOTE: In some instances if no malware is found there will be no log produced.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS ... Read more

http://www.bleepingcomputer.com/forums/t/450870/keylogger-and-surveillance-software/
Relevancy 49.02%

Hi guys,

has anyone ever worked with keyloggers? I need a recommendation. I have found a couple of keylogger on Google, but I've never worked with those programs before. Has anyone ever used one of these keyloggers:

Links removed.

Thank you for your help.

A:I need a good keylogger software - help

Hello ShouldAt3,

Please be informed that assistance in such activities is not condoned in this forum.


From the forum's rules:

rules


Quote:




You may not ask for assistance with any deemed illegal activities such as but NOT restricted to the following:-

* software pirating
* hacking
* password cracking
* keystroke recording software
We will also not offer advice, assistance or instruction with regard to any of the above activities, illegal or otherwise.





Quote:




We do understand that the majority of requests may be legitimate, but we do not have the means to discern these from non-legitimate requests.




Sorry, but this thread will be closed.

http://www.techsupportforum.com/forums/f100/i-need-a-good-keylogger-software-help-777818.html
Relevancy 49.02%

Are you running anti-keylogger? Please mention your software & experience.

I checked out Zemana, Spyshelter & KeyScrambler free/paid.

Zemana & Spyshelter seems kinda bloated. I mean HIPS & all included.
KeyScrambler seems good & no bloats.

Recommendation & Suggestion are welcome.
 

A:Anti-Keylogger Software

The ones you listed are the only ones I know of. I don't honestly feel this ZAM-AL bloat, unless the paid version is a little heavier which I haven't used. I can't speak for SpyShelter, strangely enough, I've heard it runs quite light. KeyScrambler I've only heard good things about, and of course, it's free. I can't think of any other antiloggers that aren't apart of some security suite.
 

https://malwaretips.com/threads/anti-keylogger-software.59403/
Relevancy 49.02%

Hi How would a person know if keylogger software is hidden in the background of their computer tracking every keystroke Are there any signs that people should be aware of How do keylogger software infect a computer in the first place Do they work like spyware or malware and people download it without their knowledge or do people simply go to the Keylogger about Questions Software wrong site and the software downloads itself into the computer More information about Questions about Keylogger Software keylogger software and prevention techniques would be appreciated I have ran Adware SE and found nothing but cookies but below is my HJT Log just in case you need it Thanks in advance George Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System Questions about Keylogger Software svchost exe C Program Files Sygate SPF smc exe C WINDOWS system LEXBCES EXE C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan mcshield exe C Program Files Network Associates VirusScan vstskmgr exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Logitech iTouch iTouch exe C Program Files ASUS Probe AsusProb exe C WINDOWS System carpserv exe C Program Files Lexmark X Series lxbabmgr exe C Program Files Common Files Logitech QCDriver LVCOMS EXE C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Logitech MouseWare system em exec exe C Program Files Lexmark X Series lxbabmon exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Media Player wmplayer exe C Program Files Internet Explorer iexplore exe C Documents and Settings Tomcat My Documents Hijack This HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http home peoplepc com search R - HKCU Software Microsoft Internet Explorer Main Start Page http green ucc nau edu louie O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run TCASUTIEXE TCAUDIAG exe -off O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NeroCheck C WINDOWS System NeroCheck exe O - HKLM Run nForce Tray Options sstray exe r O - HKLM Run zBrowser Launcher C Program Files Logitech iTouch iTouch exe O - HKLM Run Logitech Utility Logi MwX Exe O - HKLM Run ASUS Probe C Program Files ASUS Probe AsusProb exe O - HKLM Run CARPService carpserv exe O - HKLM Run Lexmark X Series quot C Program Files Lexmark X Series lxbabmgr exe quot O - HKLM Run LVCOMS C Program Files Common Files Logitech QCDriver LVCOMS EXE O - HKLM Run SmcService C PROGRA Sygate SPF smc exe -startgui O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UpdaterUI exe quot StartedFromRunKey O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - CD F -D E - d - FE- C F AFE - no file O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Extra Tools menuitem Messenger - FB F -F - d -BB E- C br br F - C Program Files Messenger MSMSGS EXE O - DPF Yahoo Chess - http download games yahoo com games clients y ct x cab O - DPF Yahoo Pool - http download games yahoo com games clients y pote x cab O - DPF FE C -D A - - FC-D BFB F D WebGameLo... Read more

Relevancy 49.02%

Hi guys,
 
has anyone ever worked with keyloggers? I need a recommendation. I have found a couple of keyloggers on Google, but I've never worked with those programs before. Has anyone ever used one of these keyloggers:
 
http://www.actualspy.com/
http://www.desktopshark.com/
http://signum-soft.com
 
Thank you for your help.

A:I need a good keylogger software - help

Web of trust (Firefox plug-in) scorecard for each of the sites listed:
 
https://www.mywot.com/en/scorecard/actualspy.com?utm_source=addon&utm_content=popup-donuts
https://www.mywot.com/en/scorecard/desktopshark.com?utm_source=addon&utm_content=popup-donuts
https://www.mywot.com/en/scorecard/youtube.com?utm_source=addon&utm_content=popup-donuts
 
First 2 sites are not well regarded, do not know anything about signum-soft. Good luck with your search.
 
Cheers

http://www.bleepingcomputer.com/forums/t/520205/i-need-a-good-keylogger-software-help/
Relevancy 49.02%

A teen friend of my daughter accepted a virus via MSN Messenger -about viewing something with his email address as part of the link I suspected the Kelvir virus after searching Had him use Bit Defender Trend Micro and Panda Online Scan plus Spybot All scans found some sort of suspect files and as far as I know cleaned them When rebooting after one of the scans the keyboard would no longer function in WinXP and some error message Code to do with the keyboard It works in safe mode so I had him uninstall Keylogger? or software? legit the keyboard from the device manager and reboot Still no keyboard Since he lives minutes away and not too computer savvy it s hard to get all the info After one scan I believe Trend an icon appeared on the desktop called Easy Key Looking in Add Remove programs there is software installed called Easy Keylogger? or legit software? Key I am thinking this is a Keylogging Program There also is some indication of a driver error or somethng Tried to update the driver but no go as well I think this is just a Keylogger? or legit software? standard keyboard and I don t think it requires any special driver Am I correct on this They have not located the Disks that came with the computer so I am not sure if there is special software for the keyboard or not I was wondering if the next step would be to attempt to Uninstall this Easy Key software I appreciate any advice you can offer And much thanks in advance Cowgirl For Info This PC is yrs old WinXP Home-Serv Pack Avast Antivirus And not sure if there is a Firewall or not nbsp

A:Keylogger? or legit software?

Is this an eMachine?

I believe EasyKey is related to the keyboard (ie. drivers or for programming of the built-in functions keys).
 

https://forums.techguy.org/threads/keylogger-or-legit-software.356601/
Relevancy 49.02%

Hi guys,

has anyone ever worked with keyloggers? I need a recommendation. I have found a couple of keylogger on Google, but I've never worked with those programs before. Has anyone ever used one of these keyloggers:

Thank you for your help.
 

A:I need a good keylogger software - help

Why would you need to use a Keylogger? Kind of an odd request, and I'm weary to answer seeing that you could use this type of software for illegal purposes.

You've never posted here before. And just spring up asking for Keylogger recommendations.

Bit dodgy if you ask me.
 

https://forums.techguy.org/threads/i-need-a-good-keylogger-software-help.1117202/
Relevancy 49.02%

Hi I want to whether my computer have keylogger or monitoring software I know that there are pretty good monitoring and hacking softwares are out there like perfect keylogger and kgb keylogger but is it possible to remove every spyware and viruses in the computer The following is the log file of the HiJack To Or Keylogger Want Monitoring Software This Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Want To Keylogger Or Monitoring Software WINDOWS Want To Keylogger Or Monitoring Software System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC WINDOWS Explorer EXEC WINDOWS system igfxtray exeC WINDOWS system wscntfy exeC WINDOWS system hkcmd exeC Program Files Java jre bin jusched exeC Program Files BroadJump Client Foundation CFD exeC Program Files Common Files Real Update OB realsched exeC Program Files Ad Muncher AdMunch exeC PROGRA Grisoft AVG avgcc exeC WINDOWS system ctfmon exeC Program Files Siber Systems AI RoboForm RoboTaskBarIcon exeC Program Files SurfControl CyberPatrol cpserver exeC WINDOWS System svchost exeC Program Files SurfControl CyberPatrol cpCCtrl exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files DAP DAP EXEC Program Files Best Buy Rhapsody rhaphlpr exeC WINDOWS system winlogon exeC Program Files Internet Explorer iexplore exeC Program Files Sunbelt Software CounterSpy SBCSSvc exeC Program Files Sunbelt Software CounterSpy SBCSTray exeC Documents and Settings Administrator Desktop HiJackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http www quranonline net cgi-bin qexplor p dispby bychapR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exeO - HKLM Run TkBellExe quot C Prog... Read more

A:Want To Keylogger Or Monitoring Software

Hi Salman Farooqui,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

http://www.bleepingcomputer.com/forums/t/103638/want-to-keylogger-or-monitoring-software/
Relevancy 48.59%

Which is best free Anti-keylogger software?
 

A:Which is best free Anti-keylogger software?

For a good free version try this.
Zemana AntiLogger Free
 

https://malwaretips.com/threads/which-is-best-free-anti-keylogger-software.54735/
Relevancy 46.44%

PLease help I don t want to wipe my system clean and start from scratch I was infected with a backdoor trojan about weeks ago and thought it was removed At this point I can t get any viral softward to work I tried installing McAfee however every time I try to open the program it immediately closes on it s own and I can t initiate a scan Tried to uninstall and install Norton The EXACT same thing is happening with my symantec client software Viral backdoor infected last working, trojan NOT Help!!! with It will close immediately EVERY time And now Help!!! Viral software NOT working, last infected with backdoor trojan randomly Help!!! Viral software NOT working, last infected with backdoor trojan things are starting to quot disappear quot from my computer I ve tried searching for these quot missing quot files and they are nowhere to be found What can I do Here is a logfile if this helps Let me know if I need to update Hijack This Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer exe C WINDOWS system spoolsv exe C WINDOWS services exe C WINDOWS system S tray exe C Program Files Microsoft Hardware Mouse point exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C WINDOWS system ctfmon exe C Program Files Hewlett-Packard HP Share-to-Web hpgs wnf exe C WINDOWS system WISPTIS EXE C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Edward Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer SearchURL http www searchtraffic com search php l protect amp term R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www searchtraffic com search php l protect amp term R - HKLM Software Microsoft Internet Explorer Main SearchAssistant http www seekerbar com ie aspx tb id R - HKLM Software Microsoft Internet Explorer Main CustomizeSearch res C PROGRA Toolbar toolbar dll sa R - URLSearchHook no name - C AB F-A - e- C - A E A - no file R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file F - system ini Shell Explorer exe C WINDOWS system fservice exe F - REG system ini Shell Explorer exe C WINDOWS system fservice exe O - BHO no name - - F D- C- E - A C E C - no file O - BHO no name - CC -ACF - cac-A A -DD E - C Program Files DAP DAPBHO dll O - BHO no name - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO no name - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO no name - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - Toolbar DAP Bar - - FC- baf- C C-BCE BD F - C Program Files DAP DAPIEBar dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run S TRAY S tray exe O - HKLM Run POINTER point exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Extra context menu item amp Download with amp DAP - C PROGRA DAP dapextie htm O - Extra context menu item amp Google Search - res C Program Files Google GoogleToolbar dll cmsearch html O - Extra context menu item amp Yahoo Search - file C Program Files Yahoo Common ycsrch htm O - Extra context menu item Backward amp Links - res C Program Files Google GoogleToolbar dll cmbacklinks html O - Extra context menu item Cac amp hed Snapshot of Page - res C Program Files Google GoogleToolbar dll cmcache html O - Extra context menu item Download amp all with DAP - ... Read more

A:Help!!! Viral software NOT working, last infected with backdoor trojan

https://forums.techguy.org/threads/help-viral-software-not-working-last-infected-with-backdoor-trojan.304277/
Relevancy 46.44%

i dont know if this will help but i have a notebook with windows xp reciently it would not boot to windows i recovered not restore to factory and was able to Removal Malicious MS Tool, backdoor.tideserv.l!nf Software start windows i updated norton internet security ran a scan and it found and fixed some MS Malicious Software Removal Tool, backdoor.tideserv.l!nf stuff BUT there was the backdoor tidservi nf that norton said it could not remove it had to be removed manually so i started a chat with norton who took over my computer and could not resolve my issue after hours so i downloaded malwarebytes and ran that it found somthing else that was minor but did not find tidserv so i downloaded norton usb boot tool and ran that twice and it found two tideserv nf viruses but could not remove or fix them so after all the resurch on the virus and now knowing that it was a virus embedded in the recovery portion on the drive i went to microsoft to see what they had i decided to use the ONLINE scan which can be found here http www microsoft com security pc-security malware-removal aspx and ran a scan for about hours it came up with things two being the backdoor tidserv i nf it then asked me if i wanted to fix and remove them i said yes and then had to reboot and wala no more tideserv i then ran a full scan with norton and no threats were found maybe this will work for you if you have this problem instesd of trying to manually remove it by yourself good luck

A:MS Malicious Software Removal Tool, backdoor.tideserv.l!nf

Glad to hear you were successful with removing the infection.

http://www.bleepingcomputer.com/forums/t/389933/ms-malicious-software-removal-tool-backdoortideservlnf/
Relevancy 46.01%

I m using Windows XP SP For the last months I have had Nortons IS ADaware AVG A-S and Spybot S amp D installed and regularly updated Nortons is the main system providing the firewall etc running constantly and automatically updates I load and scan the security Is there suites? between Jealousy software Win32.backdoor.Rbot others periodiaclly Eleven months ago I had a starware Is there Jealousy between security software suites? Win32.backdoor.Rbot infection which prevented any connection to the web I purchased Spyware Doctor which needed updating online anyhow but the problem was resolved The story is that up until now all five suites have been working happily together with both SWdoctor and nortons running compatibly Two days ago I updated ADaware online which I do each month and on running its scanner it found Is there Jealousy between security software suites? Win32.backdoor.Rbot a high level threat malware win backdoor Rbot infecting swdoctor exe and one other associated file The required action was to reboot During reboot swdoctor exe was deleted This left the remainder of the SWdoctor folder full of orphened files which I removed I then reinstalled SWdoctor from the CD I had purchased months ago and ran ADware again It found no malware infection I the ran a smart update on SWdoctor to bring it to the current version and ran ADaware again Of course ADaware found the malware infections and the action deleted swdoctor exe on reboot I went through the process once more and used the other sutes like Spybot S amp D which didnt find the malware but which had incude errors and in the include errors log showed trojansc sbi and Zlob DNSchanger rtk I have contacted PCTools for advice on their Spyware Doctor Software and await their response I have tried test scans from the web after google-ing Win backdoor Rbot IE ADwarealert and AntispywareBot Both revealed up to infections associated with SWdoctor and Ashampoo Magical Optimiser which I installed two months ago and which has been working ok As a result of these scans I suspect that ADaware and these two extra suites simply wish to delete any competing security software on my PC and not just clean the infections from the exe files or other locations However there may be a real and present danger of a backdoor variant infecting my PC and until I resolve the problem I am loath to use my internet banking and creditcard details etc So Is there Jealousy between security software suites causing bogus reports of infection or Do I have to do the drill with Hijackthis ewido and housecall as per kevinskogg s thread of Jan which looked at backdoor win rbot gen variant Please advise Ges nbsp

A:Is there Jealousy between security software suites? Win32.backdoor.Rbot

18-Jan-2006
 

https://forums.techguy.org/threads/is-there-jealousy-between-security-software-suites-win32-backdoor-rbot.711772/
Relevancy 45.58%

On separate occasions I got viruses from video viewing sites On all occasions I did everything you re supposed to - virus scan and removal in safe mode checking processes to see if there were - viruses Antivirus keylogger Contracted Infected possibly twice with software fake & multiple removed and any I did not recognize monitoring the percentage of the cpu being used After removing the first virus everything seemed to work normally but apparently I missed something because my Infected possibly with multiple viruses and keylogger - Contracted & removed fake Antivirus software twice internet service was out for about weeks and when the company finally repaired it I discovered that my email address had unauthorized use nobody in my house but me so it had to come from outside source So I proceeded to do another safe mode scan didn t find anything did OneCare Live scanner online didn t find anything So I changed my email password and went on about my business Then about weeks ago I was on a different video site and got the virus that acts like virus removal software It disabled my security software wouldn t allow me on the websites all that nonsense Now that exact thing has happened to me twice in the last weeks with different video hosting sites So both times I managed to remove the virus in safe mode or so I thought but I have again discovered unauthorized access to my email account and my computer just does random strange things out of nowhere so I think maybe there may be other viruses spyware malware still on my computer So I followed the preparation guide in this forum My results are pasted and attached as instructed DDS Ver - - - NTFSx Run by Jamie at on Sun Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k hpdevmgmtC Program Files Common Files LightScribe LSSrvc exeC Program Files Norton Engine ccSvcHst exeC Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files HP QuickPlay Kernel TV QPCapSvc exeC Program Files CyberLink Shared Files RichVideo exeC Program Files Comcast Desktop Doctor bin sprtsvc exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files HP QuickPlay Kernel TV QPSched exeC Windows system taskeng exeC Windows system rundll exeC Windows system svchost exe -k HPServiceC Windows system DllHost exec Program Files Hewlett-Packard HP Health Check hphc service exeC Program Files Windows Media Player wmpnetwk exeC Windows system wbem wmiprvse exeC Program Files Norton Engine ccSvcHst exeC Windows system Dwm exeC Windows system taskeng exeC WINDOWS System wpcumi exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exeC Program Files Netgear Update Assistant LANUpdate exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files HP HP Software Update hpwuSchd exeC Program Files DivX DivX Update DivXUpdate exeC WINDOWS System rundll exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Sidebar sidebar exeC WINDOWS ehome ehtray e... Read more

A:Infected possibly with multiple viruses and keylogger - Contracted & removed fake Antivirus software twice

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/318801/infected-possibly-with-multiple-viruses-and-keylogger-contracted-removed-fake-antivirus-software-twice/
Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 40.85%

IE Chrome and Firefox all experience the same symptoms I type in nearly any search into the address bar or in Google it comes up with genuine search options in Google's page I backdoor.bot browser searches mws, redirects trojan.vbkrypt, - generic.dx, on backdoor-awq, click generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches on generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches a link in the search then it sends me to a not-legitimate page or through a link to a different page as if I clicked on an affiliate link Avast did not detect it at all used Ad Aware to scan and remove and it only detected adtd cookies Malwarebytes detected Trojan VBKrypt and Backdoor Bot and removed them which temporarily I mean - searches at most stopped the issue Uninstalled Avast and installed McAfee Total Protection Service which detected Generic dx iqs Generic dx BackDoor-AWQ Generic dx gic and MWS All removed but as you can guess the issue still persists Attached is the Attach txt file Attached is a few files of RootRepeal crash logs RootRepeal has a ton of errors causing me to not be able to scan or collect a log of any kind Errors include 'FOPS - DeviceIoControl Error Error Code xc Extended Info oxoooooodc ' and when I attempt to scan error 'DeviceIoControl Error Error Code x ' appears I'm guessing it might be because I'm using Windows Please advise on possible tasks and solutions Thanks The following is my DDS txt log file DDS Ver - - - NTFSx Run by Mike Faria at on Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - FW Total Protection Service enabled FBE - BE- F - F F- DB BBBC Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Alwil Software Avast ashServ exe C Program Files Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Bonjour mDNSResponder exe C Program Files McAfee Managed VirusScan VScan EngineServer exe C Program Files LogMeIn x RaMaint exe C Program Files LogMeIn x LogMeIn exe C Program Files LogMeIn x LMIGuardian exe C Program Files McAfee SiteAdvisor Enterprise McSACore exe C PROGRA McAfee MANAGE VScan McShield exe C Windows system taskhost exe C Program Files McAfee MPF MPFSrv exe C Windows system Dwm exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Program Files Common Files Nero Nero BackItUp NBService exe C Program Files Sandboxie SbieSvc exe C Windows system svchost exe -k imgsvc C Windows Explorer EXE C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files LogMeIn x LogMeInSystray exe C Program Files LogMeIn x LMIGuardian exe C Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exe C Program Files Java jre bin jusched exe C Program Files Adobe Acrobat Acrobat acrotray exe C Program Files Freecorder FLVSrvc exe C Program Files Microsoft Office Office GrooveMonitor exe C Windows system SearchIndexer exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files McAfee Managed VirusScan DesktopUI XTray exe C Program Files Windows Live Sync WindowsLiveSync exe C Program Files Sandboxie SbieCtrl exe C Program Files Windows Media Player wmpnetwk exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows Speech Common sapisvr exe C Program Files Olympus DeviceDetector DevDtct exe C Users Mike Faria AppData Roaming Dropbox bin Dropbox exe C Program Files BitTorrent bittorrent exe C Windows explorer exe C Program Files Common Files Apple Mobile Device Su... Read more

A:generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches

UPDATE - A day later, McAfee Total Protection Service detects Hiloti.gen in svchost.exe. All of these files pop up in c:\Windows\TEMP\filename.tmp\svchost.exe.Hundreds pop up, all throughout the day whether or not I am here. I left my PC on and came back to over 200 to delete. Anyways, I did a bunch of searching on Google and BC, on a different PC since this one sends me to illegitimate sites to buy their program... Result = no one has an answer. It seems every forum I go to, people are instructed to run scan x with x program, then run scan y with y program, etc. with the post unending, full of log files and no solutions.I'm still holding out hope ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Elise - forum moderator

http://www.bleepingcomputer.com/forums/t/280319/genericdx-backdoor-awq-mws-trojanvbkrypt-backdoorbot-browser-redirects-on-searches/
Relevancy 40.42%

I have Spysweeper and it can't get rid of these trojans and Komforochka Smtp Relay Trojans: Keylog Backdoor + Backdoor Sapilayr Stes 2pursuit + Dowloader 4 + other stuff It just keeps getting stuck when trying to delete Please help Here is my hijackthis log followed by my SpySweeper log note see most recent Hijackthis log in reply below Scan saved at PM on Platform 4 Trojans: Komforochka Smtp Relay + Dowloader 2pursuit + Backdoor Sapilayr + Backdoor Keylog Stes Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Trend Micro Antivirus pccguide exe C Program Files Trend Micro Antivirus PCClient exe C Program Files Trend Micro Antivirus TMOAgent exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files Common Files AOL TopSpeed aoltsmon exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system nvsvc exe C Program Files Webroot Spy Sweeper WRSSSDK exe C Program Files Trend Micro Antivirus Tmntsrv exe C Program Files Trend Micro Antivirus tmproxy exe C WINDOWS system dllhost exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C DOCUME OWNER JSS LOCALS Temp Temporary Directory for hijackthis zip HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run pccguide exe quot C Program Files Trend Micro Antivirus pccguide exe quot O - HKLM Run PCClient exe quot C Program Files Trend Micro Antivirus PCClient exe quot O - HKLM Run TM Outbreak Agent quot C Program Files Trend Micro Antivirus TMOAgent exe quot run O - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeper exe quot startintray O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS system Shdocvw dll O - Service AOL Connectivity Service - America Online - C Program Files Common Files AOL ACS AOLAcsd exe O - Service AOL TopSpeed Monitor - America Online Inc - C Program Files Common Files AOL TopSpeed aoltsmon exe O - Service NVIDIA Display Driver Service - NVIDIA Corporation - C WINDOWS system nvsvc exe O - Service Webroot Spy Sweeper Engine - Webroot Software Inc - C Program Files Webroot Spy Sweeper WRSSSDK exe O - Service Trend NT Realtime Service - Trend Micro Incorporated - C Program Files Trend Micro Antivirus Tmntsrv exe O - Service Trend Micro Proxy Service - Trend Micro Incorporated - C Program Files Trend Micro Antivirus tmproxy exe HERE IS MY WEBROOT SPYSWEEPER LOG PM Start of Session Tuesday January PM Spy Sweeper started PM Sweep initiated using definitions version PM Starting Memory Sweep PM Memory Sweep Complete Elapsed Time PM Starting Registry Sweep PM Found Adware spywarestrike fakealert PM HKCR ID PM HKLM ID PM Found Adware cashdeluxe PM HKCR ID PM HKCR ID PM HKCR ID PM HKCR ID PM HKCR ID PM HKCR ID PM HKCR ID PM HKLM ID PM HKLM ID PM HKLM ID PM HKLM ID PM HKLM ID PM HKLM ID PM HKLM ID PM HKLM ID PM Found Trojan Horse trojan-backdoor-keylog-sters PM HKCR ID PM HKLM ID PM Found Trojan Horse trojan-backdoor-sapilayr PM HKCR ID PM HKLM ID PM Found Trojan Horse trojan-downloader- pursuit PM HKCR ID PM HKLM ID PM Found System Monitor pcsentinels smoking gun PM HKU WRSS Profile S- - - - - - - ID PM Found Adw... Read more

A:4 Trojans: Komforochka Smtp Relay + Dowloader 2pursuit + Backdoor Sapilayr + Backdoor Keylog Stes

Here's a more recent log from the latest version of Hijackthis:Logfile of HijackThis v1.99.1Scan saved at 1:22:25 PM, on 1/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\Antivirus\pccguide.exeC:\Program Files\Trend Micro\Antivirus\PCClient.exeC:\Program Files\Trend Micro\Antivirus\TMOAgent.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Trend Micro\Antivirus\Tmntsrv.exeC:\Program Files\Trend Micro\Antivirus\tmproxy.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Owner.JSS-AMD\Local Settings\Temporary Internet Files\Content.IE5\S5QN49MB\HijackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /runO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +cO4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common... Read more

http://www.bleepingcomputer.com/forums/t/41561/4-trojans-komforochka-smtp-relay-dowloader-2pursuit-backdoor-sapilayr-backdoor-keylog-stes/
Relevancy 39.99%

Ok I spent the evening trying to fix my cousin's computer. I was removing spyware and she said she had a problem with available memory. I checked it out and she has an 8 gig HD with only 61 MB available. So I scanned with her un-updated Norton and it detected a trojan virus. So I updated her Norton first then scanned the HD and it found the following viruses.

Pic.exe Backdoor.SubSeven2
Shawn1.jpg Backdoor Trojan
winsys98.bat IRC Worm Generic

Norton found them but was unable to remove and fix the problem...all it could do was quarrentine the files. Anyone have any advice?
 

Relevancy 39.99%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 39.56%

Referred from here http backdoor and W32/Cubot-J IRC and worm removal worm and Trojan Trojan backdoor Backdoor.Fuwudoor www bleepingcomputer com forums topic html OBHave reinstalled windows and both Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan entities are still present and the slow crunching sound of the hard drive is occasionally heard Have not had any luck reformatting the disk Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs Remember I have reinstalled windows and removed all extra programs prior to Question can the bios get affected with a virus issue like I have I did trial bit products security and Advanced system care and have a feeling that this is where the infections have come from Thankyou for your help nbsp Attach txt nbsp nbsp KB nbsp nbsp downloads DDS Ver - - - NTFSAMD Internet Explorer Run by gino at on - - Microsoft Windows Vista Business GMT SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows system SLsvc exeC Windows System svchost exe -k secsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Windows Sidebar sidebar exeC Windows system svchost exe -k imgsvcC Windows system WUDFHost exeC Windows system DllHost exeC Windows system DllHost exeC Windows system DllHost exeC Windows SysWOW cmd exeC Windows SysWOW cscript exeC Windows system wbem wmiprvse exe Pseudo HJT Report mWinlogon Userinit userinit exeuRun Sidebar C Program Files Windows Sidebar sidebar exe autoRunuRun WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCentermPolicies-explorer NoActiveDesktop x mPolicies-explorer NoActiveDesktopChanges x mPolicies-system EnableUIADesktopToggle x TCP DhcpNameServer SERVICES DRIVERS S clr optimization v Microsoft NET Framework NGEN v X C Windows Microsoft NET Framework v mscorsvw exe - - S PerfHost Performance Counter DLL Host C Windows SysWOW perfhost exe - - Created Last - - -------- d-----w- C Windows Panther - - -------- d-----w- C Windows old - - -------- d-----w- C ATI Find M FINISH

A:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

http://www.bleepingcomputer.com/forums/t/404403/trojan-and-worm-removal-w32cubot-j-worm-and-irc-backdoor-and-backdoorfuwudoor-backdoor-trojan/
Relevancy 39.56%

I m new to the forum and recently had my system in fected by what Norton states is Backdoor Graybird However all attempts to remove have failed and I m getting constant pop-ups with a notification confirming unable to quarantine I ran ewido and system now shows an infection backdoor hupigom brn Below is my HiJackThis Report taken any help would be appreciated Logfile of BackDoor.Graybird HELP!!! Backdoor.Hupigon.brn... into turns HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C PROGRA SYMANT SYMANT DefWatch exe c tt guardian guardianctrl exe C Program Files Common Files AOL TopSpeed aoltpspd exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System mgafg exe C PROGRA SYMANT SYMANT Rtvscan exe C WINDOWS System rxmssync exe C Program Files Analog Devices SoundMAX SMAgent exe C BackDoor.Graybird turns into Backdoor.Hupigon.brn... HELP!!! WINDOWS System wdfmgr exe C Program Files Webroot Enterprise CommAgent CommAgent exe C Program Files Webroot Enterprise Spy Sweeper SpySweeper exe C Program Files Internet Explorer IEXPLORE EXE C Program Files AppStream WindowsClient Bin AppMgrService exe c tt guardian guardianTTM exe c tt ttm ttmd exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C Program Files Analog Devices SoundMAX DrvLsnr exe C Program Files COMPAQ Easy Access Button Support StartEAK exe C Program Files Java jre bin jucheck exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Real RealPlayer RealPlay exe C Program Files QuickTime qttask exe C Program Files Webroot Enterprise Spy Sweeper SpySweeperTray exe C WINDOWS System ctfmon exe C Program Files Compaq Easy Access Button Support CPQEAKSYSTEMTRAY EXE C Program Files Messenger msmsgs exe C Program Files Compaq Easy Access Button Support CPQEADM EXE C Compaq EAKDRV EAUSBKBD EXE C PROGRA Compaq EASYAC BttnServ exe c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe c program files common files aol ee aolsoftware exe C Program Files AppStream WindowsClient Bin AppMgrGui exe C Program Files AIM aim exe C Program Files Reuters Objects Messaging rtrimmgr exe C Program Files WinZip WZQKPICK EXE c tt guardian GuardianMFCTTM exe c program files common files aol ee aolsoftware exe C blp API bbcomm exe C WINDOWS System WISPTIS EXE C Program Files America Online waol exe C Program Files America Online shellmon exe C Program Files Internet Explorer iexplore exe C Program Files Symantec Client Security Symantec AntiVirus vpc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files ewido anti-spyware guard exe C Program Files ewido anti-spyware ewido exe C WINDOWS System cmd exe C Documents and Settings csmyth TWINFIELDS Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http news google com O - Hosts ila sserver session rservices com RDMC ila sserver session rservices com O - Hosts dbu RDMC dbu O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run DrvLsnr C Program Fi... Read more

A:BackDoor.Graybird turns into Backdoor.Hupigon.brn... HELP!!!

After those problems have been solved, and your system is completly free of any virus/malware/spyware, you might consider updating to SP2.
 

https://forums.techguy.org/threads/backdoor-graybird-turns-into-backdoor-hupigon-brn-help.504815/
Relevancy 39.56%

Hi Can anyone PLEASE HELP ME I ve been infected with two backdoor virus Backdoor Sdbot and Backdoor Ranky Can anyone tell me how to remove these two from my computer I and Backdoor.Ranky Backdoor.Sdbot virus have Windows and Norton anti-virus installed Norton gave me a message that quot the compressed file eger exe within WINNT SYSTEM xed exe is infected with Backdoor Sdbot virus - Delete Failed quot I also got a message saying quot the compressed file pwedp exe within WINNT SYSTEM dahdah exe is infected with Backdoor Ranky virus - Delete Failed quot I ran hijackthis and my log is as follows Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C Backdoor.Sdbot and Backdoor.Ranky virus WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINNT system spoolsv exe C Program Files Netropa Multimedia Keyboard nhksrv exe C WINNT System CTsvcCDA exe C WINNT System svchost exe C Program Files Roxio GoBack GBPoll exe C Program Files Norton SystemWorks Norton Antivirus navapsvc exe C PROGRA NORTON NORTON NPROTECT EXE C WINNT system regsvc exe C Program Files Norton SystemWorks Norton Antivirus SAVScan exe C WINNT system MSTask exe C PROGRA NORTON NORTON SPEEDD NOPDB EXE C WINNT system stisvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINNT System MsPMSPSv exe C WINNT system svchost exe C WINNT System svchost exe C WINNT Explorer EXE C WINNT system devldr exe C Program Files Microsoft Hardware Mouse point exe C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe C Program Files Netropa Multimedia Keyboard MMKeybd exe C Program Files Creative SBLive k Creative Diagnostics DIAGENT EXE C Program Files Netropa Multimedia Keyboard mmusbkb exe C Program Files Java j re bin jusched exe C Program Files Netropa Multimedia Keyboard TrayMon exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Netropa Onscreen Display OSD exe C Program Files Norton SystemWorks Password Manager AcctMgr exe C Program Files Winamp winampa exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Spyware Doctor spydoctor exe C Program Files Common Files Microsoft Shared Works Shared wkcalrem exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Hewlett-Packard Digital Imaging bin hpobnz exe C Program Files Roxio GoBack GBTray exe C PROGRA INCRED bin IMAPP EXE C Program Files Hewlett-Packard Digital Imaging bin hpoevm exe C WINNT system HPZipm exe C Program Files MSN MSNCoreFiles Msn exe C Program Files Hewlett-Packard Digital Imaging Bin hpoSTS exe C PROGRA WINZIP winzip exe C unzipped hijackthis HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton SystemWorks Norton Antivirus NavShExt dll O - Toolbar no name - D D -F E - ad- A - ECE AC - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton SystemWorks Norton Antivirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINNT system msdxm ocx O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run POINTER C Program Files Microsoft Hardware Mouse point exe O - HKLM Run AdaptecDirectCD quot C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run MULTIMEDIA KEYBOARD C Program Files Netropa Multimedia Keyboard MMKeybd exe O - HKLM Run LoadQM loadqm exe O - HKLM Run DIAGENT C Program Files Creative SBLive k Creative Diagnostics DIAGENT EXE startup O - HKLM Run UpdReg C WINNT Updreg exe O - HKLM Run AHQInit C Program Files Creative SBLive k Program AHQInit exe O... Read more

A:Backdoor.Sdbot and Backdoor.Ranky virus

Hi - Welcome to TSG!!

Go to control panel, add/remove programs and remove SpyKiller and Spyware Doctor, they are on the rogue list.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Run HJT again and put a check in the following:

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKCU\..\Run: [ICQ] syscdd2.exe
O4 - HKCU\..\Run: [Regional Value] isng.exe

Close all applications and browser windows before you click "fix checked".

Restart in safe mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK".

Now empty these folders:
C:\Documents and Settings\all profiles\local settings\temp
NOTE: all profiles means all of the profiles on the machine
c:\temp
c:\winnt\temp

Delete these files:
syscdd2.exe
isng.exe

Empty your recycle bin.

Reboot.
Download Spybot http://www.spybot.us/spybotsd13.exe

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot.

Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

Reboot and post another hijackthis log.
 

https://forums.techguy.org/threads/backdoor-sdbot-and-backdoor-ranky-virus.267537/
Relevancy 39.56%

Using windows xp home edition and Microsoft Antispyware Beta 1 I came across problems logging into partypoker.com as every time I logged in the above noted spywareTrojan.Backdoor.Small.FB Backdoor spyware was picked up by my spyware program and I had to delete it. My spyware was a freebie and running out soon so I went on line and downloaded the new beta 2 microsoft defender. Big mistake.... slowed everything down and started getting all kinds of disconnects and black screens, etc. etc. Anyway deleted the beta 2 and then reset my computer to previous date to get the beta 1 back and now the beta 1 isn't working either. Am also using AVG anti-virus program and that full scan comes up clean. Everything seems to be there,however, when I click on run scan for the spyware program nothing happens????? Any suggetions for a good spyware program download other than microsoft? Thank you.
 

Relevancy 39.56%

I have run ad-aware and spybot. I have Norton Antivirus 2002. About/blank takes over start page, "unable to repair" pop notice from Norton reagarding backdoor trojan, backdoor agent, and download trojan. HELP
 

A:about/blank - backdoor agent b - backdoor trojan

Hi bogey6438

Welcome to TSG!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download and save the file to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

The log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

https://forums.techguy.org/threads/about-blank-backdoor-agent-b-backdoor-trojan.261894/
Relevancy 37.84%

Well its doing a pretty good job Infected my PC xp media center through a bad exe and now it seems it can slip past full zonealarm lockdown Cant boot to safe mode nothing ive used can get rid of it I have a norton ghost full backup but it dates back weeks Backdoor.generic2.slc Backdoor.small.52.al ? / and so i'drather not have to go back in time According to AVG the backdoor trojan infected C Windows System ntswrl dll ntcvx dl I think there was another one but i cant get AVG to find them reliably and nothing else will find them at all I found no info online So here I am Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Backdoor.generic2.slc / Backdoor.small.52.al ? Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon Backdoor.generic2.slc / Backdoor.small.52.al ? exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe c program files dvrmstoolbox dvrmsfilewatcherservice exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System GEARSec exe C Program Files Common Files Microsoft Shared VS DEBUG mdm exe C Program Files Norton Ghost Agent VProSvc exe C WINDOWS system nvsvc exe C Program Files Common Files Softwin BitDefender Communicator xcommsvr exe C Program Files Common Files Softwin BitDefender Update Service livesrv exe C Program Files Common Files Softwin BitDefender Scan Server bdss exe C Program Files Softwin BitDefender vsserv exe C WINDOWS system dllhost exe C WINDOWS system WgaTray exe C WINDOWS ehome ehtray exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS eHome ehmsas exe C WINDOWS system RunDLL exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Java jre bin jusched exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Norton Ghost Agent GhostTray exe C Program Files iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C WINDOWS system vssms exe C Program Files Softwin BitDefender bdmcon exe C Program Files Softwin BitDefender bdagent exe C Program Files ATI Multimedia RemCtrl ATIRW exe C Program Files Microsoft ActiveSync wcescomm exe C WINDOWS system ctfmon exe C PROGRA MICROS rapimgr exe C WINDOWS system rundll exe C Program Files Belkin Nostromo nost LM exe C Program Files Logitech SetPoint SetPoint exe C Documents and Settings All Users Start Menu Programs Startup msmsgs exe C Program Files Microsoft ActiveSync WCESMgr exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C WINDOWS System svchost exe C WINDOWS system wuauclt exe C WINDOWS Explorer EXE C Documents and Settings Death Desktop HijackThis exe R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dll O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AOL Toolbar aoltb dll O - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program Files Common Files Viewpoint Toolbar Runtime ViewBar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run PRONoMgrWired C Program Files Intel PROSetWired NC... Read more

A:Backdoor.generic2.slc / Backdoor.small.52.al ?

sorry, that second infected file was C:\\Windows\System32\ntcvx32.dll

http://www.bleepingcomputer.com/forums/t/66952/backdoorgeneric2slc-backdoorsmall52al/
Relevancy 37.84%

Hi everyone,

I did a full scan with MalwareBytes which picked up three things:

HKCU\SOFTWARE\CYBER (Backdoor.Trace)
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace)
C:\Users\Shay\AppData\Roaming\Microsoft\Windows Update.exe (Backdoor.Agent)

All were quarantined and deleted successfully. I did a quick scan to follow up and I appear to be clean. However, browsing other topics on this forum led me to believe that this problem is not so easily gotten rid of. I'd appreciate some advice on what I should do, and if a nuke/pave is neccessary.

Thanks,

Invalio

A:Backdoor.Trace and Backdoor.Agent

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/468827/backdoortrace-and-backdooragent/
Relevancy 37.84%

Hello everyone,

my computer has infected by a trojan called backdoor-ceo

my mcafee antivirus alerts me that

file: drivers/etc/svwhost32.exe has infected backdoor-ceo trojan and cleaned...
after i reboot my computer this alert comes back.. in my hjackthis program i can not see that process

does anyone knows how to fix that problem?

Thanks for help
 

A:Backdoor problem (Backdoor-ceo) and svwhost32.exe

Have you tried booting to Safe Mode first and then, deleting it in Safe Mode?

how to boot to Safe Mode

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Why don't you make sure you have the most recent version of HijackThis

download it here: http://tomcoyote.org/hjt

Save it to its own folder (maybe create a folder on the desktop called "HijackThis" and save it into there)

Run it, saving the logfile and then post it back here on this thread so we can have a look at it.
Wayne
 

https://forums.techguy.org/threads/backdoor-problem-backdoor-ceo-and-svwhost32-exe.323193/
Relevancy 37.41%

Hello I scanned computer etc. Unable to trojans remove Backdoor.Win32.Hijack.an Backdoor.Win32.Small.hgi, with Kaspersky Antivirus and Unable to remove trojans Backdoor.Win32.Small.hgi, Backdoor.Win32.Hijack.an etc. it finds this trojans Trojan Win Agent brboBackdoor Win Hijack alBackdoor Win Hijack anBackdoor Win Small hgiTrojan Win Agent ehn It can remove them but they come back immediatelly after I connect to internet How I found that something is wrong within one or two minutes after turning on computer websites start to load extremely slowly Downloading of large files which is started before continues with maximum speed Only thing that fixes loading of websites is unplugging of network cable for ten seconds and then plugging it back Then it works fine - for one or two minutes ---------------------------------------------HijackThis log i was unable to complete D D S it only shows command line window for half hour and nothing happens ---------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Acronis Schedule schedul exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system nvsvc exeC WINDOWS system PnkBstrA exeC Program Files Common Files Acronis Fomatik TrueImageTryStartService exeC WINDOWS Explorer EXEC Program Files Common Files VMware VMware Virtual Image Editing vmount exeC WINDOWS system vmnat exeC WINDOWS system vmnetdhcp exeC Program Files VMware VMware Workstation vmware-authd exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS TEMP njk tmpC Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exeC WINDOWS RTHDCPL EXEC Program Files Java jre bin jusched exeC Program Files VMware VMware Workstation vmware-tray exeC Program Files VMware VMware Workstation hqtray exeC Program Files Acronis TrueImageHome TrueImageMonitor exeC Program Files Acronis TrueImageHome TimounterMonitor exeC Program Files Common Files Acronis Schedule schedhlp exeC Program Files Logitech Gaming Software LWEMon exeC WINDOWS system RUNDLL EXEC WINDOWS system rundll exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system ctfmon exeC Documents and Settings lk Local Settings Data aplikac Google Update GoogleUpdate exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Launchy Launchy exeC Program Files ArcSoft TotalMedia TMMonitor exeC Program Files SpeedFan speedfan exeD Download aswclnr exeD Download aswclnr tmpC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page google comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName OdkazyF - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS sorry exeO - BHO Podpora odkazu pro Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Anti-Virus ievkbd dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Pr... Read more

A:Unable to remove trojans Backdoor.Win32.Small.hgi, Backdoor.Win32.Hijack.an etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/207356/unable-to-remove-trojans-backdoorwin32smallhgi-backdoorwin32hijackan-etc/
Relevancy 35.26%

Hi, a couple months ago y'all helped me remove some particularly vicious malware from my computer, and it has been awesome since then! As part of that, I installed the free version of Avira on the computer. In the last couple weeks Avira has been decting "BDS/Backdoor.Gen - Backdoor Server" and the warning has been popping up on my computer about once an hour. Is there a way I can get rid of this??

Thanks (again)!

Spencer

http://www.bleepingcomputer.com/forums/t/179897/bdsbackdoorgen-backdoor-server/
Relevancy 32.25%

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

Relevancy 31.82%

Anyone who has any knwoledge of this please let me know, I am getting very nervous.

A:BackDoor.Tdss.565 & BackDoor.Tdss.2459

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

http://www.bleepingcomputer.com/forums/t/318752/backdoortdss565-backdoortdss2459/
Relevancy 31.82%

I can't Backdoor.Agent.CHGen, & Backdoor.Agent.E Trojan.Agent, post a log because when I run MalwareBytes and Copy the log to Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E clipboard it comes Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E up empty But Malwarebytes keeps finding three persistent malware that it keeps saying it quarantined and I try to delete but Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E they show up after every single scan I've posted the image above and attached it to this post Help me get rid of these please Trojan Agent Malwarebytes Anti-Malware www malwarebytes org Scan Date Scan Time PM Logfile Administrator Yes Version Malware Database v Rootkit Database v License Trial Malware Protection Enabled Malicious Website Protection Enabled Self-protection Disabled OS Windows CPU x File System NTFS User SillyTilly Scan Type Threat Scan Result Completed Objects Scanned Time Elapsed min sec Memory Enabled Startup Enabled Filesystem Enabled Archives Enabled Rootkits Disabled Heuristics Enabled PUP Enabled PUM Enabled Processes No malicious items detected Modules No malicious items detected Registry Keys No malicious items detected Registry Values No malicious items detected Registry Data No malicious items detected Folders No malicious items detected Files No malicious items detected Physical Sectors No malicious items detected end

A:Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Step 2Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:process;
services-list;
systemspecs;
startupall;
filesrcm;
Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply.

http://www.bleepingcomputer.com/forums/t/565870/trojanagent-backdooragentchgen-backdooragente/
Relevancy 30.53%

Hi first of all thanks for what you do I pws:win32/fareit removed? "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" love this site its been a lifesaver to me many times I use Microsoft Security Essentials and these viruses where detected quot pws win fareit pws:win32/fareit "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" removed? quot quot backdoor Win cycbot B quot quot pws:win32/fareit "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" removed? backdoor Win cycbot G quot after using the quot remove selected quot option from Microsoft Security Essentials several minutes later the viruses where detected once again I used the quot remove selected quot option again Now Microsoft Security Essentials hasn t alerted me of anything within a substantial amount of time but I m still weary of the virus hanging around somewhere on my computer It should be noted that at the same time my MSE MicrosoftSE caught the virus I was doing a Malware bytes antimalware scan and pws:win32/fareit "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" removed? did a quot removal quot of what it found Maybe the two scanners clashed and didn t effectively remove something I had to change my settings in Firefox so I could access the internet a proxy was changed Every time i restart it seems a new virus is found specifically quot win something quot Can you please take a look at my log and let me know whats going on Thanks again for your help you guys are great Heres the HJ log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files Alienware Command Center AlienFusionController exe C Program Files x AlienRespawn Components Scheduler STService exe C Program Files x Windows Live Messenger msnmsgr exe C Program Files x DAEMON Tools Lite DTLite exe C Program Files MagicTune Premium GammaTray exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files Alienware Command Center AlienSense FATrayMon exe C Program Files x Common Files Java Java Update jusched exe C Program Files x VMware VMware Player hqtray exe c Program Files WIDCOMM Bluetooth Software BluetoothHeadsetProxy exe C Program Files Alienware Command Center AlienSense FATrayAlert exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows SysWOW Macromed Flash FlashUtil k ActiveX exe C Windows SysWOW DllHost exe C Program Files x uTorrent uTorrent exe C Program Files x VideoLAN VLC vlc exe C Users Caleb AppData Local Google Chrome Application chrome exe C Users Caleb AppData Local Google Chrome Application chrome exe C Users Caleb AppData Local Google Chrome Application chrome exe C Windows SysWOW rundll exe C Users Caleb AppData Local Google Chrome Application chrome exe C Users Caleb AppData Local Google Chrome Application chrome exe C Users Caleb Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www alienware com R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www alienware com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ... Read more

A:pws:win32/fareit "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" removed?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===The HijackThis tool is not ready for the 64 bit operating system. In your case I need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.===After the scan please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:[list]Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this linkPost back with the Malwarebytes Anti-Malware log once it's complete.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.Post the logs and let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/428601/pwswin32fareit-backdoorwin32cycbotb-backdoorwin32cycbotg-removed/
Relevancy 30.1%

So First off I am sure most of you who are looking at this will think it is an easy fix and trust me I wish it was I have spent the entire update Software Software mode Issue boot, After (Aero, currupt) Safe day before this post searching for common fixes to issues with no luck First off here is the scenario I went go get on my PC that has been running flawless since December and the first thing I notice Software Issue After update (Aero, Safe mode boot, Software currupt) is it came back from sleep or idle whatever you want to call it This seems to happen now and then and I believe it happens because windows installed an update over the night Wednesday Normally this is no big deal I go about my way and all is fine So I noticed that some open files I was working on in excel have duplicates one set is read only one is not I closed all that down and we were all set The other big thing is the Aero feature was dead So I went online and hit ALL the usual fixes running the diagnostic downloading the specific MS diagnostic tool resetting the service multiple times restarts even some registry updates I found NOTHING worked The interesting thing is the only part of aero that is not working is the glass feature and the peek feature All the mouse icons and other attributes seem to be working I have an Nvidia GTX card so I updated to the most current form of the drivers nothing I delete the drivers and install the original CD drivers nothing I then delete the driver and try to use driver sweep to remove them This is when I notice that I can not boot into safe mode It just restarts when it gets to a login screen The other thing I noticed is my two installations of Autocad and Inventor are DOA they fail to launch and brings up the error report window So begrudgingly I reinstall and get the same error All other software works flawlessly So I am at my wits end I wanted to try a system restore to before the changes but the default system restore size only allowed and that was the original update at night I made a change and that one was gone I only have an OEM win disk so it appears I can not do a repair and all I can do is do a full reformat I am trying to avoid this route if at all possible so this is my last ditch effort to find an answer I have searched these forums and nothing works as of yet Thanks for any help P S I have also been getting an error when uninstalling software I have run a memory test I have scanned with AVG free amp Malwarebytes Custom Built PC Win pro ver build Service pack GIGABYTE GA-X -USB LGA Intel X USB ATX Intel Motherboard Intel Core i - Bloomfield GHz LGA W Quad-Core G SKILL Ripjaws Series GB x GB -Pin DDR SDRAM DDR PC EVGA -P - -TR GeForce GTX Fermi Superclocked MB -bit GDDR PCI Express x HDCP Ready PC Power and Cooling Silencer Mk II W High Performance PLUS Mushkin Enhanced Callisto Deluxe MKNSSDCL GB-DX quot GB SATA II SSD x Seagate Barracuda ST AS TB RPM MB Cache SATA Gb s x Seagate Barracuda XT ST AS TB RPM MB Cache SATA Gb s

A:Software Issue After update (Aero, Safe mode boot, Software currupt)

Hi,

You mentioned OEM. Do you mean an OEM installation.....on a custom built machine? Which OEM?

Regards,
Golden

http://www.sevenforums.com/general-discussion/280388-software-issue-after-update-aero-safe-mode-boot-software-currupt.html
Relevancy 30.1%

yes i am searching for a good software that can pack all of my software collections into one single installation.exe pack which i can install for later usage will some pliz give me a recomendation of such software to pack all the my files into one installation pack ?
 

A:finding a good software to make a collection of stuffs software into a installation

https://forums.techguy.org/threads/finding-a-good-software-to-make-a-collection-of-stuffs-software-into-a-installation.540172/
Relevancy 29.67%

can you suggest a software for video editing? i'm lookig for a simple software that will help me to:

-"pixalize" some areas of the videos of my digital camera.
- cutting parts of videos.
- simple saving of the videos with similar video quality.

thanks.
 

A:can you suggest a software for video editing? i'm lookig for a simple software that w

There is really no proper freeware available which is as easy to use as Audacity.

If you are looking for a freeware and up for some reading and experimentation then go for VirtualDub. Literally it can do almost anyhting that a paid one can do, but it is really for some techie mind.

Otherwise, you can go for Pinnacle's or Ulead's any home solution products. Those will be cheaper and produces good result and very user friendly. I suggest that you check out Ulead's Video Studio.

Hope this helps you.
 

https://forums.techguy.org/threads/can-you-suggest-a-software-for-video-editing-im-lookig-for-a-simple-software-that-w.627875/
Relevancy 29.67%

I suspect that my PC got infected from Media codex Removal Malacious Spyware With Remove Software - Infection Software Cannot downloads I've used Ewido Spy-bot Ad-aware and others to remove these Here is my Hijack log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccProxy exec Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system spoolsv exeC Malacious Software Infection - Cannot Remove With Spyware Removal Software Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files ewido anti-malware ewidoctrl exeC Program Files ewido anti-malware ewidoguard exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Spyware Doctor sdhelp exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeC WINDOWS System alg exeC WINDOWS system Malacious Software Infection - Cannot Remove With Spyware Removal Software dcomcfg exeC WINDOWS system atmclk exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Spyware Doctor swdoctor exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files GhostSurf Platinum Proxy exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC WINDOWS system HPZipm exeC Program Files Internet Explorer iexplore exeC DOCUME COMPAQ LOCALS Temp Temporary Directory for HijackThis zip HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie search msn com sub rfc srchasst srchasst htmR - HKCU Software Microsoft Internet Explorer Main Search Page http www msn com access allinone aspR - HKCU Software Microsoft Internet Explorer Main Start Page http www google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www microsoft com isapi redir dll p er ar msnhomeR - HKLM Software Microsoft Internet Explorer Main Default Search URL http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Start Page http www microsoft com isapi redir dll p er ar msnhomeR - HKCU Software Microsoft Internet Explorer Search CustomizeSearch http ie search msn com sub rfc srchasst srchcust htmR - HKLM Software Microsoft Internet Explorer Search Default Search URL http www microsoft com isapi redir dll prd ie ar iesearchR - HKCU Software Microsoft Internet Explorer SearchURL Default http www microsoft com isapi redir dll prd ie ar iesearchR - HKCU Software Microsoft Internet Explorer Main Local Page blank htmR - HKCU Software Microsoft Internet Connection Wizard ShellNext iexploreR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride lt local gt O - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - BHO NAV Helper - A F D D-E - D -B A - BB FDD - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - BHO Nothing - b eca- bcd- - - e dc d - C WINDOWS system hp C tmp file missing O - Toolbar Norton Internet Security - B EAC - ... Read more

A:Malacious Software Infection - Cannot Remove With Spyware Removal Software

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory. Download and run the HijackThis autoinstall program Please choose the default location of C:\Program Files as the destination.Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.

http://www.bleepingcomputer.com/forums/t/51176/malacious-software-infection-cannot-remove-with-spyware-removal-software/
Relevancy 29.67%

I want to know what is the best and easy to use Parental Control Software to filter and monitor the internet usage of children?

If there is a free version, that would be great!
 

A:Solved: Parental Control Software | Internet Monitoring Software

Hi smartcard
Here's an earlier thread on the same topic with some free progs and others' views:

http://forums.techguy.org/all-other-software/548671-safe-surfing-children.html

I hope this is of help?
Richard
 

https://forums.techguy.org/threads/solved-parental-control-software-internet-monitoring-software.580051/
Relevancy 29.67%

I have windows xp pro on my laptop and cannot update avg or run MalwareBites and I get the error measage "software restriction policy " is prohibiting the software from running.  I've already gone to gpedit.msc and checked and it is set to unrestricted.  Please help

A:error measage "software restriction policy " is prohibiting the software

Hi SpideyLets start here.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message..

http://www.bleepingcomputer.com/forums/t/559794/error-measage-software-restriction-policy-is-prohibiting-the-software/
Relevancy 29.67%

I haven't changed the Office software on this machine since well....ever. It's MS Office 2003 Pro. Ran the updates tonight and rebooted as required and when I opened Outlook, I get the message saying that my Office software is NOT the GENUINE thing.
I checked my update history on the MS UPDATE site and it installed a genuine validation tool....yet again. I've never gotten this message before and am wondering why...is this a false positive or did I pick up some kind of virus?

BTW, suddenly, my spysweeper software won't update the definitions saying that the keycode in inactive, but my subscription expires in July 2010.

These to occurrences are why I would even suspect a possib;e virus of some sort. My NOD32 hasn't picked up anything and a spysweeper scan came up clean.

Does anyone have any thoughts on this?
 

https://forums.techguy.org/threads/suddenly-my-ms-office-software-doesnt-pass-the-genuine-ms-software.879651/
Relevancy 29.67%

WHAT is 'software distribution service 3.0' ? my system re-started itself at 3 am 08/10/11 ? i was running some new software and thought something went wrong. thanks WINDOWS/XP, HOW OFTEN DOES THIS HAPPEN ? DOES THIS ALWAYS HAPPEN IN THE MIDDLE OF THE NIGHT ? THANKS
 

A:SOFTWARE DISTRIBUTION SERVICE 3.0 ? : MY SYSTEM SHUT-DOWN ?WHAT is 'software distrib

See this post.

http://forums.techguy.org/windows-xp/652067-handling-software-distribution-service-3-a.html

T.
 

https://forums.techguy.org/threads/software-distribution-service-3-0-my-system-shut-down-what-is-software-distrib.1011802/
Relevancy 29.67%

Hello i got a keylogger recently and really need help asap I m a newbie on these things so i have tried my best i have scanned with norton but nothing came up but then i downloaded AVG and a few things came up http img imageshack us my php image mesadpandakc jpg I deleted the rest but the thing i think is the keylogger Trojan Wow is in Quarantine and its supposed not to make any harm there http img imageshack us my php Keylogger help. image mesadpanda bv jpg So how am im sure im safe Because i cant Keylogger help. risk losing my passwords to several games and accounts And whould rather not have to start windows over as i have many important files Here is the Hijackthis log Logfile of Trend Keylogger help. Micro HijackThis v BETA Scan saved at on - - Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe Keylogger help. C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Norman Npm bin ELOGSVC EXE C Norman Npm Bin Zanda exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C WINDOWS system nvsvc exe C WINDOWS Explorer EXE C Norman Npm bin NJEEVES EXE C WINDOWS System alg exe C WINDOWS system rundll exe C Program Java jre bin jusched exe C Program VIA RAID raid tool exe C WINDOWS RTHDCPL EXE C WINDOWS sm hlpr exe C Program Synaptics SynTP SynTPEnh exe C Norman Npm bin ZLH EXE C Program Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program iTunes iTunesHelper exe C Program QuickTime qttask exe C WINDOWS system ctfmon exe C Program MSN Messenger msnmsgr exe C Program DAEMON Tools daemon exe C Program AIM aim exe C WINDOWS system svchost exe C Program AIM aolsoftware exe C Program iPod bin iPodService exe C WINDOWS system wbem wmiprvse exe C WINDOWS system wbem unsecapp exe C Program Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program MSN Messenger usnsvc exe C Program Grisoft AVG Anti-Spyware guard exe C Program Grisoft AVG Anti-Spyware avgas exe C Program Mozilla Firefox firefox exe C Documents and Settings Patrik Skrivbord ATF-Cleaner exe C Norman Nvc BIN NIP EXE C Norman Nvc bin nvcoas exe C Norman Nvc BIN NVCSCHED EXE C Norman Nvc bin cclaw exe C Program Internet Explorer IEXPLORE EXE C Program Delade filer Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings Patrik Skrivbord P promo exe C Documents and Settings Patrik Skrivbord HiJackThis v exe C WINDOWS system wbem wmiprvse exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Delade filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Delade filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Windows Live Toolbar msntb dll O - Toolbar amp Google - C B - - d - B - A CD F - c program google googletoolbar dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Windows Live Toolbar msntb dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl Bluet... Read more

Relevancy 29.67%

I just had one of my online game accounts hacked and am thinking i might have a keylogger I Keylogger? just ran a virus scan last night and didnt find anything It is McAfee security and is updated I ran a HJT and here is the log Really appreciate any help so that I can go back to playing games on my gaming rig Here is the HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files SiteAdvisor SiteAdv exe C WINDOWS system RUNDLL EXE C WINDOWS system CTHELPER EXE C Program Files Google Gmail Notifier gnotify exe C Program Files Java jre bin jusched exe C WINDOWS system rundll exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C Program Files SiteAdvisor SAService exe c PROGRA mcafee com agent mcagent exe C WINDOWS System alg exe C WINDOWS system ntvdm exe c PROGRA mcafee VIRUSS mcvsshld exe C Program Files World of Warcraft WoW exe C Program Files Anti-keylogger Anti-keylogger exe c program files mcafee msc mcshell exe C PROGRA Mozilla Firefox firefox exe C Documents and Settings CPZ My Documents Downloads HijackThis exe O - BHO no name - FD D- B- FC- - Keylogger? AE - C Program Files SiteAdvisor SiteAdv dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - Keylogger? DB D A - - E -B D- F C - c program files mcafee virusscan scriptcl dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - Keylogger? C Program Files SiteAdvisor SiteAdv dll O - HKLM Run SiteAdvisor C Program Files SiteAdvisor SiteAdv exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe r O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run e - f c- e -a ec-b a b c C Program Files Google Gmail Notifier gnotify exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SpyHunter C Program Files Enigma Software Group SpyHunter SpyHunter exe O - HKLM Run Anti-keylogger C Program Files Anti-keylogger Anti-keylogger exe autorun O - HKCU Run DAEMON Tools quot C Program Files DAEMON Tools daemon exe quot -lang O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF BF - BF- D -BE - DF F SimCityX Control - http simcity ea com play classic SimCityX cab O - DPF D C -DB B- - B - EE A C F SproutLauncherCtrl Class - http www gamehouse com games SproutLauncher cab O - Protocol siteadvisor - A DC - - EAA- EE -AF BCF - C Program Files SiteAdvisor SiteAdv dll O - Winlogon Notify WgaLogon - C WINDOWS SYSTEM WgaLogon dll O - SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - C WINDOWS system WPDShServiceObj dll O - Service McAfee E-mail Proxy Emproxy - McAfee Inc - C PROGRA COMMON McAfee EmProxy emproxy exe O - Service McAfee HackerWatch Serv... Read more

Relevancy 29.67%

Hey I got some keylogger some days ago and I tryed different online scanner and antivirusses and Im not sure if I got rid of it These are reports made with Malwarebytes' Anti-Malware and HijackThis If somebody is kind enough to help me please Logfile of Keylogger Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows system Keylogger taskhost exe C Windows MHotKey exe C Windows ChiFuncExt exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX SoundMAX exe C Program Files ESET ESET NOD Antivirus Keylogger egui exe C Program Keylogger Files Java jre bin jusched exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C PROGRA Yahoo MESSEN YAHOOM EXE C Program Files Garena Garena exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C PROGRA Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run SoundMAX C Program Files Analog Devices SoundMAX soundmax exe tray O - HKLM Run F-Secure Manager quot C Program Files F-Secure Common FSM EXE quot splash O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run Messenger Yahoo quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'LOCAL SERVICE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'NETWORK SERVICE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'NETWORK SERVICE' O - Extra context menu item amp Block this popup - C Program Files F-Secure Anti-Spyware blockpopups htm O - Extra button no name - d f - f - d - - c a - C Windows bdoscandel exe O - Extra 'Tools' menuitem Uninstall BitDefender Online Scanner - d f - f - d - - c a - C Windows bdoscandel exe O - Gopher Prefix O - DPF D ED D- C - B- AE- D FDC FB ActiveScan Installer Class - http acs pandasoftware com betaact as stubie cab O - DPF D DDB -BDF - B- E E-D F EE BDSCANONLINE Control - http download bitdefender com reso an oscan cab O - DPF D CDB E-AE D- CF- B - Shockwave Flash Object - http fpdownload macromedia com ge nt swflash cab O - HKLM System CCS Services Tcpip A- - AC- - A E B... Read more

A:Keylogger

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/keylogger-402683.html
Relevancy 29.67%

I am not sure if I am in the correct forum. If not, could you please advise me where to post this.

Is there anywhere on the forums that recommends keylogger software that protects you and stops a keylogger before any damage is done.

My second question is that I had my password stolen on a web based email client and it was used to send spam. The email client vendors suggested it was probably a keylogger and changed my password. Is it possible I STILL have a keylogger on my computer (How would I know) and should I contact my online bank and also stop using any payment processors to buy online.

Thank you
Joe

A:Keylogger

Hello and welcome to TSF


Quote:




Is there anywhere on the forums that recommends keylogger software that protects you and stops a keylogger before any damage is done.




I would recommend SnoopFree.SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. I suggest you only install Snoopfree once you are sure you are clean and no infection is present.


Quote:




My second question is that I had my password stolen on a web based email client and it was used to send spam. The email client vendors suggested it was probably a keylogger and changed my password. Is it possible I STILL have a keylogger on my computer (How would I know) and should I contact my online bank and also stop using any payment processors to buy online.




If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


If you believe that the infection is still present, please follow instructions below.

==========

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/keylogger-390042.html
Relevancy 29.67%

I tried scanning our computer with a program called KL-detector. It reported a long list of possible keyloggers.
 
Is this a good program to use for this?

A:keylogger?

Hi there,I tested KL-Detector on my own system. Looks like it only monitors for file operations done during the time that you set it to monitor the system.The list of files that it created during the monitoring period can be hard to tell if there is a keylogger on the system, especially if you do something that involves a lot of file operations (i.e. surfing). I don't recommend surfing during this test since it asked you to shut down your AV.So your PC may or may not be infected. If you still suspected an infection then it's best to request elevated help since a keylogger is a serious thing.Regards,Alex

http://www.bleepingcomputer.com/forums/t/585605/keylogger/
Relevancy 29.67%

Why is the hijackthis forum inactive Well I think I got a key logger I am running ESET NOD if it a I keylogger I got think finds anything Here is my hijackthis log if it helps Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files ESET ESET NOD Antivirus egui exe C Program Files Microsoft Office Office GrooveMonitor exe C Windows vVX exe C Program Files Analog Devices Core smax pnp exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Program Files Windows Media Player wmpnscfg exe C Windows system wbem unsecapp exe C Program Files Mozilla Firefox firefox exe C PROGRA Java jre bin jp launcher exe C Program Files Java jre bin java exe C Windows system SearchFilterHost exe C Program Files Trend Micro I think I got a keylogger HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R I think I got a keylogger - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet I think I got a keylogger Settings ProxyOverride local R - URLSearchHook Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - Hosts localhost O - BHO Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVGTOOLBAR - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL file missing O - BHO Ask com Toolbar BHO - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFree dll O - Toolbar AVGTOOLBAR - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL file missing O - Toolbar Veoh Web Player Video Finder - FBB -D D - f a-A E - B BFC - C Program Files Veoh Networks VeohWebPlayer VeohIEToolbar dll O - Toolbar Ask com Toolbar - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll file missing O - Toolbar no name - d a - d - d - - e a - no file O - HKLM Run QuickTime Task quot C Program Files VistaCodecPack QT QTSystem QTTask exe quot -atboottime O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run VX C Windows vVX exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup O - HKLM Run iTunesHelper quot C Pr... Read more

A:I think I got a keylogger

I read the new istruction thing and when I scan gmer I get BSOD.

http://www.techsupportforum.com/forums/f50/i-think-i-got-a-keylogger-401882.html
Relevancy 29.67%

Hello I am WoW player and there was some update recently I had low download speeds from original WoW Yet keylogger another server so I found a mirror of update patch Yet another WoW keylogger on some wow-wikipedia Unluck wanted that I think it was infected with some kind of virus or trojan I think it was in it because I don't download any other wow-related things onto my PC and I got hacked The thing is I want to get rid of it of the keylogger I already scanned whole PC with spybot search and destroy malwarebytes anti-malware kaspersky internet security ad-aware spyeraser processcaner and it didn't find anything So I will be glad if someone could take care of my logs and try to help me Here's the log from DDS DDS Ver - - - NTFSx Run by Igor at Yet another WoW keylogger on - - Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT SP Lavasoft Ad-Watch Live enabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows system taskeng exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Java jre bin jusched exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Windows system lxbucoms exe C Program Files Nero Nero Nero BackItUp NBService exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C Windows system svchost exe -k imgsvc C Program Files TeamViewer Version TeamViewer Service exe C Windows System svchost exe -k WerSvcGroup C Program Files Realtek Audio HDA RtHDVCpl exe C Windows system SearchIndexer exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Skype Phone Skype exe C Windows system WUDFHost exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Windows ehome ehmsas exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Media Player wmpnscfg exe C Program Files Logitech SetPoint SetPoint exe C Windows system wbem unsecapp exe C Windows System mobsync exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnetwk exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Common Files Nero Lib NMIndexingService exe C Program Files Skype Plugin Manager skypePM exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware AAWTray exe C Windows system wuauclt exe C Program Files Ventrilo Ventrilo exe N Konnekt konnekt exe C Program Files Java jre bin javaw exe C Windows system SearchProtocolHost exe C Windows system taskeng exe C Program Files Mozilla Firefox firefox exe C Windows system SearchFilterHost exe C Users Igor Desktop dds pif C Windows system conime exe C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyServer socks uInternet Settings ProxyOverride plimus com www plimus com regnow com www regnow com BHO SnagIt Toolbar Loader c d-c - c - -fce ad c - c program files techsmith snagit SnagitBHO dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky internet security ievkbd dll BHO... Read more

Relevancy 29.67%

I used Ad-Aware SE and found Win Trojan Downloader and Or Keylogger? More? deleted could there be more I found that when i pressed some special key like Volum Up Volum Down on my keyboard then my keyboard turn out unresponing Still my computer is working normally After deleting Keylogger? Or More? Win trojan downloader it remain UNCHANGEDI just simply scanned in normal mode Check this out I used AVG Free and Window Defender at first and they says they found NOTHING -----------------------------------------------------------------------------Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Keylogger? Or More? WINDOWS system RUNDLL EXEC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files AGEIA Technologies TrayIcon Keylogger? Or More? exeC Program Files Intel Audio Studio IntelAudioStudio exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Java jre bin jusched exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Defender MSASCui exeC Program Files Internet Explorer iexplore exeC WINDOWS system ctfmon exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Valve Steam Steam exeC PROGRA Grisoft AVGFRE avgamsvr exeC Program Files HP Digital Imaging bin hpqtra exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system cisvc exeC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system nvsvc exeC WINDOWS System snmp exeC WINDOWS system svchost exeC Program Files HP hpcoretech comp hptskmgr exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system wscntfy exeC WINDOWS system cidaemon exeC WINDOWS system cidaemon exeC Program Files FlashGet flashget exeC Program Files Internet Explorer iexplore exeC Documents and Settings Anthony HijackThis exeO - Hosts update nf com cnO - Hosts game nf com cnO - Hosts game nf com cnO - Hosts shgame nf com cnO - Hosts game nf com cnO - Hosts game nf com cnO - Hosts shgame nf com cnO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO IeCatch Class - F -AA - B - F D- A B E EF - C PROGRA FlashGet jccatch dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - Toolbar FlashGet Bar - E E AB-F - D - D - BA E - C PROGRA FlashGet fgiebar dllO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run C-Media Speaker Configuration C PROGRA C-Media WIN ME Setup exe SPEAKERO - HKLM Run AGEIA PhysX SysTray C Program Files AGEIA Technologies TrayIcon exeO - HKLM Run SigmatelSysTrayApp sttray exeO - HKLM Run IntelAudioStudio quot C Program Files Intel Audio Studio IntelAudioStudio exe quot TRAYO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run SunJ... Read more

A:Keylogger? Or More?

PLZZZZZZZZZZZZZzzz I REALLY NEEED HEEEEEEEEEEELPPPPPPPPPP!!!!!!!!

http://www.bleepingcomputer.com/forums/t/58614/keylogger-or-more/
Relevancy 29.67%

Please can anybody look at this log and confirm if I am safe or not Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes H WINDOWS System smss exeH WINDOWS SYSTEM winlogon exeH WINDOWS system services exeH WINDOWS system lsass exeH WINDOWS system svchost exeH WINDOWS System svchost exeH WINDOWS system spoolsv exeH PROGRA Grisoft AVGFRE avgamsvr exeH PROGRA Grisoft AVGFRE avgupsvc exeH Program Files Cisco Systems VPN Client cvpnd exeH Program Files Common Files Microsoft Shared VS DEBUG MDM EXEH Program Files File System Information Keylogger? SystemFolder PVService exeH WINDOWS System svchost exeH WINDOWS Explorer EXEH Program Files Webroot Spy Sweeper SpySweeper exeH WINDOWS System spool drivers w x hpztsb exeH Program Files ScreenPrint v ScreenPrint exeH WINDOWS System hphmon exeH Program Files Java jre bin jusched exeH Program Files Ulead Systems Ulead Photo Explorer SE Basic Monitor exeH PROGRA Grisoft AVGFRE avgcc exeH Program Files Common Files Real Update OB realsched exeH Program Files SPYWAREfighter spfprc exeH WINDOWS Keylogger? System ctfmon exeH Program Files IEEE g Wireless LAN Utility wlanIG exeH WINDOWS twain CSUSB WATCH exeH Program Files WinZip Keylogger? WZQKPICK EXEE Program Files Ghosts wash exeH WINDOWS System HPHipm exeH WINDOWS System wuauclt exeH Program Files Mozilla Firefox firefox exeH PROGRA Grisoft AVGFRE avgwb datH WINDOWS system rundll exeH Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy pandora be R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride lt local gt R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName KoppelingenF - REG system ini UserInit H WINDOWS regedit s H pav reg H WINDOWS System pavdr exe H WINDOWS System userinit exe O - BHO no name - - F - D - - D F - H PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - H Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - H Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Private view Helper - E FE -C - F - D - BDE C AC - H Program Files File System Information SystemFolder PVPlugin dllO - Toolbar amp Radio - E - F- D - E- A C - H WINDOWS System msdxm ocxO - HKLM Run HPDJ Taskbar Utility H WINDOWS System spool drivers w x hpztsb exeO - HKLM Run ScreenPrint quot H Program Files ScreenPrint v ScreenPrint exe quot -startupO - HKLM Run HPHmon H WINDOWS System hphmon exeO - HKLM Run SunJavaUpdateSched quot H Program Files Java jre bin jusched exe quot O - HKLM Run Ulead AutoDetector quot H Program Files Ulead Systems Ulead Photo Explorer SE Basic Monitor exe quot O - HKLM Run SpySweeper quot H Program Files Webroot Spy Sweeper SpySweeperUI exe quot startintrayO - HKLM Run AVG CC quot H PROGRA Grisoft AVGFRE avgcc exe quot STARTUPO - HKLM Run TkBellExe quot H Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run spywarefighterguard quot H Program Files SPYWAREfighter spfprc exe quot O - HKCU Run CTFMON EXE H WINDOWS System ctfmon exeO - Startup Ghosts Wash lnk E Program Files Ghosts wash exeO - Global Startup Cisco Systems VPN Client lnk H Program Files Cisco Systems VPN Client vpngui exeO - Global Startup IEEE g Wireless LAN Utility lnk O - Global Startup Watch lnk H WINDOWS twain CSUSB WATCH exeO - Global Startup WinZip Quick Pick lnk H Program Files WinZip WZQKPICK EXEO - Extra context menu item amp Dictionary - http www ezreference com ie-com-p htmO - Extra context menu item amp eBay Search - res H Program Files eBay eBay Toolbar eBayTb dll RCSearch htmlO - Extra context menu item amp Encyclopedia - http www ezreference com ie-com-e-p htmO - Extra context menu item amp Google Search - res H Program Files Google GoogleToolbar dll cmsearch htmlO - Extra context menu item Download amp Flash Movies - H Program Files Flash X Flash ... Read more

A:Keylogger?

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

http://www.bleepingcomputer.com/forums/t/65246/keylogger/
Relevancy 29.67%

Okay, The topic is I have a Keylogger and need alot of help.

I play World of Warcraft and don't feel like getting the authenticator so, I need someone to show me a FREE program which can destroy keyloggers. I need it to be FREE cause I am basically poor. So, Please if anyone can help me and wants to please do!

A:Keylogger Help!

DDS (Ver_09-09-24.01) - NTFSx86
Run by Home at 7:45:07.51 on Fri 09/25/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1012.249 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Home\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\nick\appdata\local\micros~1\windows\tempor~1\content.ie5\a0jb7y3w\adserv~2.sh! c:\users\nick\appdata\local\micros~1\windows\tempor~1\content.ie5\by27g8a1\aim_ua~1.sh! c:\u... Read more

http://www.techsupportforum.com/forums/f50/keylogger-help-417014.html
Relevancy 29.67%

I think it was a keylogger i've been scanning my computer repeatedly and it's coming up clean But i want to verify that it's gone Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services Keylogger Wow exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS Wow Keylogger ehome ehtray exeC Program Files Java jre bin jusched exeC Program Files Intel Intel Matrix Storage Manager iaanotif exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exeC WINDOWS system Rundll exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Adobe Acrobat Distillr Acrotray exeC WINDOWS System spool DRIVERS W X E S I J EXEC Program Files Logitech iTouch iTouch exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC Program Files Logitech MouseWare system em exec exeC WINDOWS system RUNDLL EXEC WINDOWS system rundll exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC PROGRA Greatis REGRUN WatchDog exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system CTsvcCDA EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files ewido anti-spyware guard exeC Program Files Intel Intel Matrix Storage Manager iaantmon exeC WINDOWS system nvsvc exeC Program Files QUICKENW QWDLLS EXEC WINDOWS system svchost exeC WINDOWS system MsPMSPSv exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Documents and Settings Carrie Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DER - HKCU Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exeO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run CTSysVol C Program Files Creative Sound Blaster Live -bit Surround Mixer CTS... Read more

A:Wow Keylogger

Hi bleed Welcome to BC. Before we do anything, you'll need to place HijackThis.exe in a folder of its own for it to function properly. Right click on an empty space on your desktop. Go to New>Folder to create a new folder. Name it HijackThis. Drag and drop HijackThis.exe into the new folder.============================================Looks like you're running two antivirus programs, i.e. AVG and Kaspersky. That's not a good idea. They will conflict with each other leaving your computer more vulnerable rather than making it more secure. Please decide on one of them and uninstall the other.============================================Logitech Desktop Messenger uses "BackWeb" proactive technology to retrieve information about your Logitech devices by downloading content in the background during network idle time. Eventhough they claim not to upload any other information to their servers or any other internet servers, it's still spying in my book. So, if you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panelGo to Start>Control Panel>Add/Remove Programs and remove the following programs:C:\Program Files\MyWaySAC:\Program Files\Logitech\Desktop Messenger============================================Now we can start with the fix. Pleas disable Windows Defender and Ewido guard so that they will not interfere with the fix. You can re-enable them once the system is clean.To disable Windows Defender: Open Windows Defender Click Tools Click General Settings Scroll down to Real Time Protection Options Uncheck Turn on Real Time Protection (recommended)After you uncheck this, click on the Save button Close Windows DefenderTo disable Ewido:From the system tray:Right-click the system tray icon and uncheck real time protection.

or
From within Ewido -Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.============================================Make sure that you can see hidden files " Click Start " Open My Computer " Select the Tools menu and click Folder Options " Select the View Tab " Under the Hidden files and folders heading select Show hidden files and folders " Uncheck the Hide protected operating system files (recommended) option " Click Yes to confirm " Click OK** These files are hidden to stop you accidentally removing something important. It is advisable to hide them again after fixing your computer. **============================================Scan with HijackThis and put a checkmark against the following entries:R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dllO2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dllO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ControlDiskTsk] winzrs32.exeClose all browsers/windows/applications/email, etc., except HijackThis and click on fix checked.. Exit HijackThis.============================================Restart your computer in Safe Mode.If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode.Look in here for more information.============================================In Safe Mode, using Windows' Search function, search for and delete the following file ... Read more

http://www.bleepingcomputer.com/forums/t/66041/wow-keylogger/
Relevancy 29.67%

Hello I have been hacked on wow and I want to know whats the problem with my computer I have keylogger Possible an Authenticator to the account and still the hacker can log in and steal things I have changed account information from different computers and still it doesn t work Please I need help Heres my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files DigitalPersona Bin DpAgent exe C Windows Possible keylogger system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Possible keylogger Program Files Possible keylogger HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Adobe Reader Reader reader sl exe C Program Files Hewlett-Packard HP Health Check HPHC Scheduler exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files AVG AVG avgtray exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Windows system wbem unsecapp exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system taskeng exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Secunia PSI psi exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www wowhead com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY lion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO L nkhj lp till Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Googl... Read more

A:Possible keylogger

Welcome to TSF Danielsen,


Right now the only malicious software showing is that adware/spyware DAEMON Tools Toolbar, so you do want to uninstall that through Add/Remove Programs.

I have had a few requests lately with issues on WoW accounts being hacked, but have been finding that in many cases the problems lie with the site, and not system infection. But let's check a bit further here. Please follow the steps here and post/attach those requested logs.

http://www.techsupportforum.com/forums/f50/possible-keylogger-420460.html
Relevancy 29.67%

hi 2 keylogger again this is post as for the first one did not have what you needed to help me now i play world of warcraft and my acount was hacked i dont no how i think keylogger 2 i have a key logger they are fixing the acount now but i dont want to relog in and have the same thing happin again so i maid a post here and i was ask to make some scans with dds keylogger 2 and gmer the dds worked fine and i am attaching them now but the gmer when i go keylogger 2 to use that one a box shows up and says c window system config system the system cannot find the file specified at this time i click OK and gmer shows up now i see on the instuction about what to unstick in gmer but the only ones that have check marks in them is services registry files c ADS now if i go to put check marks in the other one like libraries threads processes and so on nothing happens so any way then i hit the scan botton and the first thing that comes up is C winsows system config system the process cannot access the file because it is being used by another process now i hit OK and the scan starts and then when it is done it say gmer hasn't found any system modifications and the page is blank if i hit the save botton it saves it to my desktop but it is blank so here is what i have so far and thank you for your help as i said i did not get what i needed out of the gmer so i ran the catchme exe and this is what it gave me hope it helps ty again

A:keylogger 2

is there a reason no one is giving me a reply

http://www.techsupportforum.com/forums/f50/keylogger-2-a-434107.html
Relevancy 29.67%

Got a note from EBAY that some had access to my account..they said a KEYLOGGER was possibly being used. Any suggestions on a program to stop this or way to do it? I have several malware programs running and anti virus too?
 

A:keylogger

Did the note suggest anything?

Are you sure it was from Ebay?
 

https://forums.techguy.org/threads/keylogger.586735/
Relevancy 29.67%

I play an MMO Keylogger? and recently have had problems with account security I used to use hijackthis years ago when I used to have virus problems but haven't had anything in so long I've become unfamiliar with Keylogger? the program Here is my log if anyone can Keylogger? let Keylogger? me know if they see anything malicious particularly key loggers I'd greatly appreciate it Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system IRW exe C Program Files Boot Camp KbdMgr exe C WINDOWS RTHDCPL EXE C WINDOWS system RUNDLL EXE C Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exe C WINDOWS system ctfmon exe C Program Files DAEMON Tools Lite daemon exe C Program Files Adobe Adobe Version Cue CS bin VersionCueCS exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system AppleOSSMgr exe C WINDOWS system AppleTimeSrv exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Western Digital WD Drive Manager WDBtnMgrSvc exe C Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exe C WINDOWS system wuauclt exe E aawservice exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgtray exe C Program Files AVG AVG avgui exe C Program Files Internet Explorer iexplore exe C PROGRA AVG AVG aAvgApi exe C Program Files Internet Explorer iexplore exe C Program Files Spybot - Search amp Destroy SpybotSD exe C Program Files AVG AVG avgscanx exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www uk msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run IRW C WINDOWS system IRW exe O - HKLM Run Apple KbdMgr C Program Files Boot Camp KbdMgr exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Adobe Version Cue CS C Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exe O - HKLM Run nwiz nwiz exe install O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorun O - HKUS S- - - RunOnce ShowDeskFix regsvr s n i u shell User 'LOCAL SERVICE' O - HKUS S- - - RunOnce ShowDeskFix regsvr s n i u shell User 'NETWORK SERVICE' O - HKUS S- - - RunOnce ShowDeskFix re... Read more

A:Keylogger?

The keylogger just stole my email address. I can't password recovery because I can't remember the secret question answer because it has a 5 letter requirement. I'm really screwed right now. I'll follow all instructions.

Thanks

http://www.techsupportforum.com/forums/f50/keylogger-315142.html
Relevancy 29.67%

Hey guys i think i may have a keylogger tailored to email password keylogger Possible stealing i recently booted up my computer after a month hibernation of not using it this was about hours ago i go gmail today and get a suscpicious login from some city in russia from google today now yesterday after turning my computer on fiddling around with it i did send off an email Possible keylogger to a couple people so Possible keylogger if a key logger is installed on here at some point it detected me logging into google which i did have to put the password in and tried logging in with it today from russia so how can i get rid of this many thanks edit is there a program that will check my drives and show me any changes to the data lets say for example i have upwards of tb of data in various forms and would like to routinely check it compare hashes or whatever and display any dertimental changes to the data to make it more obvious if it's been corrupted deleted moved etc etc if this doesnt exist Possible keylogger that'd be cool if it did

A:Possible keylogger

Your email has probably been hacked. Changing your password should fix it.

http://www.bleepingcomputer.com/forums/t/553233/possible-keylogger/
Relevancy 29.67%

I am very positive that keylogger my computer has a keylogger a few of my online accounts were hacked and I would like you to help me remove them from my pc thank you DDS Version - NTFSx Run by Owner at on Thu Microsoft Windows XP Professional GMT - Running Processes C keylogger WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Digital Media Reader readericon G exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files keylogger Intel Audio Studio IntelAudioStudio keylogger exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files Trend Micro Antivirus pccguide exe C Program Files Trend Micro Antivirus PCClient exe C Program Files Trend Micro Antivirus TMOAgent exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C WINDOWS system WTMKM exe C WINDOWS system RUNDLL EXE C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Messenger msmsgs exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Stardock ObjectDock ObjectDock exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Trend Micro Antivirus Tmntsrv exe C Program Files Trend Micro Antivirus tmproxy exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS system atwtusb exe C Program Files Intel IntelDH Intel R Quick Resume Technology ELService exe C Program Files Webroot Spy Sweeper SSU EXE C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Windows Live Messenger usnsvc exe C WINDOWS system wuauclt exe C WINDOWS system Rundll EXE C Program Files Mozilla Firefox firefox exe C Documents and Settings Owner Desktop dds scr Psuedo HJT Report uStart Page hxxp www google com mStart Page hxxp www gateway com g startpage html Ch Retail amp Br GTW amp Loc ENG US amp Sys DTP amp M GM E uInternet Settings ProxyOverride local mWinlogon UIHost c windows system logonuiX exe BHO E F-C D - D -B D- B D BE B - c program files adobe acrobat activex AcroIEHelper dll BHO BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO D - C - ABF- ECC- C - c program files common files microsoft shared windows live WindowsLiveLogin dll uRun MsnMsgr quot c program files windows live messenger MsnMsgr Exe quot background uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun ehTray c windows ehome ehtray exe mRun readericon quot c program files digital media reader readericon G exe quot mRun IAAnotif quot c program files intel intel matrix storage manager iaanotif exe quot mRun SigmatelSysTrayApp sttray exe mRun IntelAudioStudio quot c program files intel audio studio IntelAudioStudio exe quot TRAY mRun SpySweeper quot c program files webroot spy sweeper SpySweeperUI exe quot startintray mRun pccguide exe quot c program files trend micro antivirus pccguide exe quot mRun PCClient exe quot c program files trend micro antivirus PCClient exe quot mRun TM Outbreak Agent quot c program files trend micro antivirus TMOAgent exe quot run mRun HP Software Update quot c program files hp hp software update HPWuSchd exe quot mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun NvCplDaemon quot RUNDLL EXE quot c windows system NvCpl dll NvStartup mRun nwiz quot nwiz exe quot i... Read more

A:keylogger

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

Although I can't confirm evidence of a keylogger, you are infected with several Trojans. As a precaution and if possible, I would recommend using a known clean PC to change all passwords/log ins.


You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/keylogger-321223.html
Relevancy 29.67%

My husband recently had a keylogger on his PC Keylogger? It Keylogger? was specifically designed or whatever to steal his World of Warcraft account They got my Gmail password I had logged in on his PC and his verizon account password which in turn they deleted my verizon sub-account My husband unistalled and reinstalled windows He couldn t get rid of it any other way at least that is what I had read Yesterday I logged into my husband s verizon account to check on our trouble ticket status to re-instate my sub-account the keylogger person had deleted and noticed they hacker whoever had added their own sub-account I quickly deleted it Keylogger? thinking quot ahh sweet sweet revenge quot Not so much on the sweet sweet revenge This morning I logged in to check on the trouble ticket status and there was a new Keylogger? sub-account that no one in my family had created I called verizon and the tech support people deleted the extra email account He said it was created yesterday My husband did his whole windows reinstallment on Saturday So unless he logged into Verizon before reinstalling which I told him not to do there is still a problem some where The sub account had MY information My name date of birth etc etc Which I m sure they probably got from my gmail or Verizon But they also had my mother s maiden name as the password recovery question I don t ever remember putting this information on my husband s computer I m not sure if gmail has the password recovery question answer visible I ve run numerous anti-spyware and anti-virus checks First with Spybot S amp D then McAfee AVG AS AVG Antivirus and then some CA program that my husband downloaded The only things it came up with were tracking cookies I do not play WOW I don t have the game installed on my computer The only WOW related sites I ve been to have been about keyloggers and things associated with that I basically use my computer for personal use - internet forums research banking etc I ve changed our passwords again so if nothing shows up in the log I m guessing it s my husband s computer again that is if another email account is created Here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system CTsvcCDA exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS Explorer EXE C PROGRA Intel Wireless Bin XConfig exe C Program Files Java jre bin jusched exe C Program Files Apoint Apoint exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell Media Experience PCMService exe C Program Files Dell QuickSet Quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C WINDOWS System svchost exe C Program Files TomTom HOME HOMERunner exe C Program Files Apoint Apntex exe C PROGRA Grisoft AVG avgcc exe C Program Files Creative MediaSource Detector CTDetect exe C Program Files Creative Sync Manager Unicode CTSyncU exe C Program Files Digital Line Detect DLG exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Nikon PictureProject In Touch PictureProjectInTouch exe C Program Files Common Files Microsoft Shared Works Shared WkCalRem exe C Program Files Commo... Read more

Relevancy 29.67%

I'm a World of Warcraft player that found out that his account was quot hacked quot by a key logger After I found out I contacted blizzard and Keylogger they told me to download ATF Cleaner Ad-aware and Spybot Search and Destroy I've Keylogger did a complete Keylogger system scan with each of these programs and with my own Virus Scanner Kapersky as well But I'm not sure if the keylogger has already been removed I suspect the keylogger got on Keylogger my pc let's say about days ago I was installing world of warcraft had a few problems with the installing Last time Kapersky was interfering with it so I disabled the protection That didn't work and I searched for solutions over the net however I didn't activate the protection again Here's my DDS log and I've added the other logs as a zip file as requested Hope you got enough information if not please ask Yours J W de Vries DDS Ver - - - FAT x Run by De Vries at on do - - Internet Explorer Microsoft Windows XP Home Edition GMT AV Kaspersky Anti-Virus On-access scanning disabled Updated FW Kaspersky Anti-Virus disabled Running Processes C WINDOWS system svchost -k DcomLaunch SVCHOST EXE C WINDOWS System svchost exe -k netsvcs SVCHOST EXE SVCHOST EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Common Files Logitech LCD Manager lcdmon exe C Program Files Common Files Logitech G-series Software LGDCore exe C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe C Program Files Minimizor Minimizor exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Common Files Logitech LCD Manager Applets LCDClock exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files Common Files Logitech LCD Manager Applets LCDCountdown exe C Program Files Common Files Logitech LCD Manager Applets LCDMedia exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Common Files Logitech LCD Manager Applets LCDPOP exe C Program Files DAEMON Tools daemon exe C Program Files Skype Phone Skype exe C Program Files DNA btdna exe C Program Files Creative Shared Files CamTray exe C Utopia Angel Angel exe C PROGRA MICROS rapimgr exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Nero Nero BackItUp NBService exe C Program Files Common Files Teleca Shared Generic exe C Program Files Sony Ericsson Mobile Mobile Phone Monitor epmworker exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe -k imgsvc C Program Files iPod bin iPodService exe C Program Files Skype Plugin Manager skypePM exe C Program Files Teamspeak RC TeamSpeak exe C Program Files Logitech SetPoint LU LULnchr exe C Program Files Logitech SetPoint LU LogitechUpdate exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings De Vries Local Settings Temporary Internet Files Content IE UE AV KM dds com Pseudo HJT Report uStart Page hxxp google daemonsearch com intl uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO NoExplorer - No File BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO E D - A- EC-A -BA D E E - No File BHO Windows Live Aanmelden - Help d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files... Read more

Relevancy 29.67%

2 of my accounts used for gaming have been compromised, and I don't give out my password to anybody, the first account that was compromised somebody attempted logging into my Steam account from somewhere in China, I live in Oregon. The second account compromised, I got a new game that required a new account, days later I receive an email notifying me I have been banned. I am yet to actually play the game in which I needed a new account because at the time it was buggy and failed to launch properly. Considering both these accounts have been randomly compromised, I don't know how anybody could've gotten into them without a way of getting my usernames/passwords, which can be done with a keylogger.
 
EDIT: I ran a MSE (Microsoft Security Essentials) scan on quick mode. Nothing found by MSE.

A:I Think I Have a Keylogger but I'm not Sure

Update: I have recently found something odd in my emails as well, more specifically in my sent folder I found an email of which I didn't send, it said "I buy it for me" and had one of those links that are basically ad roulette, if I do have a keylogger, I assume that's where it's from, because before I knew what kind of link it was, I was curious what it linked to. In hindsight that probably wasn't the smartest decision I've ever made. Also the person it's sent to is a person I haven't talked to in a few years. I recognize the first name and the username used in the email, which makes me think I was specifically targeted.
 
Note: Pretty sure the attempted log in from China was before I found the email.
Another note: It for some reason doesn't allow me to edit the original post?

http://www.bleepingcomputer.com/forums/t/553615/i-think-i-have-a-keylogger-but-im-not-sure/
Relevancy 29.67%

Ok so I've had my wow account hacked twice.. I just reset my password today, and then the hacker changed it already..

I scanned my pc with avast and it came up with nothing, but could I still possibly be missing something??? Please help!!

A:Possible keylogger.. HELP!

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/possible-keylogger-help-349391.html
Relevancy 29.67%

So I play WoW and one day the window was just randomly closed I opened it up and tried to login and it says wrong info I was still able to log on the battle.net and change my pass so I think it might be a keylogger that is preventing my login I just don't know how to get rid of it!

this has several logs created by: RootRepeal, ComboFix, hijackthis, Malware bytes, and OTS
 

Relevancy 29.67%

Hi everyone Something's got me really confused here I got some spam mail the other day which set off an alarm I I'm sure a keylogger have not if bell and surely enough someone had hacked my Netvibes page I'm not sure if I have a keylogger and looked at my Twitter as a result As the email didn't have any attachments I opened the email on my phone and I saw I'm not sure if I have a keylogger instantly it was spam Passwords were duly changed and virus scans run on my home computer AVG Free - no problems MalwareBytes Anti-malware - no problems Kapersky TDSSKiller - no problems MalwareBytes Anti-rootkit - no problems And my phone Malware Bytes Anti-malware - no problems Avast Antivirus - no problems AVG Free - no problems However my online banking sends me emails to install 'Trusteer Rapport' and so I thought 'why not' and installed it on my home computer from now everything is concerned with my home computer Anyway I was done with worrying when I got this report The following password submissions were protected by the character replacement feature Trusteer Endpoint Protection has prevented access to the original keystrokes from most common keyloggers This does not necessarily mean you have keyloggers on your PC However applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed Jan Password field on Bank Name Anti-keylogging activated Jan Password field on Bank Name Anti-keylogging activated I know I was logging onto my banking at that time But I am confused by the message This does not necessarily mean you have keyloggers on your PC However applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed What does this mean Do I have a keylogger or what I'm confused by the contradictory messages A bit of background on my internet usage - I use Windows on a computer that is about four years old - Near-paranoid about viruses I run all four of my security programs religiously at least once a week - Haven't had a malware or virus problem with my computer for a long long time - No real slowing up on my computer or typing - Don't go on any websites that are dodgy and I don't download I'm a wikipedia facebook bbc news kind of person - The websites used since I got that dodgy email are commonplace - wikipedia bbc news etc BUT when I went onto Netvibes to change the password could I have been infected then - Have used online banking for about years on this computer and never had a problem I phoned the bank yesterday after getting the trusteer report and they confirmed my funds were safe - Since I've done online banking for so long I assume if there was a keylogger it would have seen all my passwords pre-Trusteer installation and I would know by now - extortion money missing etc identity theft - is that right I have three questions - What does that Trusteer Rapport message actually mean Do I have keyloggers or not - If so how can they be removed - What can I do to prevent this from happening again Thanks - I can show anti-virus logs if needed Aaandy

A:I'm not sure if I have a keylogger

Update, just had an online chat with Rapport:
 
Heather: Please be advised that Rapport protects your sensitive information by decrypting it while it is being sent to the bank's server.
Heather: When this action is done, Rapport logs the activity in the Weekly Activity Report.
Heather: This does not mean that you have a malicious software on your computer, only that Rapport performed its protection properly.
Heather: The other part of the message means that in case you use any software that tries to copy that information for yourself (for documentary reasons for example), that software was also blocked.
Heather: Should you suspect you have a malicious software on your computer, we recommend you may scan your computer with an up to date Antivirus.
Andrew: Ahhhh
Andrew: So in other words, IF I had something I authorised to keylog, then it would block that as well.
Heather: Exactly.
Andrew: But the report itself is NOT saying 'You have a keylogger, red alert!!'
Heather: Correct.
 
So that makes me feel a lot better. But would any folks care to add anything?
 
EDIT: I performed all four security scans again, no problems.
 
Am I safe? 

http://www.bleepingcomputer.com/forums/t/602004/im-not-sure-if-i-have-a-keylogger/
Relevancy 29.67%

I have scanned my pc with ATF Cleaner Ad-aware Spybot Search amp Destroy MBAM keylogger help:( MalwareBytes' Anti-Malware Panda http www pandasoftware com keylogger help:( actives principal htm and Hijackthis A guy told me that i should show you my Hijackthis log so you could look into it Hijackthis log file Logfile of Trend Micro HijackThis keylogger help:( v Scan saved at on Platform Windows XP SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C WINDOWS system spoolsv exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Spyware Doctor pctsTray exe C program files steam steam exe C WINDOWS system ctfmon exe C Program Files Common Files Nero Lib NMBgMonitor exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS System svchost exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system nvsvc exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS system svchost exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS system wdfmgr exe C Program Files Mozilla Firefox firefox exe C Program Files Common Files Nero Lib NMIndexingService exe C Program Files iPod bin iPodService exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C WINDOWS System alg exe C Program Files Spotify spotify exe C Program Files World of Warcraft WoW exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SearchHelper dll O - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint ipoint exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run NeroFilterCheck C Program Files Common Files Nero Lib NeroCheck exe O - HKLM Run NBKeyScan quot C Program Files Nero Nero Nero BackItUp NBKeyScan exe quot O - HKLM Run ISTray quot C Program Files Spyware Doctor pctsTray exe quot O - HKCU Run Steam quot c program files steam steam exe quot -silent O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run msnms... Read more

A:keylogger help:(

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/keylogger-help-354414.html
Relevancy 29.67%

Hi all W32 Keylogger I'm kind of new in this computers thing and I found out that I have a W keylogger in my machine I was using norton antivirus before but it did W32 Keylogger not detected it then I install F-prot and this program detected it but it says that it W32 Keylogger could not remove it no clue why then I've been using spyware doctor Xoftspy adware Spyboat microsoft antispyware but none of these have detected it First it says that this w keylogger dll was in the forder c windows system found it remane it and I moved it to the root couple days later I could not find it and Fprot gave me this alert C System Volume Information restore CD C-DFCF- E - D-D F F RP A dll infection W SCkeylogger D pwsI don't really have a clue on how to eliminate this and if there is a way to find out what kind of information it was collecting My PC is a Compaq Presario sr nx running windows XP SP pentium Mhz SDRAM GB HDHigh speed internet before I had it directly to me computer and using windows firewall and norton firewall later I connect my PC to a Unisys router that goes to another computer too and it is set up to have access to only ip addresses I am using IE and Mozilla That is why I decided to talk to the experts so somebody please could help me this is a copy of my logfile Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Ahead InCD InCDsrv exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system crypserv exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS system wdfmgr exe C WINDOWS Explorer EXE C WINDOWS System alg exe C Program Files Java j re bin jusched exe C windows system hpsysdrv exe C WINDOWS system hkcmd exe C HP KBD KBD EXE C WINDOWS SOUNDMAN EXE C WINDOWS AGRSMMSG exe C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C Program Files Win AntiSpam gcasServ exe C Program Files MSN Apps Updater en-ca msnappau exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Ahead InCD InCD exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system spool drivers w x hpztsb exe C Program Files iPod bin iPodService exe C Program Files FSI F-Prot F-StopW EXE C Program Files FSI F-Prot F-Sched exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C PROGRA Ahead NEROPH data Xtras mssysmgr exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Compaq Connections Program Compaq Connections exe C PROGRA HEWLET COMPAQ bin nda exe C Program Files Yahoo Messenger Messenger ymsgr tray exe C Program Files Win AntiSpam gcasDtServ exe C PROGRA SPYWAR swdoctor exe C WINDOWS system wbem wmiprvse exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http www quixtar com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Start Page http www quixtar com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll O - BHO ST - EDE -C B - E- ... Read more

A:W32 Keylogger

Howdy Nerublanco and welcome to BC. The infected file is in the System Restore hierarchy and can not reinfect the system unless you choose to utilize this restore point. You can flush System Restore by turning it off and back on or run Disk Cleanup to remove all but the latest restore points. To be certain you've removed the infected restore point suggest you flush the restore hierarchy by right clicking My Computer on the Desktop and choosing Properties. Then click the System Restore tab. Check the boxnext to Turn off System Restore on all drives, click Apply, then OK. Now uncheck the box, click Apply, OK to reenable System Restore.Then go to Start, Programs, Accessories, System Tools, System Restore.Choose Create a restore point and follow the prompts.Also, go here and download the JRE 5.0 Update 3. Get the Windows Offline Installation. The one currently installed has critical vulnerabilities. Then go to Add/Remove Programs in the Control Panel and uninstall (Sun) JRE 1.4.2_03. Restart the system after uninstalling.After restarting install the latest java package with all programs and browsers closed.

http://www.bleepingcomputer.com/forums/t/20783/w32-keylogger/
Relevancy 29.67%

Hi I wonder if I have a keylogger or something that tracks what I do I think I might do but I'm not certain think a I have I might keylogger Thanks On a side note does anyone I think I might have a keylogger know how to 'clear' up my PC I use CCleaner defragment and scan it regularily but I'm sure there are junk files still DDS Ver - - - NTFSx Run by Dean at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV Norton On-access scanning enabled Updated FW Norton enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C I think I might have a keylogger WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C WINDOWS system SearchIndexer exe C WINDOWS Explorer EXE C WINDOWS BCMSMMSG exe C Program Files Analog Devices Core smax pnp exe C Program Files Java jre bin jusched exe C WINDOWS System svchost exe -k HTTPFilter C Program Files iTunes iTunesHelper I think I might have a keylogger exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files iPod bin iPodService exe C PROGRA COMMON SYMANT CCPD-LC symlcsvc exe C Program Files Windows Live Contacts wlcomm exe C Program Files FeedReader feedreader exe C Program Files Common Files Real Update OB realsched exe C Program Files mIRC mirc exe C Program Files Common Files Symantec Shared VAScanner comHost exe C WINDOWS system notepad exe C Program Files Mozilla Firefox firefox exe C Program Files LimeWire LimeWire exe C Documents and Settings Dean Desktop dds scr Pseudo HJT Report uStart Page hxxp uk msn com uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local localhost BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO C C A-E - b - D - CECB - No File BHO NCO IE BHO adb e- aff- - aa - dac dfa - c program files common files symantec shared coshared browser coIEPlg dll BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c progra common symant ids IPSBHO dll BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Show Norton Toolbar febefe - b - - d -ffb d b ca - c program files common files symantec shared coshared browser CoIEPlg dll TB -D C - - FA - E EAAC - No File EB - a - b-a - c a a - No File uRun CTFMON EXE c windows system ctfmon exe uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot background uRun AdobeBridge mRun BCMSMMSG BCMSMMSG exe mRun SoundMAXPnP c program files analog devices core smax pnp exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun osCheck quot c program files norton osCheck exe quot mRun AdobeCS ServiceManager quot c program files common files adobe cs servicemanager CS ServiceManager exe quot -launchedbylogin mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun TkBellExe quot c program files common f... Read more

Relevancy 29.67%

I have a computer on which I've almost finished cleaning up the usual slew of adware and other rubbish but there's one item remaining that I can't figure out. I've run rkill, sc_cleaner, JRT, roguekiller, adwcleaner, malwarebytes, an avast boot-time scan and the boot CD scans with both avast and kaspersky antivirus and while they've removed quite a bit of rubbish I can't remove, or figure out, this last entry. I can's see anything using Autoruns that leaps out at me either.
 
Roguekiller is reporting, on the "rootkit" tab, in red, the following entry :
 
Detection                                       Name                                                                  Module
Filter : (Root.Keylogger)                \Driver\kbdclass @ \Device\0000007b               \Driver\eabfiltr @ Unknown
 
Can anybody tell me how to figure out if this is genuine malware or if it's simply misidentified by Roguekiller?
 
Many thanks

A:Possible keylogger

Welcome aboard  RogueKiller is not allowed in this forum so... Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/570651/possible-keylogger/
Relevancy 29.67%

So I like to think of myself as a very careful internet browser I try to stay Keylogger Possible only on trusted sites I've had Utorrent installed but I don't Possible Keylogger think I've ever used it and sites Possible Keylogger I find even slightly suspicious I run in Sandboxie and delete the sandbox as soon as I'm done Maybe sandboxie isn't as safe as I was led to believe it was but I'm almost certain I have some sort of keylogger or virus of some sort The issue is that occassionally my mouse will start to sporadically jump all over the screen or things I'm typing come typed out as something else Recently when it was doing that I just sat Possible Keylogger back in frustration and seconds later I watch as it types out the second half of my password in a chrome search dialogue As you can probably imagine that scared me pretty intensely I use my computer for online banking and have bought a few things online too Luckily the password was for neither of those two things and I haven't noticed any of my e-mails or accounts as being compromised yet I'm running Windows Ultimate bit I have Microsoft Security Essentials installed My computer is an i with gbs of ram Here's the dds txt and attached is the attach txt I run bit so could not run GMer and so no Ark txt is attached DDS Ver - - - NTFSAMD Internet Explorer Run by tom at on - - Microsoft Windows Ultimate GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Program Files Sandboxie SbieSvc exe C Windows SYSTEM WISPTIS EXE C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows SYSTEM WISPTIS EXE C Windows SysWOW PnkBstrA exe C Windows SysWOW PnkBstrB exe C Windows system svchost exe -k imgsvc C Program Files Tablet Wacom Wacom Tablet exe C Program Files Tablet Wacom Wacom TabletUser exe C Program Files Microsoft Security Client Antimalware NisSrv exe C Program Files Tablet Wacom Wacom Tablet exe C Windows system SearchIndexer exe C Program Files NetWorx networx exe C Program Files Microsoft Security Client msseces exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files Logitech Logitech WebCam Software LWS exe C Program Files x iTunes iTunesHelper exe C Program Files Logitech SetPointG SetPointII exe C Program Files x Common Files Java Java Update jusched exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x Razer BlackWidow BlackWidowTray exe C Program Files x Common Files Logishrd LQCVFX COCIManager exe C Program Files iPod bin iPodService exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Windows Microsoft NET Framework v mscorsvw exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system SearchProtocolHost exe C Windows system msiexec exe C Windows System svchost exe -k swprv C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Windows SysWOW cmd exe C Windows system conhost exe C Window... Read more

A:Possible Keylogger

Hey, it's been a while posted this. I was just wondering if there was any response forthcoming and if it's an acceptable amount of time for me to be bumping this?

Thanks!

http://www.techsupportforum.com/forums/f50/possible-keylogger-633941.html
Relevancy 29.67%

hey i recently found evidence that i may have been keylogged i was told by some one to down load hijack this and post it and see what people say xD so errm here P have Keylogger Possible fun xD Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C Possible Keylogger WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE C Program Files Razer Copperhead razerhid exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files Windows Defender MSASCui exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe C Program Files Creative Sound Blaster X-Fi Volume Panel VolPanel exe C WINDOWS CTHELPER EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system CTXFIHLP EXE C WINDOWS SYSTEM CTXFISPI EXE C WINDOWS system CTsvcCDA exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exe C Program Files Razer Copperhead razertra exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe C Program Files Razer Copperhead razerofa exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files Ventrilo Ventrilo exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Program Files Opera opera exe C Program Files Windows Live Mail wlmail exe C Program Files Windows Live Contacts wlcomm exe C Program Files Alwil Software Avast ashSimpl exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www skybroadband com R - HKCU Software Microsoft Internet Explorer Main Start Page http www skybroadband com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main First Home Page http www skybroadband com R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided By Sky Broadband O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet ... Read more

A:Possible Keylogger

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/possible-keylogger-370976.html
Relevancy 29.67%

I would like to know if there is a keylogger on my computer installed by my father I am of legal age Keylogger? and not a dependent Keylogger? of his therefore this would be extremely illegal seeing that he is not respecting my right to privacy Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Keylogger? svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Norton Internet Security ISSVC exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS System wltrysvc Keylogger? exeC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC WINDOWS Explorer EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC WINDOWS system r ndll exeC WINDOWS system ctfmon exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system wdfmgr exeC Program Files iPod bin iPodService exeC WINDOWS System alg exeC WINDOWS System svchost exeC Program Files LimeWire LimeWire exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files The Weather Channel FW Desktop Weather DesktopWeather exeC WINDOWS system ICROSO NET nopdb exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - URLSearchHook no name - B E E-F E -D - D D-A B F B - C WINDOWS system bekulnch dllR - URLSearchHook no name - E E-F EB-DD - D B-AA BF F B - C WINDOWS system bekulnch dllR - URLSearchHook no name - A B-D DB- F -B D-EBB DCF - C WINDOWS system bekulnch dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - A B-D DB- F -B D-EBB DCF - C WINDOWS system bekulnch dllO - BHO no name - E E-F EB-DD - D B-AA BF F B - C WINDOWS system bekulnch dllO - BHO no name - B E E-F E -D - D D-A B F B - C WINDOWS system bekulnch dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Ru... Read more

A:Keylogger?

Hello and welcome to the forum. I do not see anything I recognize as a keylogger, but I sure see some nasty trojans and junk that needs to go. The only thing I can identify is this:C:\WINDOWS\system32\oleramic.dll <<< I am 99% sure this is bad and will schedule removal. If you want to look for more infomation, check it in one of these free online scans:http://virusscan.jotti.org/http://www.kaspersky.com/scanforvirushttp://www.virustotal.com/flash/index_en.htmlPlease post the results for me to view.This program: C:\Program Files\LimeWire\LimeWire.exe see this information: http://www3.ca.com/securityadvisor/pest/pe...px?id=453088059 and this: http://www.spywareinfo.com/articles/p2p/Limewire (The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean. Older and newer version may not be.) My suggest would be to choose one of the malware free programs available, and uninstall that junk.This: C:\WINDOWS\system32\r?ndll.exe is PurityScan adware, see the links:http://castlecops.com/startuplist-11102.htmlhttp://sarc.com/avcenter/venc/data/adware.purityscan.htmlFollow these instructions in the posted order:1) Review the information in the Symantec link above then download and run the uninstaller in the same link.2) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.3) ewido scan: Please download Ewido Security Suite it is a trial version of the program.Install ewido security suiteLaunch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.Ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.NOTE: During some scans with ewido it is finding cases of false positives.**You will need to step through the process of cleaning files one-by-one.If ewido detects a file you KNOW to be legitimate, select none as the action.DO NOT select "Perform action on all infections"If you are unsure of any entry found select none for now.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:R3 - URLSearchHook: (no name) - {3B3E157E-F4E9-D941-9D0D-A998B014F1B6} - C:\WINDOWS\system32\bekulnch.dllR3 - URLSearchHook: (no name) - {333E157E-F4EB-DD46-9D7B-AA98BF13F1B7} - C:\WINDOWS\system32\bekulnch.dllR3 - URLSearchHook: (no name) - {0A13250B-D9DB-9F72-B03D-EBB58823DCF3} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {0A13250B-D9DB-9F72-B03D-EBB58823DCF3} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {333E157E-F4EB-DD46-9D7B-AA98BF13F1B7} - C:\WINDOWS\system32\bekulnch.dllO2 - BHO: (no name) - {3B3E157E-F4E9-D941-9D0D-A998B014F1B6} - C:\WINDOWS\system32\bekulnch.dllO4 - HKCU\..\Run: [Jhkrh] C:\WINDOWS\system32\r?ndll.exeO21 - SSODL: Veraksys - {6FBB9606-84AB-4E18-AEE6-D883AA263768} - C:\WINDOW... Read more

http://www.bleepingcomputer.com/forums/t/46418/keylogger/
Relevancy 29.67%

On the - - i logged into my PC and logged into a popular online game i play known as World of Warcraft After logging in i had been told that someone had been using my account to send messages to other members of the game with a link to a known Trojan Site I have scanned my computer with Malware Bytes Spybot Search and Destroy Kaspersky Anti Virus Panda Active Scan I recovered an Possible Keylogger Adware BUT i am still suspicious that there may be a Trojan on the system Just wondering if using the logs you would please be able to give me a heads up as to whether im running a clean system or not Thank You DDS Ver - - - NTFSx Run by Possible Keylogger Moss at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV Kaspersky Internet Security On-access scanning enabled Updated FW ActiveArmor Firewall disabled FW Kaspersky Internet Security enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C WINDOWS system CTsvcCDA exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe -k imgsvc C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C WINDOWS Explorer EXE C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS RTHDCPL EXE C Program Files Razer Copperhead razerhid exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exe C Program Files Windows Defender MSASCui exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe C Program Files Creative Sound Blaster X-Fi Volume Panel VolPanel exe C WINDOWS CTHELPER EXE C WINDOWS system CTXFIHLP EXE C Program Files Razer Copperhead razertra exe C WINDOWS system RUNDLL EXE C WINDOWS SYSTEM CTXFISPI EXE C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Program Files Razer Copperhead razerofa exe C WINDOWS system ctfmon exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Opera opera exe C Documents and Settings Moss Local Settings Application Data Opera Opera profile cache temporary download dds scr Pseudo HJT Report uStart Page hxxp www skybroadband com uWindow Title Internet Explorer Provided By Sky Broadband uDefault Page URL hxxp www skybroadband com BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO BitComet Helper f e - a- b a-bcaf- b bfdfea - c program files bitcomet tools BitCometBHO dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky internet security ievkbd dll BHO C C A-E - b - D - CECB - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDe... Read more

Relevancy 29.67%

Basically ive managed to get myself a keylogger on my Keylogger PC - ive run about full virus scans and it hasnt helped me Any help would be greatly appreciated Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe Keylogger C WINDOWS system winlogon exe C WINDOWS system services Keylogger exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Kontiki KService exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS System svchost exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files DNA btdna exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run oD quot C Program Files Kontiki KHost exe quot -all O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKCU Run kdx C Program Files Kontiki KHost exe -all O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- C... Read more

A:Keylogger

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/keylogger-389340.html
Relevancy 29.67%

Today I clicked a link to what I thought was a news story, but all it did was load an image. As i read through the forums everyone said their Antivirus said it was a keylogger. At the time I did not have any AV installed (stupid I know). I installed AVAST! asap, and after a boot time scan and a thorough scan after that nothing showed up. I wasn't satisfied so I have installed the trial of Kapersky, and am running the max protection scan now (50% after an hour and ten minutes).

I will post a Hijack this after the scan is done and I reboot. I am running Vista with UAC running if that helps any and was using Firefox. Thanks for any help!
 

A:Possible Keylogger?

Logfile of HijackThis v1.99.1
Scan saved at 6:01:52 PM, on 12/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunes... Read more

https://forums.techguy.org/threads/possible-keylogger.661195/
Relevancy 29.67%

Hi Sorry for the previous post ive read through the reply and have done what was asked with all of the following DDS txt keylogger. think Please I help! I have a Attach txt and GMER GMER took a hour or so to I think I have a keylogger. Please help! finish or else Id have responded sooner Additionally I removed all the P P programs etc I could Frostwire gone and utorrent are gone However I couldnt seem to do much with DAEMON If this is an issue please lemme know what to do As I mentioned before my WoW account was hacked and I did some testing myself before i found this site and I would like to know if Im still infected If so please help Here are the requested logs data If i missed something please tell me thank you for your time and patience ---------------------------------------------------------------------- DDS Ver - - - NTFSx Run by Jaimie at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe svchost exe C Program Files AVG AVG avgwdsvc exe C Program Files Java jre bin jqs exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system svchost exe -k imgsvc C Program Files AVG AVG avgnsx exe C WINDOWS system wuauclt exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS Explorer EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Jaimie My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uDefault Search URL hxxp www google com ie uInternet Connection Wizard ShellNext iexplore uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB A A -BACC- D - - A E E - No File TB EF BD -C FB- D - F- D F - No File TB BC A- - D - AC -E B A BA C - No File EB amp Yahoo Messenger bbe - e - d -ad - d ad - c program files yahoo messenger yhexbmes dll uRun ctfmon exe c windows system ctfmon exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript mRun avast c progra alwils avast ashDisp exe IE Add to Google Photos Screensa amp ver - c windows system GPhotos scr IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF B BCA- F C- CF- - - hxxp download macromedia com pub shockwave cabs director sw cab DPF B - - - ... Read more

A:I think I have a keylogger. Please help!

Been over 72hours. Bump. Still need help.

http://www.techsupportforum.com/forums/f50/i-think-i-have-a-keylogger-please-help-432868.html
Relevancy 29.67%

Please help I recently clicked an email attachment that was titled Runme from a classmate I did and it restarted my computer and installed something keylogger! Now this classmate is hinting that they know private information of mine as is customary I have included a hijackthis log Thank you in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows system igfxsrvc exe C Windows System tp serv exe C Program Files Analog Devices Core smax pnp exe C Program Files ThinkPad ConnectUtilities ACTray exe C Program Files ThinkPad ConnectUtilities ACWLIcon exe C Program Files ThinkVantage AMSG Amsg exe C Program Files keylogger! Lenovo AwayTask AwaySch EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files Lenovo Client Security Solution cssauth exe C Program Files Lenovo Drag-to-Disc DrgToDsc exe C Program Files Java jre bin jusched exe C Program Files Lenovo NPDIRECT tpfnf sp exe C Program Files Lenovo HOTKEY TPOSDSVC exe C Windows System TpShocks exe C Program Files Common Files Lenovo Scheduler scheduler proxy exe C Program Files ThinkPad Utilities EZEJMNAP EXE C Program Files ThinkVantage PrdCtr LPMGR EXE C Windows System rundll exe C keylogger! Program Files Symantec AntiVirus VPTray exe C Program Files Adobe Adobe Acrobat Distillr AcroTray exe C Program Files Lenovo HOTKEY TPONSCR exe C Program Files iTunes iTunesHelper exe C Program Files Lenovo Zoom TpScrex exe C Program Files Windows Sidebar sidebar exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Windows ehome ehtray exe C Windows system taskeng exe C Windows ehome ehmsas exe C Program Files ThinkPad Bluetooth Software BTTray exe C Program Files Digital Line Detect DLG exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files Lenovo Client Security Solution tvtpwm tray exe C Program Files Thunderbird-Tray TBTray exe C Program Files Adobe Adobe Acrobat Acrobat Acrobat exe C Program Files Microsoft Office Office OUTLOOK EXE C Users Salina AppData Local Temp Adobelm Cleanup C Users Salina AppData Local Temp Adobelm Cleanup C Windows system taskeng exe C Program Files Windows Sidebar sidebar exe C Program Files Mozilla Thunderbird thunderbird exe C Program Files Diskeeper Corporation Diskeeper DkIcon exe C Program Files Mozilla Firefox firefox exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe C Windows System osk exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENUS SAOS FORM TOOLBR R - HKCU Software Microsoft Internet Explorer Main Search Page http g msn com SEENUS SAOS FORM TOOLBR R - HKLM Software Microsoft Internet Explorer Main Default Page URL http lenovo live com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn com SEENUS SAOS FORM TOOLBR R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO Skype add-on m... Read more

https://forums.techguy.org/threads/keylogger.646505/
Relevancy 29.67%

Hello everyone I really hope I can get some help here I'll start off with Really Help! Need Keylogger, Possible some background here About a year Possible Keylogger, Really Need Help! ago I had someone start stealing my e-mail accounts which was a hotmail one along with various forum and website logins and passwords too I went through hell to get everything redone and I got a new address I thought was more secure Up until about a week ago everything was fine until I found out that my yahoo account had been stolen as well as forum passwords and sites like myspace etc I believe it is most likely the same person based on some actions they took Anyways I have done everything I can and for a couple days I thought I had gotten rid of the guy until I realized another site had been compromised So I then tried to find an anti-keylogger program because I am pretty certain that something of this nature is installed on my computer allowing him to get my passwords etc So I installed one and it froze my computer bringing me to a blue screen that said windows was shut down because of a hardware or software problem So I restarted and I got the same screen I went in in safe mode and uninstalled it and I restarted fine I went and looked for a better one since I thought the one I installed might have been crappy and I found one called Advanced Anti-Keylogger I downloaded it and it looked a lot better So I installed and it told me I had to restart to finish the installation I did so and then I was given an error that quot memory could not be read quot having to do with explorer exe and it made my icons and taskbar disappear I restarted and got the same thing however when I unistall it in safe mode I can restart fine I think the person messing with my computer has something preventing me from installing a program that would detect his I really have no idea how to fix this situation I have scanned with Ad-Aware SE Panda Antivirus Spy Bot Search and Destory and I already have the free version of Zone Alarm I deleted everything I have found but nothing seemed to actually be relevant to keylogging I did a scan with HiJack This and I am providing the log but I didn't notice anything out of the ordinary Even so ANY help would be appreciated I would love to know of some programs that could prevent the keyloggers from being installed or where to look on my comp for them Thank you and I hope I get help in time before he takes anymore accounts Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS system ZoneLabs vsmon exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS System GEARSec exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC Program Files Panda Software Panda Antivirus PsCtrls exeC Program Files Panda Software Panda Antivirus pavsrv exeC WINDOWS system PnkBstrA exeC Program Files Panda Software Panda Antivirus PsImSvc exeC Program Files Panda Software Panda Antivirus AVENGINE EXEC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS Explorer EXEC Program Files Dell Media Experience DMXLauncher exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS System DLA DLACTRLW EXEC Program Files Microsoft IntelliType Pro type exeC Program Files Microsoft IntelliPoint point exeC WINDOWS system LVCOMSX E... Read more

A:Possible Keylogger, Really Need Help!

Hello Kiva and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

http://www.bleepingcomputer.com/forums/t/100741/possible-keylogger-really-need-help/
Relevancy 29.67%

I play an online game and i dont know if i downloaded a keylogger or something but every other day i get hacked and lose all my hard earned money.

heres a log from OTL this can you tell me if there is any virus program in it?


oh and heres the extras. idk if you need it or not

A:Think i have a keylogger

Hello krunkkracker,

For an initial scan, we'd prefer you follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f50/think-i-have-a-keylogger-658242.html
Relevancy 29.67%

I'm another one of those people from the World of Warcraft community I was on their forums and clicked on a link that I shouldn't have I searched my computer using several different virus protection removal programs which I'll list further down and they didn't bring up anything serious I logged into my account and had my Keylogger password changed shortly after by someone else who then Keylogger partially looted me before I changed the password back I tried to find the keylogger using StingerAd-aware SESpybot Search amp DestroyPanda TotalscanKLdetector AVG free scanHijackthis log ogfile of HijackThis v Scan saved at PM on Platform Windows XP SP Keylogger WinNT MSIE Internet Explorer v SP Running processes C Keylogger WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Panda Software Panda Antivirus pavsrv exeC Program Files Panda Software Panda Antivirus AVENGINE EXEC WINDOWS System svchost exeC Program Files Stardock Object Desktop ThemeManager wbload exeC WINDOWS system spoolsv exeC WINDOWS SYSTEM Ati evxx exeC WINDOWS Explorer EXEC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEC Program Files Intel Intel reg Active Monitor imontray exeC WINDOWS Logi MwX ExeC PROGRA WinFax WFXSWTCH exeC WINDOWS system wfxsnt exeC Program Files Logitech Video LogiTray exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC WINDOWS System CTsvcCDA exeC Program Files Logitech G-series Software LGDCore exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Logitech G-series Software LCDMon exeC WINDOWS CTHELPER EXEC Program Files Analog Devices SoundMAX SMax PNP exeC WINDOWS system ctfmon exeC Program Files Logitech G-series Software Applets LCDPop LCDPOP exeC Program Files Logitech G-series Software Applets LCDClock exeC Program Files Logitech G-series Software Applets LCDMedia exeC Program Files Panda Software Panda Antivirus PsImSvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exeC Program Files Kodak KODAK Software Updater Program Kodak Software Updater exeC WINDOWS system WFXSVC EXEC WINDOWS system LVComsX exeC Program Files WinFax WFXMOD EXEC WINDOWS System MsPMSPSv exeC Program Files Logitech SetPoint KEM exeC Program Files Intel Intel reg Active Monitor imonnt exeC Program Files Logitech SetPoint KHALMNPR EXEC Program Files Logitech Video FxSvr exeC WINDOWS system wscntfy exeC Program Files Internet Explorer iexplore exeC PROGRA WINZIP winzip exeC Documents and Settings Joshua R Seats Local Settings Temp HijackThis exeR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe rO - HKLM Run CTDVDDET C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXEO - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe rO - HKLM Run IMONTRAY C Program Files Intel Intel reg Active Monitor imontray exeO - HKLM Run nwiz nwiz exe installO - HKLM Run Logitech Utility Logi MwX ExeO - HKLM Run WFXSwtch C PROGRA WinFax WFXSWTCH exeO - HKLM Run WinFaxAppPortStarter wfxsnt exeO - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run Microsoft Office Quick Launcher iau exeO - HKLM Run Launch LGDCore quot C Program Files Logitech G-series Softwa... Read more

A:Keylogger

Update :

I ran several of the scans again in safe mode. I finally came up with something : Trojan.small.edz

Not even certain if this can work as a keylogger, but will try to find out. I hope this helps. If anyone has any information already please let me know, or if you need a new Hijackthis log let me know. I did let AVG Anti-Spyware 7.5 quarantine it. I don't know if that was a good thing or not.

Thanks again in advance

http://www.bleepingcomputer.com/forums/t/102914/keylogger/