Windows Support Forum

Possible Virus - Keylogger during startup

Q: Possible Virus - Keylogger during startup

Windows x Possible virus keylogger spyware Symptom Wave file created during computer startup- login wave file is empty nbsp nbsp Possible startup Keylogger - during Virus nbsp nbsp STREAM wav nbsp nbsp quot STREAM yearmonthday hourminuteseconds wav quot Have tried nbsp Microsoft Security Essentials nbsp nbsp nbsp nbsp No Viruses Detected nbsp Autorun nbsp nbsp nbsp nbsp detected the reg keys nbsp nbsp nbsp nbsp but I was unable to find or delete of them nbsp nbsp nbsp nbsp Listed reg keys at possible time able to research at MS nbsp nbsp nbsp nbsp were not found nbsp HKCU SOFTWARE Microsoft Windows CurrentVersion Explorer ShellServiceObjects nbsp nbsp nbsp nbsp PM nbsp HKLM System CurrentControlSet Control ServiceControlManagerExtension nbsp nbsp nbsp nbsp PM nbsp nbsp Windows Malicious Removal Tool nbsp nbsp nbsp Initial Scan nbsp nbsp nbsp nbsp detected infections during scan nbsp nbsp nbsp Possible Virus - Keylogger during startup nbsp but did not list them after scan was finished nbsp nbsp nbsp nbsp no malicious software deteced nbsp nbsp Secondary scan nbsp nbsp nbsp nbsp detected no infections nbsp nbsp nbsp nbsp no malicious software detected nbsp Malware Bytes Anti Rootkit nbsp nbsp nbsp nbsp nbsp found no problems

https://social.technet.microsoft.com/Forums/en-US/e66ba4c3-5764-4a97-88ea-b3a9554bff4a/possible-virus-keylogger-during-startup?forum=w8itprosecurity
Relevancy 100%
Preferred Solution: Possible Virus - Keylogger during startup

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevancy 47.3%

My PC randomely restarts and then says something to do Hijackthis - Random Log & Restarts,slow Keylogger Startup with minidump also it is very slow when starting up minutes usually Hijackthis Log - Random Restarts,slow Startup & Keylogger about minute I also think there maybe a keylogger because i have had some of my account's hacked Logfile of HijackThis Hijackthis Log - Random Restarts,slow Startup & Keylogger v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC PROGRA Grisoft AVG avgcc exeC Program Files ATI Technologies ATI ACE CLI EXEC WINDOWS system ctfmon exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Autodesk dsMax mentalray satellite raysat dsmax server exeC WINDOWS system devldr exeC WINDOWS System svchost exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Mozilla Firefox firefox exeC Program Files Common Files Microsoft Shared Source Engine OSE EXEC Program Files Hijackthis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings AutoConfigURL file c rapidhacker dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE CLIStart exe quot O - HKLM Run RUNDLL C WINDOWS system RUNDLL exeO - HKLM Run KernelFaultCheck systemroot system dumprep -kO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run igndlm exe C Program Files Download Manager DLM exe windowsstart startifworkO - Startup Xfire lnk C Program Files Xfire xfire exeO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra button Sky - E A -FB - BD-A - E AD F - http www skybroadband com file missing O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra 'Tools' menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Options group INTERNATIONAL International O - DPF A F D- AFA- -A FD- BD Checkers Class - http messenger zone msn com binary msgrchkr cab cabO -... Read more

A:Hijackthis Log - Random Restarts,slow Startup & Keylogger

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Sc00by22 My name is Richie and i'll be helping you to fix your problems.Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if any viruses were found.* Click "Yes to all" if it asks if you want to cure/move the file.* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.* Save the DrWeb.csv report to your desktop.* Exit Dr.Web Cureit when done.* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/94256/hijackthis-log-random-restartsslow-startup-keylogger/
Relevancy 44.29%

Hi there I've been having a strange issue lately When playing video games I sometimes lose control of my character for a short period of time and it performs seemingly random actions I thought I may have had a virus so I installed the latest zonealarm extreme security suite and scanned my system Nothing was found Later I was browsing and noticed that an e-mail that my girlfriend had been typing on Virus? Keylogger my computer started to type itself complete with pauses used during typing I'm now assuming that there is a keylogger of some sort in my system but I'm unsure as to whether or not it is actually a virus I believe that I am sometimes typing the shortcut to quot play back quot the macro keylog that was made while I'm playing video games It always happens at an unexpected time therefore it is difficult to tell what the shortcut actually is I also find it unlikely that it is Keylogger Virus? a virus due to the fact that I am able to trigger the playback on my end Would a virus be coded that poorly Perhaps I'm running windows XP SP When it happens in the video game I immediately Keylogger Virus? switch to word processing software and am able to read the exact same e-mail each time Does anyone have any idea what I can do to correct this

A:Keylogger Virus?

Issue resolved: She accidentally used on-the-fly macro recording on my mouse! Oh the humanity..

http://www.techsupportforum.com/forums/f100/keylogger-virus-543143.html
Relevancy 44.29%

Hi all and first of all thanks for your time and help I believe i Virus May Keylogger A Have Or Think I Other stumbled upon a keylogger I went to a webpage quot quot quot quot quot wowinsidar com dasd gif quot quot quot quot and Im not sure but i believe it asked me to install flash i automatically alt f- 'd out of everything I have done a adaware scanI have done a sbot SnD scanI have done a ewido avg scanThe works Problem is I'm not sure I'm clean Please if at Think I May Have A Keylogger Or Other Virus all possible take a look at my HJT log to see if anything appears suspeciousLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Creative Sound Blaster Audigy PCMCIA Sound Blaster Utility CTSBUtl exeC Program Files Creative Shared Files Module Loader DLLML exeC WINDOWS system RunDLL exeC WINDOWS CTHELPER EXEC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC Program Files Messenger msmsgs exeC Program Files Creative Sound Blaster Audigy PCMCIA Sound Blaster Utility CTAPR exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS system PnkBstrA exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system svchost exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC WINDOWS system wscntfy exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files AIM aim exeC Program Files AIM aolsoftware exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO D - D - - -B F-FEC DD B - C WINDOWS system mmx dllO - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXEO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run CTPCMCIASBUtility quot C Program Files Creative Sound Blaster Audigy PCMCIA Sound Blaster Utility CTSBUtl exe quot O - HKLM Run AudioDrvEmulator quot C Program Files Creative Shared Files Module Loader DLLML exe quot - AudioDrvEmulator quot C Program Files Creative Shared Files Module Loader Audio Emulator AudDrvEm dll quot O - HKLM Run IWM Agent C Program Files IWM IWM exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInitO - HKLM Run CTHelper CTHELPER EXEO - HKLM Run CTxfiHlp CTXFIHLP EXEO - HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support bin AppleSyncNotifier exeO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run SpybotSD T... Read more

Relevancy 44.29%

So I ve been getting Possible and Virus Keylogger emails that my various accounts have had information changed I know Virus and Possible Keylogger there is something on my computer just not sure how to remove it Trying with difficulties to install AVG Free Virus and Possible Keylogger to get a scan in and running spybot atm Here is a hijack log Please help before they start purchasing everything they can on my steam account Logfile of Trend Micro HijackThis v Scan saved at Virus and Possible Keylogger PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system explorer explorer exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Java jre bin jqs exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS System svchost exe C WINDOWS SOUNDMAN EXE C WINDOWS system RUNDLL EXE C Program Files Logitech Logitech WebCam Software LWS exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Java Java Update jusched exe C Program Files Windows Live Messenger msnmsgr exe C Documents and Settings Trevor Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe C WINDOWS system ctfmon exe C Program Files Logitech Logitech Vid vid exe C Program Files Messenger msmsgs exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files DAEMON Tools Lite DTLite exe C Program Files WiFiConnector NintendoWFCReg exe C Documents and Settings Trevor Local Settings Apps GMENC M VJ Q CTRTBT DHP curs tion eee a b d e e CurseClient exe C Program Files Mozilla Firefox firefox exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C DOCUME Trevor LOCALS Temp kdsjaf exe C WINDOWS system mspaint exe C WINDOWS system calc exe C WINDOWS system taskmgr exe C DOCUME Trevor LOCALS Temp AVGDownloadManager update stub exe C DOCUME Trevor LOCALS Temp AVGDownloadManager packages setup setup exe C Program Files Spybot - Search amp Destroy SpybotSD exe C WINDOWS system msiexec exe C WINDOWS System msiexec exe C WINDOWS System MsiExec exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www facebook com home php sk lf R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz... Read more

Relevancy 44.29%

I got a keylogger virus yesterday, I ran an avg scan and it picked up 2 of them after i what avg said I ran a malwarebytes anti-malware scan that came but with nothing and i ran avg again wich came up with nothing.. How can I make sure that everything is gone??

A:keylogger virus

Update mbam and run a FULL scanPlease post the results=======================ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.
FirstReboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.=======================================Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" u... Read more

http://www.bleepingcomputer.com/forums/t/264385/keylogger-virus/
Relevancy 44.29%

I have been having a problem with my laptop mainly while playing games on Facebook that is the only problem I have detected so far Sometimes when playing Slotomania it appears as if someone is playing on my account I will be playing and it appears as if someone else is playing the game at the same time until I have no credits left I can be sitting there and see the credits disappear I have been told that it is likely a keylogger virus and I should scan the system to get rid of it I have scanned with Malware Byte Spy Bot and Microsoft Virus Keylogger Possible Security Essentials but am still experiencing the same problems I am a novice at all of this so please be gentle DDS Ver - - - NTFS AMD Internet Explorer Run by Teresa at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated E - ED- F -A - BCB F SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Spybot - Search and Destroy Enabled Updated BC DF - CCA- D-A -C CA F A B Possible Keylogger Virus SP Microsoft Security Essentials Enabled Updated DF E - D - BB- B - D E BFDE Running Processes C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS c Program Files Microsoft Security Client MsMpEng exe C windows System svchost exe -k LocalServiceNetworkRestricted C windows System svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k LocalService C windows system svchost exe -k netsvcs C windows system svchost exe -k NetworkService C windows System spoolsv exe C Possible Keylogger Virus windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files x Malwarebytes' Possible Keylogger Virus Anti-Malware mbamscheduler exe C Program Files x Malwarebytes' Anti-Malware mbamservice exe C Program Files x Common Files Motive pcCMService exe C Program Files Common Files Motive pcCMService exe C Program Files x Common Files Motive pcServiceHost exe C windows System svchost exe -k HPZ C windows system svchost exe -k imgsvc C windows system ThpSrv exe C Windows system TODDSrv exe C Program Files TOSHIBA Power Saver TosCoSrv exe C Program Files TOSHIBA TECO TecoService exe C Program Files x BetterBrowse updateBetterBrowse exe C Program Files x BetterBrowse bin utilBetterBrowse exe C Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C windows system SearchIndexer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C PROGRA SearchProtect Main bin CltMngSvc exe C Program Files x Spybot - Search amp Destroy SDUpdSvc exe C Program Files x Common Files AVG Secure Search vToolbarUpdater loggingserver exe C Program Files x Spybot - Search amp Destroy SDWSCSvc exe C Program Files x Spybot - Search amp Destroy SDFSSvc exe C windows system wbem wmiprvse exe c Program Files Microsoft Security Client NisSrv exe C windows system svchost exe -k NetworkServiceNetworkRestricted C PROGRA SearchProtect SearchProtect bin cltmng exe C windows system Dwm exe C PROGRA SearchProtect UI bin cltmngui exe C windows Explorer EXE C Program Files x Malwarebytes' Anti-Malware mbamgui exe C windows system taskhost exe C windows system taskeng exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Realtek Audio HDA RAVCpl exe C windows system igfxsrvc exe C Program Files Synaptics SynTP SynTPEnh exe C Windows System ThpSrv exe C Program Files TOSHIBA Power Saver TPwrMain exe C Program Files TOSHIBA SmoothView SmoothView exe C Program Files TOSHIBA FlashCards TCrdMain exe C Program Files TOSHIBA TECO Teco exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files ATT-SST pcTrayApp exe C windows system igfxext exe C Program Files Microsoft Security Client msseces ex... Read more

Relevancy 44.29%

Someone I used to work with sent me a keylogger, called Elite Keylogger. Counterspy found it, but I am not able to send any attachments at all on yahoo mail. I am also not able to send or receive emails from people at work. (I'm able to get other emails) I found all my workfiles in the recycle bin, and every time I try to open them they automatically delete. This is all happening on my home computer. I have tried every anti virus program I can think of and am totally stuck. This guy is trying to ruin anything to do with my job. Any ideas? I am going crazy with this. Also.. he has made it clear that he is the one responsible but is there a way to track all this to him so I have proof? Thanks so much

A:I Really Need Help..keylogger/virus

Hi,We're going to deal with the malware first. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/153922/i-really-need-helpkeyloggervirus/
Relevancy 44.29%

Hey everyone, the other day I clicked on a link in a popular internet gaming forum. It took me to a fake yahoo.com page, and closed down the game I was playing. I'm worried I got a virus or keylogger of some kind. I tried running numerous virus/adware programs, but I didn't catch anything. If possible, I'd like to run it by you guys to see if I was infected. Thanks!

A:Possible Virus/keylogger

I have deleted a Duplicate HJT log posting. I left the first one as it gives you a better position in line.Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

http://www.bleepingcomputer.com/forums/t/167330/possible-viruskeylogger/
Relevancy 44.29%

Hello, i was playing CoD Modern Warfare 2 yesterday online. then after a while i was disconnected from steam. i tried to restart everything like 4 times. but no difference. i could not log onto steam. so i decided to play WoW instead. when i entered the log in screen. an error message appeared saying that a possible Keylogger could exist on my computer so i pressed exit instantly afraid of getting my account hacked or something. so i got to the WoW support and followed the steps on this page:
--> http://forums.wow-europe.com/thread....83442401&sid=1

And the guide told me to go here for help after i've done the steps.

should i just post the hijackthis log here?

A:Need help with Keylogger virus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:41, on 2009-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Norman\Npm\bin\ELOGSVC.EXE
D:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Norman\Npm\Bin\Zanda.exe
D:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
D:\Adobe\Photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
D:\Norman\Npm\Bin\scheduler.exe
D:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Norman\Nse\bin\NSESVC.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Norman\Nvc\bin\nvcoas.exe
D:\Norman\Nvc\Bin\Nip.exe
D:\Norman\Nvc\Bin\cclaw.exe
C:\Documents and Settings\Therese\Start Menu\Programs\Startup\raw32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live inloggningshj?lpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07... Read more

http://www.techsupportforum.com/forums/f50/need-help-with-keylogger-virus-446521.html
Relevancy 44.29%

Recently 2 accounts of mine on a game got hacked, i used 2 separate emails for these accounts and the second one i never used for anything besides this game. now ive looked in all of my program file, Ive run virus scans with avast, malwarebytes and superantivirus. Ive even run boot time scans and scans in safe mode (networking) but none of these programs have found anything. if it was just 1 account i would think it was some who got into my email, but it was 2 separate accounts. any help would be amazing

A:Cant get rid of a virus/keylogger

Welcome, let's do these next.

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.[/list]
TDSSKiller
AdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.
ESET Online Scanner
Click here to download the installer for ESET Online Scanner and save it to your Desktop.Disable all your antivirus and antimalware software - see how to do that here.Right click on esetsmartinstaller_enu.exe and select Run as Administrator.Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.Select Enable detection of potentially unwanted applications.Click Advanced Settings, then place a checkmark in the following:
Remove found threatsScan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technology
Click Start to begin scanning.ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.When the scan is done, click List threats (only available if ESET Online Scanner found something).Click Export, then save the file to your desktop.Click Back, then Finish to exit ESET Online Scanner.[/list]

http://www.bleepingcomputer.com/forums/t/613134/cant-get-rid-of-a-viruskeylogger/
Relevancy 44.29%

Heres the hijack log --- Logfile of Trend Micro HijackThis or Keylogger virus? any v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS Explorer EXE Keylogger or any virus? C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system rundll exe C Program Files Intel Wireless bin ZCfgSvc Keylogger or any virus? exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS stsystra exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Dell QuickSet QuickSet exe C Daniel Programmer Net-Peeker NPGUI exe C Program Files Java jre bin jusched exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Microsoft Office Office GrooveMonitor exe C WINDOWS system RUNDLL EXE C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Curse CurseClient exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files PC Connectivity Solution ServiceLayer exe C PROGRA Intel Wireless Bin Dot XCfg exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Java jre bin jucheck exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Common Files Symantec Shared coShared Browser CoIEPlg dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Program Files DAEMON Tools Toolbar DTToolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run NVHotkey rundll exe nvHotkey dll Start O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet... Read more

Relevancy 44.29%

I am virus Possible keylogger having Possible keylogger virus a problem that I am trying to clear up before it causes real damage I believe the problem started with a Facebook game Slotomania and it appears to be isolated to this but after researching a little I see that these types of viruses can allow a hacker to access personal banking info as well so it has me a little Possible keylogger virus nervous as I had used my laptop for banking transactions as well What is happening is that when I sign into my FB account to play certain slot machine games it looks like someone else is actually playing Possible keylogger virus on my account At times it almost looks like Timbuktu when you can actually see the reels being pressed but I haven't pressed anything Most times I will play the game and leave credits there while I go to bed and the next day after I haven't played at all someone has played all the credits I have emailed their customer support and they are saying I probably have a virus on my laptop and suggested that I try a anti-virus remover that can get rid of a keylogger virus My laptop is a Toshiba Satellite A running Windows I have changed my Facebook password and changed the security settings to require a code from my phone to sign into my account I have changed my email password as well All of these changes were made on my I pad as I don't believe the virus stems from there I have also changed my passwords to other sensitive CC banking accounts from a different computer I have scanned with Malware Bytes and Spu Bot Search and Destroy I previously had the McAfee Anti-Virus software from AT amp T Uverse installed but switched to Microsoft Security Essentials on the recommendation of a friend I also have run a full system scan with MSE that found no errors When running scans I get the usual registry errors etc but nothing that actually said I had a virus I have run the scans several times over the past days and they are saying they have found nothing As recently as today the issue is still occurring with the credits disappearing from my games

A:Possible keylogger virus

Remove spybot search and destroy from your machine and see below.
 
 
Step 1
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step 2
 
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Step 3.
 
 
Please download HitmanPro. to your desktop.
HitmanPro (32bit)
HitmanPro (64bit)
Launch the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
Click on the next button. You must agree with the terms of EULA.
Check the box beside "No, I only want to perform a one-time scan to check this computer".
Click on the next button.
The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
Click on the next button and choose the option activate free license
Click on the next button and the infections where will be deleted.
Click now on the Save Log option and save this log to your desktop.
Click on the next button and restart the computer.
Copy the information of HitmanPro_20130116_1239.log in your next reply
Step 4.
 
Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result.

http://www.bleepingcomputer.com/forums/t/519912/possible-keylogger-virus/
Relevancy 44.29%

i think i have a virus and i heard that one of the files that i deleted think god or repaired with a antimalware program was a keylogger please Keylogger? Virus? help i hate keyloggers Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe Keylogger? Virus? C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe Keylogger? Virus? C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS System svchost exe C Program Files SiteAdvisor SAService exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C Program Files Viewpoint Common ViewpointService exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C Program Files SiteAdvisor SiteAdv exe C PROGRA ALWILS Avast ashDisp exe C Program Files DellSupport DSAgnt exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Dell Support Center bin sprtcmd exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Internet Download Manager IEMonitor exe C WINDOWS Explorer exe C Program Files Mozilla Firefox firefox exe C WINDOWS system svchost exe C Program Files Movie Maker moviemk exe C Program Files HyCam HyCam exe C Documents and Settings darkgift Desktop ZoomIt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywaybiz R - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywaybiz R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer socks R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll F - REG system ini Shell Explorer exe O - BHO IDMIEHlprObj Class - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run DVDLauncher quot C Program Fil... Read more

https://forums.techguy.org/threads/keylogger-virus.726411/
Relevancy 44.29%

Someone clicked one of those spam links and got that classic WoW / Blizzard virus on my computer. I thought I cleaned it out, but I can not play Starcraft now and their reason is I have a virus. I'm in the process of following all the instructions found in: http://forums.techguy.org/malware-removal-hijackthis-logs/500865-think-i-got-keylogger-world.html . Everything looks clean to me, but just to play it safe I am posting on this forum. I am going to reboot and do the scan for the second scanner right now. The following post will be my hijack-this log.

P.S. I use XP x64
Thanks!
 

Relevancy 44.29%

So I am pretty sure there is a keylogger on my computer as my battle net account has been hacked times and i constantly change the password it obviously does no good if I have a keylogger Plz let me in on any programs that can remove them or w e preferably free I run windows XP Service Pack Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Alwil Software Avast AvastSvc exe C WINDOWS system spoolsv exe C Program Files Java jre bin jqs Keylogger maybe virus exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system RUNDLL EXE C PROGRA ALWILS Avast avastUI exe C Program Files DNA btdna exe C Program Files Messenger msmsgs exe C WINDOWS system rundll exe E Program Keylogger maybe virus Files Spybot - Search amp Destroy TeaTimer Keylogger maybe virus exe E Program Files DAEMON Tools Lite DTLite exe C WINDOWS system wuauclt exe E Program Files Ventrilo Ventrilo exe C Program Files Mozilla Firefox firefox exe H Program Files HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search Default Search URL http toolbar ask com toolbarv askRedirect o amp gct amp gc amp q R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - C E B- - A - B- B BEFC DB - no file R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll file missing R - URLSearchHook no name - EF BD -C FB- D - F- D F - no file R - URLSearchHook no name - EF BD -C FB- D - F- D F - no file O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll file missing O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - E Program Files Spybot - Search amp Destroy SDHelper dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll... Read more

https://forums.techguy.org/threads/keylogger-maybe-virus.942374/
Relevancy 44.29%

On tuesday my comcast antispyware program powered by CA pestpatrol found what it called quot Bi Frost DJ quot and it's location was c windows system keylog txt It removed it and it has not returned Then my zonealarm spyware found what it called quot Win keyspectst quot and it's location was c Documents and Settings Owner Local Settings & have I virus! keylogger still think Help I Temp is- J tmp isetup RegDLL Help I think I still have keylogger & virus! tmp and it Help I think I still have keylogger & virus! removed it However I'm still not completely sure my computer is okay and it is running incrediably slow but that could be because Help I think I still have keylogger & virus! of all the scans I've been doing recently I want to make sure all the malware viruses keyloggers are off my computer so I can finally use it again I've been going to the library to do anything online Here is my hijack this log Please let me know if I still have a keylogger or virus malware Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system HPConfig exe C Program Files HPQ Notebook Utilities HPWirelessMgr exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared SNDSrvc exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C Program Files Comcast Desktop Doctor bin sprtcmd exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files iTunes iTunesHelper exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files Windows Media Player WMPNSCFG exe C Program Files iPod bin iPodService exe C Program Files Zone Labs ZoneAlarm MailFrontier mantispm exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Hijackthis HijackThis exe C Program Files Webroot Spy Sweeper SSU EXE R - HKCU Software Microsoft Internet Explorer Main Search Bar http www comcast net toolbar search R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize yco www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www comcast net toolbar search R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Comcast R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Comcast Toolbar - E BD F- B D- E- BE-BE DF D AE - C PROGRA COMCAS COMCAS DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar Comcast Toolbar - E BD F- B D- E- BE-BE DF D AE - C PROGRA COMCAS COMCAS DLL O - HKLM Run PreloadApp quot c hp drivers printers photosmart hphprld exe quot c hp drivers printers photosmart setup exe -d O - HKLM Run ddoctorv... Read more

A:Help I think I still have keylogger & virus!

Just wondering if anyone had a chance to look at my hijack this log! My computer told me I had a keylogger or something and now everything keeps telling me I'm fine but I'm not quite sure. Please check my hijack this log to see if my computer is clean or not! Thanks!!

http://www.techsupportforum.com/forums/f100/help-i-think-i-still-have-keylogger-and-virus-239541.html
Relevancy 44.29%

I have recently had an account hacked and I am thinking its a keylogger I have run search amp Destroy Lavasoft Ad-Aware and Malwarebyte's antimalware I think part of this is also due to the fact I was trying to find a new anti virus since mine expired If any of my files look or are in fact damaged altered etc I would greatly appreciate any help in fixing them DDS Ver - - - NTFSx Run by Tiger at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional and/or Virus Keylogger Possible GMT - FW NVIDIA Firewall enabled EDC - D - c -A A-EC D F D Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Possible Keylogger and/or Virus Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exe C WINDOWS system nvsvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C WINDOWS system dllhost exe C Program Files NVIDIA Corporation NetworkAccessManager bin nTrayFw exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files iPod bin iPodService exe C WINDOWS system msiexec exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Tiger Desktop dds scr Pseudo HJT Report mURLSearchHooks H - No File mWinlogon Userinit c windows system userinit exe BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll TB B EAC - D - B E- B -A C A A - No File TB C B - - D - B - A CD F - No File TB CDD BF- FFB- - AD - DF B D - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - EB BBE - E - D -AD - D AD - No File uRun Aim uRun ctfmon exe c windows system ctfmon exe mRun VolPanel quot c program files creative sound blaster x-fi volume panel VolPanel exe quot r mRun nTrayFw c program files nvidia corporation networkaccessmanager bin nTrayFw exe mRun StandardInstall mRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun iTunesHelper quot c program files itunes iTunesHelper exe quot IE DFB A - F - C -A - CAB FD A - - F - D - - D F - c progra spybot SDHelper dll LSP SYSTEMROOT system nvappfilter dll DPF CCA D- A - E -B - DEE D - hxxp upload facebook com controls FacebookPhotoUploader cab DPF B BCA- F C- CF- - - hxxp download macromedia com pub shockwave cabs director sw cab DPF BC F - A - D -BEB - AA B AE - hxxp security symantec com sscv SharedContent vc bin AvSniff cab DPF E F- D - A - DD -E EEEC - hxxp security symantec com sscv SharedContent common bin cabsa cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com get flashplayer current swflash cab SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll SEH Groove GFS Stub Execution Hook b a f -dda - -b ba- e cd - c program files microsoft office office GrooveShellExtensions dll SecurityProviders msapsspc dll schannel dll digest dll msnsspc dll FIREFOX FF - ProfilePath - c docume tiger applic mozilla firefox profiles g jdy n default FF - prefs js browser startup homepage - hxxp www ... Read more

http://www.techsupportforum.com/forums/f284/possible-keylogger-and-or-virus-400407.html
Relevancy 44.29%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Windows OEM Mon exeC Windows System WLTRAY EXEC Program Files Dell MediaDirect PCMService exeC Program Files Common Files Real Update OB realsched exeC Program Files Dell Support Center bin sprtcmd exeC Windows Pixart Pac Monitor exeC Windows sttray exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files DellSupport or virus Help, keylogger! DSAgnt exeC Windows system wbem unsecapp exeC Windows ehome ehtray exeC Program Files Linksys EasyLink Advisor LinksysAgent exeC Program Files Digital Line Detect DLG exeC Program Files Dell QuickSet quickset exeC Windows ehome ehmsas Help, virus or keylogger! exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http safesearch cyberdefender com smallsearch htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by DellR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Users Evolution AppData LocalLow CyberDefender cdmyidd dllO - Hosts localhostO - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Anti-Virus ievkbd dllO - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - c Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Users Evolution AppData LocalLow CyberDefender cdmyidd dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run OEM Mon exe C Windows OEM Mon exeO - HKLM Run Broadcom Wireless Manager UI C Windows system WLTRAY exeO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run PCMService quot C Program Files Dell MediaDirect PCMService exe quot O - HKLM Run ECenter c dell E-Center EULALauncher exeO - HKLM Run dscactivate quot C Program Files Dell Support Center gs agent custom dsca exe quot O - HKLM Run W... Read more

A:Help, virus or keylogger!

Malwarebytes' Anti-Malware 1.33
Database version: 1698
Windows 6.0.6001 Service Pack 1

1/26/2009 10:14:43 PM
mbam-log-2009-01-26 (22-14-39).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 191636
Time elapsed: 1 hour(s), 47 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows?Updates (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Evolution\AppData\LocalLow\CyberDefender\cdmyidd.dll (Trojan.BHO) -> No action taken.

deleted those but still cannot type without random keys or commands happening

http://www.bleepingcomputer.com/forums/t/198431/help-virus-or-keylogger/
Relevancy 43.43%

Yesterday I logged off for roughly hours a with keylogger my computer Virus on and when I turned my computer back on I got an error saying explorer exe could not run and shdocvw dll was missing A friend that is a programmer tried to help me as we thought maybe it was just a bad secter with my HDD and the files were lost corrupt So we loaded shdocvw dll into system It then would boot would no error but still no toolbars or menus come up on the desktop Then I went to run world of warcraft and it said wininet dll was also missing we loaded that in as well Still no toolbars or anything Later that night someone logged on my WoW account and stole all of my stuff and no one has my info so whatever this virus is was obviously to destroy my ability to run programs and steal my key so they could get onto my account Mozilla Firefox works but IE does not so I can't run activescan but here is my hijack this log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS Virus on my computer with a keylogger System smss exe C WINDOWS system winlogon exe C WINDOWS system services Virus on my computer with a keylogger exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgupsvc exe C WINDOWS System svchost exe C WINDOWS System nvsvc exe C Program Files Spyware Doctor sdhelp exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wscntfy exe C WINDOWS system taskmgr exe F hijackthis HijackThis exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - Default URLSearchHook is missing F - REG system ini UserInit userinit exe O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run HGTXPEI C WINDOWS system FirstReboot exe O - HKLM Run SoundFusion RunDll hercplgs cpl BootEntryPoint O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run IPHSend C Program Files Common Files AOL IPHSend IPHSend exe O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run mppds C WINDOWS mppds exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run riur C PROGRA COMMON riur riurm exe O - HKCU Run LDM F Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run WMPNSCFG C Program F... Read more

A:Virus on my computer with a keylogger

Not sure if anything here will help but this is what I get when I try to run WoW now.

This application has encountered a critical error:

ERROR #132 (0x85100084) Fatal Exception
Program: G:\World of Warcraft\WoW.exe
Exception: 0xC0000005 (ACCESS_VIOLATION) at 001B:7C80AE13

The instruction at "0x7C80AE13" referenced memory at "0x80040119".
The memory could not be "read".


WoWBuild: 7561
------------------------------------------------------------------------------

----------------------------------------
x86 Registers
----------------------------------------

EAX=0000003C EBX=00000000 ECX=00000006 EDX=0012F36C ESI=80040111
EDI=0000003C EBP=0012F338 ESP=0012F330 EIP=7C80AE13 FLG=00010286
CS =001B DS =0023 ES =0023 SS =0023 FS =003B GS =0000


----------------------------------------
Stack Trace (Manual)
----------------------------------------

Address Frame Logical addr Module

Showing 9/9 threads...

--- Thread ID: 1804 [Current Thread] ---
7C80AE13 0012F338 0001:00009E13 C:\WINDOWS\system32\kernel32.dll
7C80E8F6 0012F378 0001:0000D8F6 C:\WINDOWS\system32\kernel32.dll
7C80E98B 0012F398 0001:0000D98B C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1396 ---
0064CF88 0144F914 0001:0024BF88 G:\World of Warcraft\WoW.exe
0063F373 0144F940 0001:0023E373 G:\World of Warcraft\WoW.exe
0063F8C8 0144F98C 0001:0023E8C8 G:\World of Warcraft\WoW.exe
0063FE71 0144FABC 0001:0023EE71 G:\World of Warcraft\WoW.exe
0063FFCF 0144FAE4 0001:0023EFCF G:\World of Warcraft\WoW.exe
00642E56 0144FB38 0001:00241E56 G:\World of Warcraft\WoW.exe
0063D1F8 0144FB68 0001:0023C1F8 G:\World of Warcraft\WoW.exe
00459956 0144FF98 0001:00058956 G:\World of Warcraft\WoW.exe
0063AF27 0144FFB4 0001:00239F27 G:\World of Warcraft\WoW.exe
7C80B683 0144FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2004 ---
7C80A075 0696FF88 0001:00009075 C:\WINDOWS\system32\kernel32.dll
72D2312A 0696FFB4 0001:0000212A C:\WINDOWS\system32\wdmaud.drv
7C80B683 0696FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 276 ---
7C80A075 06A6FE40 0001:00009075 C:\WINDOWS\system32\kernel32.dll
73F114A2 06A6FE58 0001:000004A2 C:\WINDOWS\system32\dsound.dll
73F1294A 06A6FF78 0001:0000194A C:\WINDOWS\system32\dsound.dll
73F19FBF 06A6FF98 0001:00008FBF C:\WINDOWS\system32\dsound.dll
73F1297E 06A6FFB4 0001:0000197E C:\WINDOWS\system32\dsound.dll
7C80B683 06A6FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1468 ---
7C80A075 06C6FE48 0001:00009075 C:\WINDOWS\system32\kernel32.dll
73F114A2 06C6FE60 0001:000004A2 C:\WINDOWS\system32\dsound.dll
73F1294A 06C6FF80 0001:0000194A C:\WINDOWS\system32\dsound.dll
73F12A13 06C6FFB4 0001:00001A13 C:\WINDOWS\system32\dsound.dll
7C80B683 06C6FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1700 ---
7C802451 06D6FF98 0001:00001451 C:\WINDOWS\system32\kernel32.dll
0074BB46 06D6FFB4 0001:0034AB46 G:\World of Warcraft\WoW.exe
7C80B683 06D6FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1592 ---
7C802451 06E6FF98 0001:00001451 C:\WINDOWS\system32\kernel32.dll
0074BB46 06E6FFB4 0001:0034AB46 G:\World of Warcraft\WoW.exe
7C80B683 06E6FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1560 ---
7C802532 0706FF64 0001:00001532 C:\WINDOWS\system32\kernel32.dll
006472B0 0706FF74 0001:002462B0 G:\World of Warcraft\WoW.exe
0072B3E5 0706FF8C 0001:0032A3E5 G:\World of Warcraft\WoW.exe
0072B521 0706FF98 0001:0032A521 G:\World of Warcraft\WoW.exe
0063AF27 0706FFB4 0001:00239F27 G:\World of Warcraft\WoW.exe
7C80B683 0706FFEC 0001:0000A683 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 516 ---
7C80A075 0714FF30 0001:00009075 C:\WINDOWS\system32\kernel32.dll
0072BC26 0716FF88 0001:0032AC26 G:\World of Warcraft\WoW.exe
0072B4F8 0716FF98 0001:0032A4F8 G:\World of Warcraft\WoW.exe
0063AF27 0716FFB4 0001:00239F2... Read more

http://www.techsupportforum.com/forums/f284/virus-on-my-computer-with-a-keylogger-200595.html
Relevancy 43.43%

i think i have a virus and keyloggers in my comppls help me Virus Problem Keylogger And find and deleteheres my hjt logLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Sygate SPF smc exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC windows system hpsysdrv exeC WINDOWS System hphmon exeC WINDOWS AGRSMMSG exeC WINDOWS System spool drivers w x hpztsb exeC WINDOWS system igfxtray exeC Program Files Java jre bin jusched exeC Virus And Keylogger Problem Program Files iTunes iTunesHelper exeC WINDOWS system hkcmd exeC WINDOWS system ctfmon exeC WINDOWS system wdfmgr exeC Program Files SpywareGuard sgmain exeC Program Files iPod bin iPodService exeC Program Files SpywareGuard sgbhp exeC WINDOWS Virus And Keylogger Problem System alg exeC WINDOWS System wbem wmiprvse exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC Program Files Norton AntiVirus IWP NPFMntor exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Spyware Doctor sdhelp exeC Program Files Spyware Doctor swdoctor exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgamsvr exeC Program Files Grisoft AVG avgcc exeC Program Files Webroot Spy Sweeper SpySweeper exeC Program Files Webroot Spy Sweeper WRSSSDK exeC Program Files Internet Explorer iexplore exeC PROGRA MOZILLA ORG MOZILLA MOZILLA EXEC Documents and Settings Owner Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http e my yahoo com config my init intl tner my from iR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exeO - HKLM Run HPHmon C WINDOWS System hphmon exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exeO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run ISS SIP C Program Files Anti Keylogger Elite AKE exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SSC UserPrompt quot C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe quot O - HKLM Run NAV CfgWiz quot C Program Files Norton AntiVirus CfgWiz exe... Read more

A:Virus And Keylogger Problem

can u guys also give me a good keylogger scanner and virus and trojan scanner

http://www.bleepingcomputer.com/forums/t/54120/virus-and-keylogger-problem/
Relevancy 43.43%

Thread I got referred from...

http://www.bleepingcomputer.com/forums/topic406034.html

Is a GMER log needed too?

Thank you for whoever helps with this, it is much appreciated.
 Attach.txt   12.58KB
  1 downloads
 DDS.txt   24.64KB
  4 downloads

A:DDS log file, possible keylogger virus.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/406504/dds-log-file-possible-keylogger-virus/
Relevancy 43.43%

Hi I recently just had an to keylogger/virus/something else a I out have figure if Trying issue where my debit card information was taken and used somewhere in Europe I m totally not Trying to figure out if I have a keylogger/virus/something else from Europe Anyway here s the log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Spybot - Search amp Destroy TeaTimer Trying to figure out if I have a keylogger/virus/something else exe C Program Files x Avira AntiVir Desktop avgnt exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Java Java Update jusched exe C Program Files x iTunes iTunes exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceHelper exe C Program Files x Common Files Apple Apple Application Support distnoted exe C ArmyBuilderEX ArmyBuilder exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Internet Explorer iexplore exe C ArmyBuilderEX ArmyBuilder exe C Program Files x Apple Software Update SoftwareUpdate exe C Program Files x Trend Micro HiJackThis HiJackThis exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKLM Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp s amp o vp amp d amp m aspire x R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO no name - MRI DISABLED - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files x Common Files McAfee SystemCore ScriptSn dll O - BHO no name - A F B - A - AA - D - B B E - no file O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - BHO Ask com Toolbar BHO - D C F- A- -A AD- D - C Program Files x Ask com Supertoolbar GenericAskToolbar dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Ask com Toolbar - D C F- A- -A AD- D - C Program Files x Ask com Supertoolbar GenericAskToolbar dll O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run PCMMediaSharing quot C Program Files x Acer Arcade Live Acer HomeMedia Connect ... Read more

A:Trying to figure out if I have a keylogger/virus/something else

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/423237/trying-to-figure-out-if-i-have-a-keyloggervirussomething-else/
Relevancy 43.43%

i think i am infected with virus and keylogger
pls help me find it and delete it

A:Virus And Keylogger Problem

The best way to do this is to run a little program called HiJackThis. This program creates a log. Then you paste the log into the HiJackThis forum here at Bleeping Computer. An expert will help you get rid of the malware on your computer. It takes a little time, and it takes a little patience, but it almost always works!Oh, and you must be good at following instructions, as there will be some to follow. The following instructions will walk you through the process of creating a log:FIRSTRead the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.) NEXTPost your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.FINALLYIf, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.You are in good hands! Good luck!

http://www.bleepingcomputer.com/forums/t/54107/virus-and-keylogger-problem/
Relevancy 43.43%

Logfile of Trend Micro Help PLEASE keylogger virus diagnose, or HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe modeRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Trend Micro Hijack This Trend Micro HiJackThis HiJackThis exeR - HKLM Software Microsoft Internet PLEASE Help diagnose, keylogger or virus Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO vShare Toolbar - C - BB- -AF E- FAEDACF - C Program Files vshare vshare toolbar dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO MakeItLive Plugin - A - E F- D- E - AEAA D A - C Program Files MakeItLive makeitlive toolbar dllO - Toolbar MakeItLive Plugin - A - E F- D- E - AEAA D A - C Program Files MakeItLive makeitlive toolbar dllO - Toolbar vShare Toolbar - C - BB- -AF E- FAEDACF - C Program Files vshare vshare toolbar dllO - HKLM Run EnvyHFCPL C Program Files Audio Deck EnMixCPL exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe file missing O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe file missing O - DPF D A- - C-BEE -AFECE D Facebook Photo Uploader Control - http upload facebook com controls v FacebookPhotoUploader cabO - DPF E E F- F- FB - -AC BF A - http platformdl adobe com NOS getPlusPlus gp cabO - Protocol makeitlivechrome - - - F -BCCF- FCFC D - C Program Files MakeItLive makeitlive toolbar dllO - Protocol vsharechrome - F A B A- FC- A -BB - D EBE D - C Program Files vshare vshare toolbar dllO - SharedTaskScheduler Browseui preloader - C -A BA- D -B B- A C E - C WINDOWS system browseui dllO - SharedTaskScheduler Component Categories cache daemon - C EF- B - d -BE - C - C WINDOWS system browseui dll--End of file - bytesbtw i already downloaded and ran a full malware bytes scan but it didnt detect anything i know keyloggers can be invisible to even the best spyware detectors so please help does this log show signs of anything i know they can also be hidden under file names that look normal to make detection even harder EDIT Posts merged Budapest

A:PLEASE Help diagnose, keylogger or virus

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERENext, please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.Click the Report tab, then click Scan.Check Drivers, Stealth, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.

http://www.bleepingcomputer.com/forums/t/407669/please-help-diagnose-keylogger-or-virus/
Relevancy 43.43%

idk what i got but i did a avast scan and it took out 2 infections and i did a boot time scan and it showed up with 3 infections 2 msil drooper go and 1 win32 pup - gen. im still scared to log on to any sites so what should i do to make sure my computer is completly clean?

A:downloaded a virus maybe a keylogger

Hi happysadman,clean temp files with Temp File Cleaner:Double click on TFC.exe to run the programClick on Start button to begin cleaning processTFC will close all running programs, and if ask you to restart computer allow itthen scan your pc with ESET Online Scanner following this steps:Disable your Antivirus and other security softwareClick here to open ESET Online ScannerClick the buttonOnly if you don' use Internet Explorer:Click on to download the ESET Smart Installer and Save it to your desktopDouble click on the esetsmartinstaller_enu icon on your desktopCheck Click Accept any security warnings from your browserUnder scan settings, check and Uncheck Remove found threatsClick Advanced settings and select:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.When the scan completes, push Click , and save the file to your desktop using a unique name, such as ESETScanClick Click and next download Security Check, save it to your Desktop and:Double-click SecurityCheck.exeFollow the onscreen instructions inside of the black boxA Notepad document should open automatically called checkup.txt; save it to you desktopNow you should to re enable the protections that you have previously disabled and include the contents of the reports in your reply.Regards.

http://www.bleepingcomputer.com/forums/t/407153/downloaded-a-virus-maybe-a-keylogger/
Relevancy 43.43%

Ps I was not able to do laptop? my on Keylogger/virus the sysinfo check because I am using my phone So my younger cousin was at my house yesterday and wanted to use my laptop so I let her She was on club penguin and decided she wanted a free membership so she googled it and downloaded something which was an exe I don t know what the name of it was because I was letting her do her own thing at the time I didn t know she was going to install a virus So anyway after a few hours she went home and I went back to playing games and using the Internet when suddenly out of nowhere a chat box came up with no quot X quot button to close out of it quot Admin quot typed something like this quot thanks for your account quot I was really confused so I typed back quot what account quot And Admin replied quot your club penguin account quot I was immediately like quot oh crap quot At this time I knew my cousins account must ve been hacked There must be a key logger on my system But suddenly the admin typed again He said quot watch Keylogger/virus on my laptop? this quot And suddenly my mouse was moving on its own After doing a little bit of research with the little knowledge I have of computers I think it s a quot rat quot But I m too worried to turn on my computer again in case my computer gets controlled again After panicking and asking my friends they suggested to take out the battery from the laptop and not use it for a few days then take it to a professional But I don t want the chat opening to said professional because Well it would be weird Also my mum is going to be pissed at me for ruining my Christmas present I would love to get rid of this quot rat quot myself preferably I am using a Windows laptop and my cousin downloaded the virus yesterday I have to do school work on this laptop so please any help is appreciated Any at all Please bear in mind I m a noob with computers so if you can explain it in the easiest terms possible it will help a lot Also malware bytes found nothing on my system when I did a scan Thanks nbsp

https://forums.techguy.org/threads/keylogger-virus-on-my-laptop.1170354/
Relevancy 43.43%

Last night I downloaded a crack for a video game. I ran the crack and nothing happened, the program did not open. I scanned the file through an online scanner and it came back 39/42 viruses detected (http://www.virustotal.com/file-scan/report.html?id=74f174ad929c2f95801c79ecd6939b019f2a11ba81de10287bb8ccf4068b1ff7-1307767765)

I did a full computer scan with malwarebytes, nod32(why nod32 didnt catch this is beyond me), spybot and a few others.

Supposedly it removed a few things but I'm still paranoid.

my CPU usage is unusually high. I hope i'm not being monitored/logged.

What do I do first? I was going to run a recovery disk but my cd burner is broken.

What now?

Thanks

A:I think I have a keylogger or virus/malware

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk. Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.trendmicro.com/vinfo...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...Keygen and Crack Sites Distribute VIRUX and FakeAV...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.University of Washington spyware study...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.Bad Web Sites: MalwareWhen you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!The first thing you need to do after removing the cracks is to identify the process causing the high CPU utilization and where it is running from.There are tools to investigate running processes, services and gather additional information to identify them or resolve problems:Process ExplorerSystem ExplorerProcessHacker - (requires Microsoft .NET Framework 2.0 or above to use)AutorunsProcess MonitorAnVir TaskManager FreeWindows Service CommandersvchostViewer-- These tools will provide information about each process, CPU usage, file description and its path location Most of them are stand-alone apps in a zip file so no installation is necessary.-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.Or search the following databases:BC's Startup Programs DatabaseSystemLookup StartupList IndexProcessLibrary.comFile Research CenterIf you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second op... Read more

http://www.bleepingcomputer.com/forums/t/403256/i-think-i-have-a-keylogger-or-virusmalware/
Relevancy 43.43%

Due to some suspicious activity on my pc and a recent infection I kindly ask that someone experienced pls review the following HJT Log I opened an email supposedly from quot Classmates com quot and it it lead me to a fake site where I was infected with a quot keylogger quot virus My Norton IS did not detect nor stop the virus I knew I was infected when all of the sites that normally have my ID password info were suddenly asking me for that info NIS did not find anything but an online scan from Bitdefender did find a quot keylogger quot virus Also CA Yahoo Antivirus found viruses as did Spybot Search amp Destroy Subsequent virus scans have not found anything Furthermore I have a lot of spam that seems to be coming from Outlook on my pc I don't think this is "KeyLogger" Self-Spamming Virus & related to the quot keylogger quot issue as it has been going on for sometime This is a summary why I need a professional to review this HJT Log ASAP and make sure I'm CLEAN Attached is also a screenshot of the Immunize list from Spybot You will see the viruses it found quot PWS smal bs quot amp quot Nurech quot Appreciate your help and look forward to your reply Michael lt lt lt gt gt gt DDS Ver - - - NTFSx Run by Michael at on Wed Internet Explorer Microsoft Windows XP Professional "KeyLogger" Virus & Self-Spamming GMT - AV BitDefender Antivirus On-access scanning enabled Updated FW BitDefender Firewall enabled Running Processes C WINDOWS system ibmpmsvc exe C WINDOWS "KeyLogger" Virus & Self-Spamming system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Common Files BitDefender BitDefender Update Service livesrv exe C Program Files BitDefender BitDefender vsserv exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel WiFi bin S EvMon exe svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Common Files Lenovo Scheduler scheduler proxy exe C WINDOWS system TpShocks exe C PROGRA ThinkPad PkgMgr HOTKEY TPHKMGR exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Analog Devices SoundMAX SMax PNP exe C Program Files ThinkPad PkgMgr HOTKEY TPONSCR exe C Program Files ThinkPad PkgMgr HOTKEY TpScrex exe C Program Files CyberLink PowerDVD PDVDServ exe C WINDOWS system rundll exe C PROGRA ThinkPad UTILIT EzEjMnAp Exe C WINDOWS system rundll exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Logitech QuickCam QuickCam exe C WINDOWS system WDBtnMgr exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files PrettyMayBusiness PrettyMay exe C Program Files Intel WiFi bin ZCfgSvc exe C Program Files Common Files Intel WirelessCommon iFrmewrk exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Skype Phone Skype exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Nuance PDF Professional pdfpro hook exe C WINDOWS system wfxsnt exe C PROGRA WinFax WFXSWTCH exe C Program Files Java jre bin jusched exe C Program Files BitDefender BitDefender bdagent exe C WINDOWS system ctfmon exe C Program Files ThinkPad Utilities TpKmapMn exe C Program Files Microsoft ActiveSync Wcescomm exe C PROGRA MICROS rapimgr exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Polycom Communicator for skype Application Polycom Communicator exe C PROGRA Polycom COMMUN APPLIC PLCMGO EXE C Program Files Trillian trillian exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe svchost exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files Intel WiFi bin EvtEng exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C Program Files Common Files LogiShr... Read more

A:"KeyLogger" Virus & Self-Spamming

Hi mpc67,It has come to my attention that you have posted for help with your computer at other forums.http://malwareremoval.com/forum/viewtopic.php?p=391392#p391392Please note the following You should only seek help at one forum.
If you have multi-posted, we ask that you request the others to close your topics.

Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.

By Multi Posting you are utilising the time of two (or more) trained helpers.

Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

Understandably this causes a certain amount of bad feeling. From the helper who has needlessly spent time researching your log and compiling and posting instructions. From others who have to wait longer for their problems to be addressed. Advice from two seperate helpers can cause problems. Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.If you wish to continue here, please notify the other forums so they can close your threads.If you wish to be helped elsewhere let me know so I can close your thread here.

http://www.bleepingcomputer.com/forums/t/193290/keylogger-virus-self-spamming/
Relevancy 43.43%

First HELLO I am new to quot BleepingComputers quot About a week ago I discovered that the game I have been playing for many yrs was hacked quot Keyloggers quot seem to be the culprits when it comes to getting hacked with quot online MMORPG s quot NCSoft is the maker of this game and their support has been really great They recovered my account and even returned some items that were stolen A couple of days later it happened again Hacked I couldn t log into my account etc I am at the point that I don t even care but Iam concerned about quot keyloggers quot that might also record my keystrokes for other online accounting that I perform NCSoft asked me to run quot HiJackThis quot I did They suggested that O - HKCU Run Display Driver C DOCUME ADMINI LOCALS Tempdispdrv exe was a possible virus Possible Keylogger, Virus, Trojan... or keylogger I removed it twice but it continues to load itself I only assume it loads itslef back up because when I run HiJackThis it appears again Does ANYONE recognize anything Possible Keylogger, Virus, Trojan... here that may be of concern I truly appreciate any and all feedback Thank in advance ChaiVatLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program FilesAlwil SoftwareAvast aswUpdSv exeC Program FilesAlwil SoftwareAvast ashServ exeC WINDOWSSysWOW svchost exeC Program Files x ASUSAsSysCtrlService AsSysCtrlService exeC Program Files x Javajre binjqs exeC Program Files x GoogleUpdateGoogleUpdate exeC Program Files x Common FilesNeroNero BackItUp NBService exeC WINDOWSSysWOW PnkBstrA exeC WINDOWSSysWOW PnkBstrB exeC Program Files x PhotodexProShowGoldScsiAccess exeC Program FilesAlwil SoftwareAvast ashWebSv exeC Program Files x IObitAdvanced SystemCare AWC exeC Program Files x DAEMON Tools LiteDTLite exeC Program Files x Spybot - Search amp DestroyTeaTimer exeC Program Files x iTeleportiTeleport ConnectiTeleportConnect exeC Program FilesASUSAi SuiteAiNapAiNap exeC Program FilesASUSAi SuiteCPU Level UPExCpuLevelUp exeC Program Files x ASUSAI Direct LinkAsShare exeC Program FilesLogitechSetPointx SetPoint exeC Program FilesASUSTurboVTurboV exeC Program FilesASUSSix EngineSixEngine exeC Program Files x n ten teHid exeC Program Files x Analog DevicesCoresmax pnp exeC Program Files x Javajre binjusched exeC Program Files x Common FilesRealUpdate OBrealsched exeC PROGRA ALWILS Avast ashDisp exeC Program Files x n ten teTra exeC Program Files x Mozilla Firefoxfirefox exeC Program Files x Javajre binjucheck exeC Program Files x Trend MicroHijackThisHiJackThis exeR - HKLMSoftwareMicrosoftInternet ExplorerMain Default Page URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Default Search URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Search Page http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Start Page http go microsoft com fwlink LinkId R - HKCUSoftwareMicrosoftInternet Connection Wizard ShellNext http update microsoft com R - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings ProxyOverride localR - URLSearchHook MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Documents and SettingsAdministratorLocal SettingsApplication DataCyberDefendercdmyidd dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common FilesAdobeAcrobatActiveXAcroIEHelperShim dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files x RealRealPlayerrpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files x Microsoft OfficeOffice GrooveShellExtensions dllO - BHO MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Documents and SettingsAdministratorLocal SettingsApplication DataCyberDefendercdmyidd dllO - BHO Java Plug... Read more

A:Possible Keylogger, Virus, Trojan...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/314652/possible-keylogger-virus-trojan/
Relevancy 43.43%

hiyas just came across this forums while looking for a place to post hijackthis log I play wow well i use to months ago tried to go back and apparently account has been temporaily issue w/hjt Hi virus/keylogger log suspended from Hi virus/keylogger issue w/hjt log what they said they think its from keylogger access but the gm is still looking to the reason why it was frozen ive gone through there security Hi virus/keylogger issue w/hjt log advise and used malwarebytes spybot ad-aware and avast Hi virus/keylogger issue w/hjt log no idea if theres anything there still but done a hijackthis log If you need any more info let me no thanks Mike Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system rundll exe C WINDOWS RTHDCPL EXE C Program Files Logitech Logitech WebCam Software LWS exe C Program Files Cyberlink Shared Files brs exe C Program Files CyberLink PowerDVD PDVD Serv exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system RUNDLL EXE C Program Files Windows Live Messenger msnmsgr exe C WINDOWS system ctfmon exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS System svchost exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS System svchost exe C Program Files Alwil Software Avast AvastSvc exe C Program Files Alwil Software Avast avastUI exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run SkyTel SkyTel EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech Logitech WebCam Software LWS exe quot hide O - HKLM Run BDRegion C Program Files Cyberlink Shared Files brs exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVD Serv exe quot O - HKLM Run PDVD LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Common Files Java Java Update jusched exe quot O - HKLM Run nwiz C Program Files NVIDIA Corporation nView nwiz exe installquiet O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe qu... Read more

A:Hi virus/keylogger issue w/hjt log

anybody...
 

https://forums.techguy.org/threads/hi-virus-keylogger-issue-w-hjt-log.937723/
Relevancy 43.43%

My WoW account was hacked on Christmas eve and although i changed my email address and password on different occasions the hacker seems Virus/Keylogger WoW Account to be able to access them and change them at will I followed all the instructions on the thread that a WoW GM linked me too and scanned my PC with ATF Cleaner Ad-aware Spybot MBAM Bitdefender and Avast and deleted anything that they turned up which was just a few tracking cookies I am WoW Account Virus/Keylogger posting my log from HJT and MBAM as i was asked to do and i hope some of the people on here could give me some advice I am computer illiterate and a silver surfer and if someone could help sort this out it would be greatly appreciated i use windows XP and service pack Thanks in advance Spike DDS Ver - WoW Account Virus/Keylogger - - NTFSx Run by Phil at on Internet Explorer Microsoft Windows XP Home Edition GMT AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS System Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system Ati evxx exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system acs exe svchost exe C Program Files Atheros ACU exe C WINDOWS system RUNDLL EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Documents and Settings Phil My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp goggle com uURLSearchHooks DefaultSearchHook Class c e b- - a - b- b befc db - c program files asksearch bin DefaultSearch dll TB EA- A- B-ADF - D E CC - No File EB - a - b-a - c a a - No File uRun CTFMON EXE c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun ACU quot c program files atheros ACU exe quot -nogui mRun MS MASTER RUNDLL EXE c windows system xml inc dll i mRun avast c progra alwils avast ashDisp exe dRun CTFMON EXE c windows system CTFMON EXE IE d f - f - d - - c a - windir bdoscandel exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF D DDB -BDF - B- E E-D F EE - hxxp download bitdefender com resources scanner sources en scan oscan cab DPF D CDB E-AE D- CF- B - - hxxp download macromedia com pub shockwave cabs flash swflash cab Notify AtiExtEvent - Ati evxx dll Hosts www spywareinfo com SERVICES DRIVERS R Lbd Lbd c windows system drivers Lbd sys - - R aswSP avast Self Protection c windows system drivers aswSP sys - - R aswFsBlk aswFsBlk c windows system drivers aswFsBlk sys - - R avast Antivirus avast Antivirus c program files alwil software avast ashServ exe - - R Lavasoft Ad-Aware Service Lavasoft Ad-Aware Service c program files lavasoft ad-aware AAWService exe - - R avast Mail Scanner avast Mail Scanner c program files alwil software avast ashMaiSv exe - - R avast Web Scanner avast Web Scanner c program files alwil software avast ashWebSv exe - - R HSFHWATI HSFHWATI c windows system drivers HSFHWATI sys - - S gupdate Google Update Service gupdate c program files google update GoogleUpdate exe - - Created Last - - -c--a-w- c windows system drivers mbamswissarmy sys - - -c--a-w- c windows system drivers mbam sys - - d-----w- c docume phil applic BitDefender - - -c--a-w- C BdUninstallTool - reg - - d-----w- c docume alluse win applic Kaspersky Lab Setup Files - - d-----w- c docume phil applic Malwarebytes - - ... Read more

A:WoW Account Virus/Keylogger

could somebody please delete this thread as i have posted it already on a sister help site of this one,thank you
 

https://forums.techguy.org/threads/wow-account-virus-keylogger.890658/
Relevancy 43.43%

My e-mail adresses and other accounts have been hacked I made a full scan with nod malwarebytes spybot and ccleaner After that I hijacked my PC here's the log sorry my english Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP Szervizcsomag WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe or trojan virus Keylogger C Keylogger or trojan virus WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS ATKKBService exe C Program Files ESET ESET NOD Antivirus ekrn exe C WINDOWS System nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS Explorer EXE C WINDOWS soundman exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system RunDLL exe C WINDOWS system RunDll exe C WINDOWS V Mon exe D J t kok D-tools daemon exe C Program Files DivX DivX Update DivXUpdate exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe D J t kok TS ts client win exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www t-online hu R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hivatkoz sok O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Windows Live bejelentkez si seg ts g - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run SoundMan soundman exe O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run V Mon exe C WINDOWS V Mon exe O - HKLM Run DAEMON Tools- quot D J t kok D-tools daemon exe quot -lang O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run DivXUpdate quot C Program Files DivX DivX Update DivXUpdate exe quot CHECKNOW O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run Google Update quot C Documents and Settings Wynner Local Settings Application Data Google Update GoogleUpdate exe quot c O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'HELYI SZOLG LTAT S' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'H L ZATI SZOLG LTAT S' O - HKUS S- - - Run CTFMON EXE C W... Read more

A:Keylogger or trojan virus

Hello and welcome to TSF.

Apologies for the long delay in response. If you still require assistance, please provide us with the set of logs requested in our pre-posting page.

New Instructions - Read This Before Posting for Malware Removal Help

http://www.techsupportforum.com/forums/f284/keylogger-or-trojan-virus-480669.html
Relevancy 43.43%

Hi,
I explained my virus situation and posted my HT log in a post yesterday (4:35 pm by infonut) but haven't had any replies. Feeling a bit lonely in the woods here.
Is there something else I need to do or something I missed?
Sure would love to clear this up so I can keep on working...
Any help would be appreciate.
Thanks!

A:Trying to remove a keylogger virus

I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 200 unanswered topics, the oldest dated Feb. 10, 2011 at 1:39 pm Eastern Standard Time in the U.S.A. Your log topic is dated Feb. 15, 2011 at 6:35 PM using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange Blossom

http://www.bleepingcomputer.com/forums/t/379990/trying-to-remove-a-keylogger-virus/
Relevancy 43.43%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Dell DataSafe Local Backup Components scheduler STService exe C Program Files x Dell DataSafe Local Backup Toaster exe C WINDOWS Microsoft NET Framework v vbc exe C Program Files x Dell DataSafe Online DataSafeOnline exe C Program Files x Dell Webcam Dell Webcam Central WebcamDell exe C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe C Program Files x Dell DellComms bin sprtcmd exe C Program Files x Dell Support Center bin sprtcmd exe C Program Files x Adobe Acrobat Acrobat acrotray exe C Program Files x iTunes iTunesHelper exe C Program Files x Ask com Updater Updater exe C Program Files AVAST Software Avast AvastUI exe C Program Files x Common Files Java Java Update jusched exe Keylogger/virus pleaseee help me C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Program Files x HP HP Software Update hpwuschd exe C Program Files x HP Digital Imaging bin hpqste exe C Program Files x HP Digital Imaging bin hpqgpc exe C Program Files x HP Digital Imaging bin hpqtra exe Keylogger/virus help me pleaseee C Program Files x HP Digital Imaging bin hpqbam exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C windows SysWOW rundll exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C PROGRA Java jre bin jp launcher exe C Program Files x Java jre bin java exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Users Kim Hunter AppData Local Google Chrome Application chrome exe C Program Files x Trend Micro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com ilc R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook UrlSearchHook Class - - E - FD - - F E FC - C Program Files x Ask com GenericAskToolbar dll R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files x Yahoo Companion Installs cpn yt dll F - REG system ini UserInit userinit exe O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dll O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO avast WebRep - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files x Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program ... Read more

A:Keylogger/virus help me pleaseee

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433295 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/433295/keyloggervirus-help-me-pleaseee/
Relevancy 43.43%

Like the title said I think Possible Virus? and Keylogger Contra there is possibly a Keylogger on my computer as well as something called the Contra Virus I'm afraid to log Possible Keylogger and Contra Virus? in to anything important because of it Can someone please help me be sure my Possible Keylogger and Contra Virus? computer is clean DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by richard montgomery at on - - Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe svchost exe C WINDOWS System CTsvcCDA exe C Program Files Java jre bin jqs exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINDOWS System nvsvc exe C WINDOWS system HPZipm exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS System svchost exe -k imgsvc C WINDOWS System MsPMSPSv exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C Program Files Java jre bin jusched exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jucheck exe C WINDOWS system wuauclt exe Pseudo HJT Report uSearchMigratedDefaultURL hxxp search live com results aspx q searchTerms amp src referrer source BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c progra yahoo companion installs cpn yt dll BHO C C A-E - b - D - CECB - No File BHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO Windows Live Toolbar Helper e a dc - - a - ea-dc ec acf - c program files windows live toolbar wltcore dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO SingleInstance Class fdad da - a - fd - c - f ac - c progra yahoo companion installs cpn YTSingleInstance dll TB amp Windows Live Toolbar fa ef- d- d - b f- a d - c program files windows live toolbar wltcore dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll TB BDAD DAD-C - A -ADC - B B FF D - No File uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun ctfmon exe c windows system ctfmon exe uRun Steam quot c program files steam Steam exe quot -silent uRun Messenger Yahoo quot c progra yahoo messenger YahooMessenger exe quot -quiet mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun CTSysVol c program files creative sbaudigy zs surround mixer CTSysVol exe r mRun SBDrvDet c program files creative sb drive det SBDrvDet exe r mRun UpdReg c windows UpdReg EXE mRun EPSON Stylus Photo R Series Copy c windows system spool drivers w x E S I H EXE P quot EPSON Stylus Photo R Series Copy quot O quot LPT quot M quot Stylus Photo R quot mRun AudioHQU c program files creative sbaudigy zs audiohq AHQTBU EXE mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun LogitechCommunicationsManager quot c program files common files logishrd lcommgr Communications Helper exe quot mRun CTXFIREG CTxfiReg exe mRun CTDVDDET quot c program files creative sbaudigy zs dvdaudio CTDVDDET EXE quot mRun SunJavaUpdateSc... Read more

A:Possible Keylogger and Contra Virus?

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.

Quote:




Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.

http://www.techsupportforum.com/forums/f100/possible-keylogger-and-contra-virus-579966.html
Relevancy 43.43%

Hi there I ve been having a strange issue lately Virus? Solved: Keylogger When playing video games I sometimes lose control of my character for a short period of time and it performs seemingly random actions I thought I may have had a virus Solved: Keylogger Virus? so I installed the latest zonealarm extreme security suite and scanned my system Nothing was found Later I was browsing and noticed that an e-mail that my girlfriend had been typing on my computer started to type itself complete with pauses used during typing I m now assuming that there is a keylogger of some sort in my system but I m unsure as to whether or not it is actually a virus I believe that I am sometimes typing the shortcut to quot play back quot the macro keylog that was made while I m playing video games It always happens at an unexpected time therefore it is difficult to tell what the shortcut actually is I also find it unlikely that it is a virus due to the fact that I am able to trigger the playback on my end Would a virus be coded that poorly Perhaps I m running windows XP SP When it happens in the video game I immediately switch to word processing software and am able to read the exact same e-mail each time Does anyone have any idea what I can do to correct this nbsp

A:Solved: Keylogger Virus?

Do you have a wireless keyboard?

Have you tried another keyboard?

Any other computers in the house? If so, anyone using one of them while you're working on yours?

===================================================================

Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next post.

IMPORTANT: Do not fix anything

===================================================================

Run HijackThis again.

Click on Open The Misc Tools section.

Click on Open Uninstall Manager...

Click on Save list...

Save the text file to the desktop.

Copy and paste the log (from Notepad) in your next post.
 

https://forums.techguy.org/threads/solved-keylogger-virus.974113/
Relevancy 43.43%

Hi - Yesterday I found the above and a few more risks on an avg online scan which I removed I then downloaded spybot and ran that Something called tealogger kept giving keylogger not-a-virus.monitor me a blue screen and crashed my computer This morning i couldn't get my computer to get past ' search for a safer start place' until after several attempts i got onto my regular desktop I did a system restore to the previous day I uninstalled spybot and ran the avg scan again the not-a-virus keylogger was there as well as something in my system volumes I've downlaoded hjt - here are the logs plllease help thank you kisses kim Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE not-a-virus.monitor keylogger Internet Explorer v Boot mode Normal Running not-a-virus.monitor keylogger processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS not-a-virus.monitor keylogger system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C PROGRA AVG AVG avgwdsvc exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgemc exe C WINDOWS System alg exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C WINDOWS AGRSMMSG exe C WINDOWS RTHDCPL EXE C Program Files TOSHIBA ConfigFree NDSTray exe C WINDOWS System DLA DLACTRLW EXE C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TDispVol exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS system rundll exe C WINDOWS system TPSMain exe C Program Files Synaptics SynTP Toshiba exe C WINDOWS system rundll exe C WINDOWS system TPSBattM exe C Program Files QuickTime qttask exe C Program Files Adobe Photoshop Elements apdproxy exe C PROGRA AVG AVG avgtray exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Messenger msmsgs exe C Program Files Nikon PictureProject NkbMonitor exe C WINDOWS system RAMASST exe C Program Files Outlook Express msimn exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www metacrawler com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided by SHAW Internet R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Ru... Read more

http://www.techsupportforum.com/forums/f284/not-a-virus-monitor-keylogger-322341.html
Relevancy 43.43%

someone sent me a file, i executed the file... then realised it was a fake email that was not from my friend. ever since i executed the file spybot S&D has not finished a scan and ad-aware hasnt either... any tips on how i can get rid of the problem?

i dont really know where to start so thank you for any help.

Spybot Search&Destroy Error:

 

Relevancy 43.43%

I am almost a 100% almost - keylogger have Hijackthis virus sure i or Log positive i have a keylogger since my world of warcraft got hacked times despite me changing my email x's including passwords After the first Hijackthis Log - almost 100% sure i have a keylogger or virus time i got hacked i completely reformatted my harddrive and is still being broken in to Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system nvsvc exeC Hijackthis Log - almost 100% sure i have a keylogger or virus WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA AVG AVG avgwdsvc exeC WINDOWS system CTsvcCDA exeC Program Files M-Audio M-Audio Series II MIDI MA CMIDI Hijackthis Log - almost 100% sure i have a keylogger or virus Inst exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgemc exeC PROGRA AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC PROGRA AVG AVG avgtray exeC Program Files Windows Live Messenger msnmsgr exeC WINDOWS System svchost exeC WINDOWS system wuauclt exeC WINDOWS system ctfmon exeC Program Files foobar foobar exeC WINDOWS system msiexec exeC Program Files Mozilla Firefox firefox exeC DOCUME MICHAE LOCALS Temp Rar EX HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dllO - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dllO - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'LOCAL SERVICE' O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'NETWORK SERVICE' O - HKUS S- - - RunOnce nltide regsvr s n i U shell User 'SYSTEM' O - HKUS DEFAULT RunOnce nltide regsvr s n i U shell User 'Default user' O - Extra context menu item Add to Google Photos Screensa amp ver - res C WINDOWS system GPhotos scr O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Extra button Messenger - FB F -F - d -BB E- C F - C Program F... Read more

A:Hijackthis Log - almost 100% sure i have a keylogger or virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/265078/hijackthis-log-almost-100-sure-i-have-a-keylogger-or-virus/
Relevancy 43.43%

Hi my wow and email accounts were and had been hacked by a keylogger virus It copied any information i typed into a text box such as my passwords and ID plz help important, rid of I virus, someone getting keylogger a =D help rly need s and sent them to someone else so it was really annoying Blizzard sent me this guide to follow to clean my computer from keyloggers called quot Magekid s Guide to Cleaning PC from Keyloggers quot They basically told me to download various I need help getting rid of a keylogger virus, rly important, plz someone help =D free scanners like Spyboy Search and Destroy and Mbam and Adaware and a couple others however i dont know if its still somewhere on my system or if its actually gone I was also told to do a System Restore but im not sure what that will do exactly I was also told to post a log on this forum from Hijackthis Can someone help me please im not sure if my computer is still infected or not or how to get rid of this even while i have - scanners on this computer at the moment My computer is also a macbook pro with a windows xp service pack side on it from Bootcamp Assistant so theres lots of bootcamp drivers for the mac pc drivers Thanks Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system AppleOSSMgr exe C WINDOWS system AppleTimeSrv exe C Program Files Bonjour mDNSResponder exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C WINDOWS system rundll exe C Program Files Boot Camp KbdMgr exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files iTunes iTunesHelper exe C Program Files A Tech Mouse Amoumain exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Winamp winampa exe C Program Files Java jre bin jusched exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Skype Phone Skype exe C WINDOWS system ctfmon exe C Program Files iPod bin iPodService exe C Program Files Windows Live Contacts wlcomm exe C Program Files Skype Plugin Manager skypePM exe C WINDOWS system wuauclt exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Berk Ercan Local Settings Application Data Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www ask com o amp l dis R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy saramco net R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook DefaultSearchHook Class - C E B- - A - B- B BEFC DB - C Program Files AskSearch bin DefaultSearch dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Gr... Read more

https://forums.techguy.org/threads/i-need-help-getting-rid-of-a-keylogger-virus-rly-important-plz-someone-help-d.863349/
Relevancy 43.43%

hi i play warcraft alot and the other day i had been hacked i dint no what to do so i changed my email and passwords for everything then nyt ive been hacked agen looked it up abit more and i belive i have a keylogger virus this is my hijackthis log is sum could have a look at it and get back to me it would be a big help thank you Logfile of Trend Micro a belive keylogger virus i i help have plz HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe i belive i have a keylogger virus plz help C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files i belive i have a keylogger virus plz help ATI Technologies ATI ACE Core-Static MOM EXE C Program Files ANI ANIWZCS Service WZCSLDR exe C Program Files D-Link D-Link Wireless N DWA- AirNCFG exe C Program Files Java jre bin jusched exe C Program Files Hotbar bin HotbarSA exe C Program Files F-Secure Safe F-Secure Internet Security Common FSM EXE C Program Files iTunes iTunesHelper exe i belive i have a keylogger virus plz help C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Steam Steam exe C Windows ehome ehmsas exe C Windows system wbem unsecapp exe C Program Files Windows Sidebar sidebar exe C Program Files F-Secure Safe F-Secure Online Backup fsolb-safe-eu exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files F-Secure Safe F-Secure Online Backup AGMailAgent exe C Windows system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www thottbot com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO LitmusBHO - C EB - - - F- CF AE DC C - C Program Files F-Secure Safe F-Secure Internet Security NRS iescript baselitmus dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - Toolbar Browsing Protection Toolbar - EEE E- - D -AEA -F FDF - C Program Files F-Secure Safe F-Secure Internet Security NRS iescript baselitmus dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run StartCCC quot C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe quot O - HKLM Run GrooveMonito... Read more

https://forums.techguy.org/threads/i-belive-i-have-a-keylogger-virus-plz-help.887107/
Relevancy 43.43%

Dear All I am facing a weird problem When I am using my computer some programm runs for - seconds and immideately closes It happens too fast for me to see exactly whats happening I suspect this program is some sort of Keylogger or virus but I am not sure I am posting DDS log below Kindly let me know if anything else is required Please help me as I am totally clueless DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Rakesh at on - - Microsoft Windows Ultimate GMT AV avast Antivirus Enabled Updated AD D -BA - C - - A AD B SP Windows Defender Enabled Outdated D DDC A- F- fae- E -DA C ACF SP avast Antivirus Enabled Updated ACCC CA - virus infection Possible keylogger or C - C - B -AFE D Possible virus or keylogger infection E Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows Possible virus or keylogger infection system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files AVAST Software Avast AvastSvc exe C Windows System spoolsv exe C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files x HTC HTC Sync Manager HSMServiceEntry exe C ProgramData DatacardService HWDeviceService exe C ProgramData Idea Net Setter OnlineUpdate ouc exe C Program Files x HTC Internet Pass-Through PassThruSvr exe C Windows SysWOW PnkBstrA exe C Windows system svchost exe -k imgsvc C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C ProgramData DatacardService DCSHelper exe C Program Files x HTC HTC Sync Manager HTC Sync adb exe C Program Files x Spybot - Search amp Destroy SDWinSec exe C Windows system UI Detect exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Common Files Ahead Lib NMBgMonitor exe C Program Files x WordWeb wweb exe C Users Rakesh AppData Roaming uTorrent uTorrent exe C Program Files x Google Chrome Application chrome exe C Program Files x Common Files Ahead Lib NMIndexingService exe C Program Files x Google Chrome Application chrome exe C Windows system SearchIndexer exe C Program Files x Google Possible virus or keylogger infection Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files x Common Files Ahead Lib NMIndexStoreSvr exe C Program Files NVIDIA Corporation Display nvtray exe C Program Files x PowerISO PWRISOVM EXE C Program Files x HTC HTC Sync htcUPCTLoader exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Java Java Update jusched exe C Program Files AVAST Software Avast AvastUI exe C Program Files iPod bin iPodService exe C Program Files x Mozilla Firefox firefox exe C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe C Windows System svchost exe -k secsvcs C Program Files Windows Media Player wmpnetwk exe C Windows system wuauclt exe C Program Files x Mozilla Firefox plugin-container exe C Users Rakesh AppData Local Google Google Talk Plugin googletalkplugin exe C Windows system wbem wmiprvse exe C Windows System cscript exe Pseudo HJT Report uStart Page hxxp www yandex ru clid mWinlogon Userinit userinit exe BHO Spybot-S amp D IE Protection - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll BHO Groove GFS Browser He... Read more

A:Possible virus or keylogger infection

Hi ghadagerakesh,
Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum
My name is Mako and I will be helping you with your computer problems.
Before we begin, please note the following:
Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
The instructions given are for your system only!
Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
If you don't understand something don't hesitate to ask before running the tools.
Now let's get started...
   P2P Warning!
 
Going over your logs I noticed that you have uTorrent installed.
Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.
 
   Please run the following tool for me...======Zoek.exe======
Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html
Download zoek.exe to your desktop by clicking the Zoek.exe button in the top left corner.
If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
On the Desktop, double-click Zoek.exe to start the tool.
Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
Give the program a few seconds to appear.
Copy and paste the following script in the code box:
Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
filesrcm;
startupall;
chromelook;
firefoxlook;
uninstall-list;
C:\ProgramData\InstallMate;fs
C:\Program Files\A;vs
Click the "Run script" button and wait patiently.
When finished the logfile will be opened in notepad.
If a reboot is needed the logfile will be opened after reboot.
The zoek-results.log can also be found on your systemdrive.
Please post the logfile for further review in your next comment.

http://www.bleepingcomputer.com/forums/t/520318/possible-virus-or-keylogger-infection/
Relevancy 43.43%

My e-mail adresses and other accounts have been hacked I made a full scan with nod malwarebytes spybot and ccleaner After that I hijacked my PC here s the log sorry my english Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP Szervizcsomag WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS virus Keylogger trojan or system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS ATKKBService exe C Program Files ESET ESET NOD Antivirus ekrn exe C WINDOWS System nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS Explorer EXE C WINDOWS soundman exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system RunDLL exe C WINDOWS system RunDll Keylogger or trojan virus exe C WINDOWS V Mon exe D Keylogger or trojan virus J t kok D-tools daemon exe C Program Files DivX DivX Update DivXUpdate exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe D J t kok TS ts client win exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe C Documents and Settings Wynner Local Settings Application Data Google Chrome Application chrome exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www t-online hu R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hivatkoz sok O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Windows Live bejelentkez si seg ts g - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run SoundMan soundman exe O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run V Mon exe C WINDOWS V Mon exe O - HKLM Run DAEMON Tools- quot D J t kok D-tools daemon exe quot -lang O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run DivXUpdate quot C Program Files DivX DivX Update DivXUpdate exe quot CHECKNOW O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run Google Update quot C Documents and Settings Wynner Local Settings Application Data Google Update GoogleUpdate exe quot c O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User HELYI SZOLG LTAT S O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User H L ZATI SZOLG LTAT S O - HKUS S- ... Read more

https://forums.techguy.org/threads/keylogger-or-trojan-virus.920611/
Relevancy 43.43%

I had my account in World of warcraft hacked and the support said that it must have been some sort of keylogger trojan virus Please help me find out if it is that that has been done i dont virus keylogger/trojan have access to Win install disc or boot cd The DDS log DDS Ver - - - NTFSx Run by balkongstander at on - - Internet Explorer Microsoft Windows Vista Home Premium GMT AV Norton Internet Security On-access scanning enabled Updated E A - keylogger/trojan virus - -B - C C F SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C keylogger/trojan virus DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP Norton Internet Security enabled Updated CBB EE - - DAB- B -D C AA E A FW Norton Internet Security enabled C A C -F F- AC -B -A E C F Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files Fingerprint Sensor AtService exe C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe c Program Files Common Files Symantec Shared ccSvcHst exe C Program Files DigitalPersona Bin DpHostW exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system rundll exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files Windows Live Family Safety fsssvc exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Windows system PnkBstrA exe C Windows system PnkBstrB exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files HP QuickPlay Kernel TV QPCapSvc exe C Program Files HP QuickPlay Kernel TV QPSched exe C Program Files CyberLink Shared Files RichVideo exe C Windows system svchost exe -k imgsvc C Program Files Voddler service voddler exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Windows System alg exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files Windows Live Family Safety fsui exe C Windows System iid exe C Program Files HP QuickPlay QPService exe C Windows System rundll exe C Program Files HP HP Software Update hpwuschd exe C Program Files Voddler service VNetManager exe C Program Files DigitalPersona Bin DpAgent exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe c Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Curse CurseClient exe C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Program Files Personal bin Personal exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Windows system wbem wmiprvse exe C Windows ehome ehmsas exe C Program Files Windows Media Player wmpnetwk exe C Program Files Hewlett-Packard Shared HpqToaster exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files iPod bin iPodServi... Read more

http://www.techsupportforum.com/forums/f284/keylogger-trojan-virus-437926.html
Relevancy 43.43%

I suspect my Warcraft account is being hacked It's been banned twice and I've received four password resets from Blizzard in the last fortnight in addition to making several of my own The account is accessed only from my computer and I've done nothing stupid with regard to giving out account details For this reason I suspect a virus on my computer Avast returns a clean virus scan The computer freezes at the same percentage complete through a pandasecurity scan I've noticed no other changes with the computer Logs are shown below appreciate the help DDS Ver - - - NTFSx Run by Robert at on Fri Internet Explorer Microsoft Windows XP Professional GMT AV avast antivirus VPS - On-access scanning disabled Updated DB - F - A -B - A FD D Running Processes C virus Suspected keylogger WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe D Program Files Alwil Software Avast aswUpdSv exe C WINDOWS system Ati evxx exe D Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C WINDOWS system RunDll exe C Program Files Microsoft Office Office GrooveMonitor exe D PROGRA ALWILS Avast ashDisp exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe D Program Files Snap Internet Usage Monitor SnapUsageMonitor exe C Program Files ATI Suspected keylogger virus Technologies ATI ACE Core-Static ccc exe svchost exe C Program Files Java jre bin jqs exe C WINDOWS system wscntfy exe C Documents and Settings Robert Desktop dds scr Pseudo HJT Report BHO C C A-E - b - D - CECB - No File BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c progra micros office GRA E DLL BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun Google Update quot c documents and settings robert local settings application data google update GoogleUpdate exe quot c uRun ctfmon exe c windows system ctfmon exe uRun SnapUsageMonitor d program files snap internet usage monitor SnapUsageMonitor exe mRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRun mRun CmPCIaudio RunDll CMICNFG cpl CMICtrlWnd mRun GrooveMonitor quot c program files microsoft office office GrooveMonitor exe quot mRun avast d progra alwils avast ashDisp exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab Handler grooveLocalGWS - FED C-F CA- -A - CB B CD - c progra micros office GR D DLL Notify AtiExtEvent - Ati evxx dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll SEH Groove GFS Stub Execution Hook b a f -dda - -b ba- e cd - c progra micros office GRA E DLL SERVICES DRIVERS R aswSP avast Self Protection c windows system drivers aswSP sys - - R aswFsBlk aswFsBlk c windows system drivers aswFsBlk sys - - R avast Antivirus avast Antivirus d program files alwil software avast ashServ exe - - RUnknown pavboot pavboot x S AtiHdmiService ATI Function Driver for HDMI Service c windows system drivers AtiHdmi sys - - S avast Mail Scanner avast Mail Scan... Read more

A:Suspected keylogger virus

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/suspected-keylogger-virus-410867.html
Relevancy 43.43%

can someone please check over these logs and help me get rid of this problemLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x some log my keylogger i heres i a think virus have and Yahoo Messenger YahooMessenger exeC hp support hpsysdrv exeC Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x Java jre bin jusched exeC Program Files x Comodo CBOClean BOC EXEC Program Files x BillP Studios WinPatrol WinPatrol exeC Program Files x Mozilla Firefox firefox exeC Program Files x SUPERAntiSpyware f f c - ecc- - c -eb ab exeC Program Files x Malwarebytes' Anti-Malware mbam exeC Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files x Spybot - Search amp Destroy SpybotSD exeC Program Files x Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs i think i have a keylogger and some virus heres my log rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default i think i have a keylogger and some virus heres my log Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files x Yahoo Common yiesrvc dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files x Windows Live Toolbar msntb dllO - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files x Windows Live Toolbar msntb dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - HKLM Run hpsysdrv c hp support hpsysdrv exeO - HKLM Run OsdMaestro c Program Files Hewlett-Packard On-Screen OSD Indicator OSD exeO - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run AVP quot C Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM Run HP Software Update C Program Files x HP HP Software Update HPWuSchd exeO - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run BOC- C PROGRA Comodo CBOClean BOC exeO - HKLM Run WinPatrol quot C Program Files x BillP Studios WinPatrol winpatrol exe quot -expressbootO - HKCU Run BTBFirstRun C Program Files x Hewlett-Packard SDP hprun exeO - HKCU Run ehTray exe C Windows ehome ehTray exeO - HKCU Run AdobeUpdater C Program Files x Common Files Adobe Updater AdobeUpdater exeO - HKCU Run ... Read more

A:i think i have a keylogger and some virus heres my log

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/192712/i-think-i-have-a-keylogger-and-some-virus-heres-my-log/
Relevancy 43%

Hi A few days ago my Kaspersky popped up a notice that there was activity on my computer similar to a keylogger virus Last night I started getting pop up boxes from Kaspersky Think I stealing have keylogger/password virus saying that Windows NT wanted access to my passwords - quot Windows NT Logon Application quot I have gotten that message several times today I ve blocked it Think I have keylogger/password stealing virus every time In addition to these warnings from Kaspersky my computer has been running very slowly I thought that this was because my C drive is full but now I m not sure it s just that I ran Eset Online Virus Scanner the other day It ran all night and was only complete in the morning and stalled out I m running it again now but at almost hours into it it s at and hasn t found anything I ll save the log if it finishes to post if you want to see it I am running Windows XP Think I have keylogger/password stealing virus on a Dell Latitude laptop Edited to add scan info Here is what Eset found - C Program Files Intuit SiteBuilder E EXE a variant of Win Kryptik IIG trojan cleaned by deleting - quarantined What s interesting is that yesterday morning Kaspersky gave me a pop-up saying that a file that had been quarantined was safe It said it could be restored to C Program Files Intuit SiteBuilder I happen to remember that location I said okay to restore it Now it looks like Eset recognized it as a virus I didn t have Eset totally remove the file in case I need it - it s just quarantined After the quarantine I rebooted and I still got the message from Kaspersky that a program was making a password request when I launched IE and Outlook Express One other thing - when I launched IE it said that a program requested that my default search be changed to Live Search instead of the Google that I had I m not sure why that happened Thank you

A:Think I have keylogger/password stealing virus

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for trac... Read more

http://www.bleepingcomputer.com/forums/t/362956/think-i-have-keyloggerpassword-stealing-virus/
Relevancy 43%

Last night my pc started rebooting by itself I ve never noticed this occurrence I ve changed nothing Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system Pc itself. Possible by virus/trojan/keylogger. rebooting lsass exeC WINDOWS system Pc rebooting by itself. Possible virus/trojan/keylogger. nvsvc exeC WINDOWS system svchost exeC Program Files COMODO Pc rebooting by itself. Possible virus/trojan/keylogger. Firewall cmdagent exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC Program Files COMODO Firewall cfp exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system ctfmon exeC Program Files Alwil Software Avast ashMaiSv exeC WINDOWS system wscntfy exeC Program Files Alwil Software Avast ashWebSv exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Program Files Alwil Software Avast ashSimpl exeC Program Files Alwil Software Avast ashSimpl exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - no file O - HKLM Run COMODO Firewall Pro quot C Program Files COMODO Firewall cfp exe quot -hO - HKLM Run nwiz nwiz exe installquietO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run MSConfig C WINDOWS pchealth helpctr Binaries MSCONFIG EXE autoO - Extra context menu item amp Search - p ZKfox O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - DPF E F - B - D - - BD D PCPitstop Utility - http www pcpitstop com betapit PCPitStop CABO - DPF DABFBF-D AB- FA- C -CC F DivXBrowserPlugin Object - http download divx com player DivXBrowserPlugin cabO - DPF D CDB E-AE D- CF- B - - http fpdownload macromedia com get shoc ash swflash cabO - Protocol grooveLocalGWS - FED C-F CA- -A - CB B CD - C Program Files Microsoft Office Office GrooveSystemServices dllO - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLLO - AppInit DLLs C WINDOWS system guard dllO - Service avast iAVS Control Service aswUpdSv - ALWIL Software - C Program Files Alwil Software Avast aswUpdSv exeO - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast ashServ exeO - Service avast Mail Scanner - ALWIL Software - C Prog... Read more

A:Pc rebooting by itself. Possible virus/trojan/keylogger.

any ideas?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/285542/pc-rebooting-by-itself-possible-virustrojankeylogger/
Relevancy 43%

Unfortunately I have a virus/keylogger on my computer it goes under the name I have given in the title. When I come to delete it in my appdata folder it keeps reappearing. I have used malwarebytes and other anti virus programs and some help would be much appreciated to remove this annoying thing.

A:Keylogger Virus named image2872

Welcome to the Seven Forums.

One of the trained security experts should be along to help you. In the mean time, you might want to scan your computer using WDO: What is Windows Defender Offline?

http://www.sevenforums.com/system-security/296115-keylogger-virus-named-image2872.html
Relevancy 43%

This morning I Have I (WOW a Virus/Trojan/Keylogger Suspended) Think I woke up to two emails from Blizzard Entertainment the company that manages my World of Warcraft account The first was verification of a password reset request along with a link to do the reset I didn t I Think I Have a Virus/Trojan/Keylogger (WOW Suspended) request this The second was an email saying my account was suspended for hours because a keylogger was detected on my computer Just for good measure here is the email quot An investigation of the World of Warcraft account NAME OMITTED has produced evidence that the computer s used to play the account are infected by a virus Trojan or keylogger To protect your privacy and security we have temporarily disabled the account for a hour period During this time we highly recommend that you follow the below steps to protect yourself and the I Think I Have a Virus/Trojan/Keylogger (WOW Suspended) account from unauthorized third party access - Use up-to-date firewall antivirus and anti-spyware software to scan your system regularly for viruses Trojans and key-loggers - Keep your operating system and other software up-to-date and I Think I Have a Virus/Trojan/Keylogger (WOW Suspended) be careful when downloading new software - Be wary of quot spoof quot and scam websites and e-mails that pose as Blizzard Entertainment and request account or personal information As a reminder Blizzard Entertainment representatives will never ask you for your password - Keep your login information confidential Account access can only be shared with one minor of whom you are the parent or guardian Sharing access with anyone else is a violation of the game s Terms of Use You are also responsible for every use of an account on which you are listed as the registered player whether the use was authorized or not - Use separate unique passwords for your email World of Warcraft and any other online accounts - Change your passwords regularly and keep World of Warcraft account information updated using the Account Management page at url http www worldofwarcraft com account http www worldofwarcraft com account quot url I am running Windows Vista Home Premium SP I regularly run Ad-Aware Spybot S amp D and MalwareBytes Anti-Malware I also frequently run the UniBlue software suite - RegistryBooster SpeedUpMyPC and DriverScanner In response to this email I have also downloaded AVG and ProcessScanner I don t want to post a ton of logs in this initial posting but here is a link to the list that ProcessLibrary com came up with when scanning my system http www processlibrary com processscan results sectionThese are the actions I have taken thus far I ran MaywareBytes update version I ran a quot Full Scan quot It found two errors which it fixed upon reboot They were Memory Modules Infected C Program Files Mozilla Firefox extensions f ae-d fe- fe - b - cbfd components -IBO-YPDaP - op dll Adware BHO - gt Delete on reboot Files Infected C Program Files Mozilla Firefox extensions f ae-d fe- fe - b - cbfd components -IBO-YPDaP - op dll Adware BHO - gt Delete on reboot EDIT After reboot AVG started running a Firewall program which detected that something called quot ESP quot was running in folder programfiles esp full esp exe - it couldn t shut it down so I deleted it and the the entire folder as well It identified this as a quot logger quot which I assume means keylogger I then ran Spybot S amp D and it said no further threats were found Can anyone tell me if they think this may have been the culprit And if not what other steps should I take at this point Thank you SO much

A:I Think I Have a Virus/Trojan/Keylogger (WOW Suspended)

I just read through all the rules posts and I may be stupid but I didn't see any official rules about bumping a thread, and since mine has moved to the second page without any responses and I've added important new information I'm posting this to bump it. I won't do it a second time, and I apologize if it's forbidden.

http://www.bleepingcomputer.com/forums/t/318409/i-think-i-have-a-virustrojankeylogger-wow-suspended/
Relevancy 43%

Hi there My other half was using my laptop yesterday just regular web surfing nothing untoward and she called out to me and said you have viruses on your computer do you want me to remove them Me thinks say what so I come out and have a look and notice - what seem's to be a dodgy anti-virus program has installed on my PC as a result of her surfing a can only assume she went to a harmfull or bogus site no intentional I have Avast free amp malware bytes so I ran full scans of both amp both came up clean I was unable to get homepage up initally which is & think may help spyware/malware/virus keylogger? I I Please possible have google as it Please help I think I may have spyware/malware/virus & possible keylogger? kept deverting to this website which was asking for my CC details to fix promblem I think it was called XP Antivirus or something close to that I was able to shut down amp on re-boot I was able to get online including my hoomepage google I was also geeting pop up messages saying possible keylogger system hijacked amp security breach etc since re-booting which then allowed me to get back online I have not got any of these message's again This all occured at the time that when I come out to my laptop after my other half said your computer has infections do you you want me to get rid off them I'm sure it was to do with this bogus program title XP Antivirus amp wanted my CC details to fix shuting down amp re-booting seem to get rid of many issue to my untrained eye Please note I have been unable to download DDS so I can not run it I have also tried to dowload it in safe mode without any joy also If it click to let it download all I get is a blank webpage saying about blank in the address So I was only able to run GEMR I'm looking forward to your help on this matter Thanks in advance

A:Please help I think I may have spyware/malware/virus & possible keylogger?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------Click the attached dds.zip folder and extract dds.exe to your desktop.
Double-click dds.exe then make sure dds.txt and attach.txt are both checked.
Click Start
When finished, it will produce a DDS.txt log and an Attach.txt log.
Please copy/paste the contents of DDS.txt in your next reply.
Please attach the Attach.txt log to your next reply.
------------------------------------------------------

http://www.techsupportforum.com/forums/f100/please-help-i-think-i-may-have-spyware-malware-virus-and-possible-keylogger-580262.html
Relevancy 43%

Hi,

I don't want to take any chances with this. Would using the clean command twice be enough, or should I go so far as to use clean all? Other options? The system in question is a netbook with windows 7 started on it.

Thanks

A:Best option for removing a keylogger virus

Hi,

A single CLEAN should be sufficient, but I tend to be conservative with this and use the CLEAN ALL command. It will take longer to complete - about an hour per 320GB.

Disk - Clean and Clean All with Diskpart Command

Regards,
Golden

http://www.sevenforums.com/system-security/252182-best-option-removing-keylogger-virus.html
Relevancy 43%

Hey all, I'm new here.

I was trying to find an affordable key logger so I know what my kids are doing with the computer when I'm away. I tried IamBigBrother, but my Avast antivirus says its a virus. I was using PayPal to buy it, but it sent me to this thing called Clickbank.net. Can someone please help me? Thanks!

http://www.bleepingcomputer.com/forums/t/265775/i-want-a-safe-keylogger-but-my-avast-says-its-a-virus/
Relevancy 43%

For the past few days my computer has been going through phases of losing focus being switched out of fullscreen games and losing the cursor in firefox for example Yesterday I also was locked out of my world of warcraft account due to suspicious activity although i do not know what this activity was Having run scans from malwarebytes spybot and microsoft security essential they have all come back clean but it still persists The only unusual thing i have been able to find is that an iexplore exe process keeps running in task manager sometimes multiple instances although i never use internet explorer and when i end the process it only returns a short while later I hope you can help thank you for anything you can do Hijack this Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Windows PLFSetI exe C keylogger Virus potentially iexplore.exe or Program Files x Common Files Apple Internet Services iCloudServices exe C Users Titus AppData Roaming Dropbox bin Dropbox exe C Program Files x Launch Manager LManager exe C Program Files x Common Files Java Java Update jusched exe C Virus or keylogger potentially iexplore.exe Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox firefox exe C Windows SysWOW rundll exe C Program Files x Mozilla Firefox firefox exe C PROGRAM FILES X KODAK AIO STATUSMONITOR EKStatusMonitor EXE C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Mozilla Thunderbird thunderbird exe C Users Titus Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar Preserve R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp m aspire amp r a l z h t y R - HKLM Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW amp l amp m aspire amp r a l z h t y R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp m aspire amp r a l z h t y R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Bing Bar Helper - d ce e -f a- - e- dc f c f - C Program Files x Microsoft BingBar BingExt dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files x HP Digital Imaging Smart ... Read more

https://forums.techguy.org/threads/virus-or-keylogger-potentially-iexplore-exe.1069170/
Relevancy 43%

Hello and thank you in advance for your assist I am find Dl Keylogger Please Has Have Files, Also Help, Virus.. Found May when using desktop based apps but have little working knowledge in the way of IT I have reason to believe my soon to be ex husband has installed a keylogger I am hoping it is just a virus issue I have TREND micro internet it is relatively new but it does pick up several spyware adwares and removed each day Last night I downloaded DL keylogger I also have ATF cleaner which after using my puter always has something to delete I apologize because I am not even sure the two topics are coinciding Each time I have run DL I am always told to go to C WINDOWS system config among others and generally I find a file that is KB that is called software It is not able to be deleted Under the above C dir I find the following software sav system sav Mediace Eventapp Sysevent Default SAM Security Software as mentioned System Each of these files in in KB not MB and the largest is that which I already mentioned Last but not least in the SystemsProfile folder I am just going to cut paste the rest of what my report said I am very wary My husband is estranged middle eastern not that its highly relevant but suffice it to say I Please Help, Dl Keylogger Has Found Files, May Also Have Virus.. am physically afraid of this very much I need someones assist to ascertain what exactly is going on here and help me to get it off my system While the DL keylogger detect seems to work great I have little knowledge of what more to do I am Please Help, Dl Keylogger Has Found Files, May Also Have Virus.. most grateful for ANY help ASAP that I can Please Help, Dl Keylogger Has Found Files, May Also Have Virus.. get to try and find out how to remedy this without it causing me any additional stresses that I am unprepared for I know my knowledge is limited but I catch on quick and I am willing to go step by step through any process if someone would take the time to explain to me what I must to locate and terminate or clean this off Many thanks The short report KL-Detector has found some suspicious files C Documents and Settings Ashkank Cookies ashkank simpleshoes txt C Documents and Settings Ashkank Cookies ashkank simpleshoes txt Please check someone might have installed a keylogger on your computer You MAY want to take a look at C WINDOWS system config C Documents and Settings Ashkank C Documents and Settings Ashkank Local Settings Application Data Microsoft Windows C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE NFOH T J C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE N OS FFM C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE YFTZT EV C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE OHDXH W C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE GH S LBQ C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE DGF LH C Documents and Settings Ashkank Cookies C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE KXRD TT C Documents and Settings Ashkank Local Settings Temporary Internet Files Content IE PDCWIBX The full report Below are some file operations that were done during the monitoring process Review them carefully and check for suspicious files C Documents and Settings Ashkank ntuser dat LOG was modified C Documents and Settings Ashkank ntuser dat LOG was modified C Documents and Settings Ashkank ntuser dat LOG was modified C WINDOWS system config SOFTWARE LOG was modified C WINDOWS system config SOFTWARE LOG was modified C Documents and Settings Ashkank ntuser dat LOG was modified C Documents and Settings Ashkank ntuser dat LOG was modified C Documents and Settings Ashkank ntuser dat LOG was modified C Documents and Settings Ashkank ntus... Read more

A:Please Help, Dl Keylogger Has Found Files, May Also Have Virus..

I don't see anything suspicious.

ntuser.dat, ntuser.dat.LOG and software.LOG are legit files which are constantly being updated/modified as you use your computer. Ntuser.dat is actually related to the Windows Registry and there is one such file for each user on the computer. These files cannot (and should not) be deleted as they are in use.

Most of the rest of the entries are related to Temporary Internet Files that were modified (updated) and created as you surf the Internet. And there are a few related to temp files and cookies.

http://www.bleepingcomputer.com/forums/t/142439/please-help-dl-keylogger-has-found-files-may-also-have-virus/
Relevancy 42.57%

Hey If I've posted a link mods can please remove or edit down enough so others searching can find it without harm if not allowed A few days ago I clicked on a website link when I was browsing an article on slate com and it opened the link to what I etc pop keylogger virus window possible malware up or or amazonaws new in had clicked on but I think that linked site also opened up a new window WARNING VIRUS CHECK MICROSOFT and also had pop up in new window amazonaws possible virus or malware or keylogger etc an alarm bell sounding This was the new window pop up link s -ap-southeast- amazonaws com polio alert html browser firefox amp os Windows amp num - - - amp c supaus kt com or paid outbrain com one of them may have triggered it I think thator thats where it came from after clicking a link from a site Anyway the link had a number to call but pop up in new window amazonaws possible virus or malware or keylogger etc I didn't call it I also had no dramas closing the new pop up window I did not need to use task manager to close it However later on couple of hours later I was on okcupid and the browser redirected and or pop up a few times to onlinerewards xyz au Woolworths city edited amp model desktop amp isp edited etcetc val dntrax com tr id b dd d fdbeaac d p amp tk eyJ e etc Claiming to be a woolworths supermarket gift card Had no dramas closing that either I did a search and I think okcupid does use scripts for some of their ads I have had redirects when using it on my mobile ages ago way before just a few days ago some of the okcupid forums also talk about having redirects in their browser so this could be just a co incidence for me Before the okcupid redirect I ran Malwarebytes found nothing Ran Adware cleaner found nothing Ran Junkware Removal Tool found nothing Ran Hitman pro x and it found nothing I didn't know about beta build of a game installer other than tracking cookies When I was using okcupid a second time that night after Malwarebytes it did redirect again and Malware caught it a few times But last few days zero redirects Okcupid could be a coincidence No pop ups or redirects on any other sites either Just checked history for kt and there is something there for days before the slate com link click which I am assuming the pop up or whatever from there was just a normal ad and I closed it no dramas So my thoughts are that I might have gotten lucky as I've searched and others with that similar s -ap amazonaws com may have gotten infected perhaps mine was just a pop up But in case I haven't done any online sensitive log ins If necessary I'm happy to use DBAN to wipe the SSD and just do a new install That would guarantee things and also save time My question I guess is I have a usb plugged into the usb drive I scanned that with Malwayrebytes and found nothing but I can't scan it with anything other programs I've mentioned so far and me being paranoid or thinking of every possible way could something have gotten in there as well eg keyloggers or something I also might have had my phone plugged into another usb port but I can't scan it as it doesn't show up as a drive I don't use my phone much for internet and it hasn't done anything weird Again could be mountain out of molehill here lol I don't run anti virus just windows firewall and an secondary router firewall I am thinking of running an antirus in future used to a year ago but anyway

A:pop up in new window amazonaws possible virus or malware or keylogger etc

Welcome aboard   First of all you have to have some AV program.Install ONE of these:- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentialsNote for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.You can keep it or you have to disable it before installing another AV program.  How to...- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.phpUpdate, run full scan, report on any findings. Then...  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".... Read more

http://www.bleepingcomputer.com/forums/t/603640/pop-up-in-new-window-amazonaws-possible-virus-or-malware-or-keylogger-etc/
Relevancy 42.57%

Yeah.. When you extract something to a location, WITHOUT opening the files in the zip folder, can you get any of the above by doing that? Remember, not opening the files that the zip files contain, just extracting.
 

A:Can you get a virus/keylogger/malware or anything from opening a .zip file?

extracting is getting what is inside the zip and that is the same as opening.

And if anything bad is in it you can get something and you should scan anything you download or get from a CD, flash drive etc.
 

https://forums.techguy.org/threads/can-you-get-a-virus-keylogger-malware-or-anything-from-opening-a-zip-file.870592/
Relevancy 42.57%

Good day to you First of all thanks for looking into my problem its much appreciated My WoW account has been compromised twice in the last week by hackers that were able to get a hold of my password It is suspected that i have a keylogger or trojan virus on my computer Following a virus removal guide on the official WOW forums i have used several programs like MBAM Spybot Avast Ad Aware and Kaspersky to try and get rid of the problem The last checkpoint on the list was to post a hijackthis log on this site to hopefully verify that my account is clean If you could have a look at my log it would be great Thanks alot Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C windows System smss exe C windows system winlogon exe C windows system services exe C windows system lsass exe C windows system svchost exe C windows System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware by virus. computer My compromised a keylogger a and/or trojan AAWService exe C Program Files Alwil Software Avast ashServ exe C windows Explorer EXE C PROGRA ALWILS Avast ashDisp exe C windows RTHDCPL EXE C Program Files Java jre bin jusched exe C windows system RUNDLL EXE C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Telenor Telenorhjelpen Telenor exe C Program Files My computer compromised by a keylogger and/or a trojan virus. Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files DAEMON Tools Lite daemon exe C Program Files Curse My computer compromised by a keylogger and/or a trojan virus. CurseClient exe C Documents and Settings - Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe C Program Files Logitech SetPoint SetPoint exe C Program Files WinZip WZQKPICK EXE C Program Files Common Files Logitech KHAL KHALMNPR EXE C windows system spoolsv exe C Program Files Java jre bin jqs exe C windows system nvsvc exe C windows system svchost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Windows Live Contacts wlcomm exe C windows System svchost exe C windows system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - URLSearchHook Winamp Search Class - BCA FA- DBB- a -B - C F B - C Program Files Winamp Toolbar winamptb dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Winamp Toolbar Loader - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dll O - BHO UrlHelper Class - BF -DF - f-B DA- D FC E E - C Program Files BearShare Applications BearShare BearShareIEHelper dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Telenor Telenorhjelpen Plugin - DB CDE -EF C- EB-A F- D B C C - C Program Files Telenor Telenorhjelpen IEFixItNowPlugin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Pr... Read more

Relevancy 42.57%

Hello I have logged a Topic in quot Am I Infected quot and have been asked to run steps - keylogger virus possible Banking hacked Internet onward in the quot Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help quot and post the results here Below is the details of my problem followed by the logs that were created by GMER etc My bank called me a few days ago to advise me of an unauthorised withdrawal from our bank account They have locked our online banking until I notify them that all is OK with our PC I have scanned with Symantec Endpoint Protection V and Internet Banking hacked - possible keylogger virus also Malwarebytes Neither application has picked up any problems I think I have realised when the possible keylogger might have been installed I received an email from my sister It had no subject and just contained a link Unfortunately I have clicked on the link something about vancouver bankruptcy and I ve sinced found out her email account was hijacked and thus sending these emails Yes I know very silly I tried accessing the symantec website to see if I could find anymore info regarding keylogging and keep getting the following Google error That s an error The requested URL norton ps up ca en t html etc etc etc and then at the end says quot That s all we know quot and there is a graphic of a broken robot I was able to access the symantec webpage from my smartphone at the same time so confirmed it wasn t an issue with the site Any help you could give me would be greatly appreciated I am running XP Pro SP with Internet Explorer Please let me know if you require anymore information regarding my system Regards Spud PLEASE FIND LOGS BELOW AND ATTACHED AS REQUESTED DDS Ver - - - NTFSx Internet Explorer Run by lcain at on - - Microsoft Windows XP Professional GMT AV Symantec Endpoint Protection Enabled Updated FB E- B - A- F -E D C Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Symantec Symantec Endpoint Protection Smc exe svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C WINDOWS system rundll exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Dell SysMgt dataeng bin dsm sa eventmgr exe C Program Files Dell SysMgt dataeng bin dsm sa datamgr exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Funk Software Proxy Host phsvc exe C WINDOWS system svchost exe -k imgsvc C Program Files Symantec Symantec Endpoint Protection Rtvscan exe C WINDOWS Explorer EXE C Program Files Symantec Symantec Endpoint Protection SmcGui exe C Program Files Analog Devices Core smax pnp exe C Program Files Funk Software Proxy Host phtray exe C Program Files Logitech Logitech WebCam Software LWS exe C Program Files iTunes iTunesHelper exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system igfxpers exe C WINDOWS system hkcmd exe C Program Files Garmin Lifetime Updater GarminLifetime exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Citrix ICA Client concentr exe C WINDOWS system ctfmon exe C Program Files Citrix ICA Client wfcrun exe C Program Files iPod bin iPodService exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files TechSmith SnagIt SnagIt exe C Program Files TechSmith SnagIt TSCHelp exe C Program Files TechSmith SnagIt SnagPriv exe c program files common files installshield updateservice isuspm exe C Program Files Common Files InstallShield UpdateService agent exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C WINDOWS system... Read more

A:Internet Banking hacked - possible keylogger virus

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.==========Please download ComboFix:Link 2Save it to your Desktop <-- Important!!!Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

Double click it & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next replyA word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper Regards,thcbytes

http://www.bleepingcomputer.com/forums/t/460200/internet-banking-hacked-possible-keylogger-virus/
Relevancy 42.57%

Hi First I would like to thank you for helping me with my problem It really means virus. /a compromised My by been trojan a computer has keylogger a lot to me that there is people around the world willing to help other people even thoguh they dont know eachother My WoW My computer has been compromised by a keylogger /a trojan virus. account have recently been hacked and I think that it might be a keylogger or a trojan virus The hacker have someway been able to get my account name and password I have been following a Keylooger cleaning guide on the officiel My computer has been compromised by a keylogger /a trojan virus. WoW forum I have downloaded several anti-virus program and done as the guide told me to do The last checkpoint in the guide was to post a thread on this site with a Hijackthis log and thats what im doing now So heres the Log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Program Files Fingerprint Sensor ATSwpNav exe C Program Files Common Files Symantec Shared ccApp exe C Program Files ScanSoft OmniPageSE OpWareSE exe C Program Files Common Files Real Update OB realsched exe C Program Files SteelSeries World of Warcraft MMO Gaming Mouse WoWMHID exe C Program Files Ideazon ZEngine Zboard exe C Program Files Lexmark - Series lxdxmon exe C Program Files iTunes iTunesHelper exe C Program Files Windows Live Messenger msnmsgr exe C Windows ehome ehtray exe C Program Files Skype Phone Skype exe C Users Philip AppData Local Google Update GoogleUpdate exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Windows system wbem unsecapp exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Windows ehome ehmsas exe C Program Files Lexmark - Series lxdxMsdMon exe C Program Files SteelSeries World of Warcraft MMO Gaming Mouse WoWMTray exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Windows system conime exe C Program Files Windows Live Contacts wlcomm exe C Windows system wuauclt exe C Users Philip AppData Local Google Chrome Application chrome exe C Users Philip AppData Local Google Chrome Application chrome exe C Users Philip AppData Local Google Chrome Application chrome exe C Users Philip AppData Local Google Chrome Application chrome exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http format packardbell com cgi-bin redirect country COM amp range AD amp phase amp key IESTART R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http format packardbell com cgi-bin redirect country COM amp range AD amp phase amp key IESTART R - HKLM Software Microsoft Internet Explorer Main Default Page URL http format packardbell com cgi-bin redirect country COM amp range AD amp phase amp key IESTART R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook ToggleEN Toolbar - cb c - ea- af - e -a e b - C Program Files ToggleEN tbTogg dll O - Hosts localhost O - BHO ToggleEN Toolbar - cb c - ea- af - e -a e b - C Program ... Read more

https://forums.techguy.org/threads/my-computer-has-been-compromised-by-a-keylogger-a-trojan-virus.860341/
Relevancy 42.57%

Well over a month ago my laptop was infected After that I scanned my laptop with Malware, On my computer. Trojan, Keylogger, Virus? COMODO Malware Bytes Anti Malware Super anti spyware Malware, Trojan, Keylogger, Virus? On my computer. But they didn t detect anything So Comodo firewall shows that my laptop was Malware, Trojan, Keylogger, Virus? On my computer. sending out information to some other computer also I had some quot unknown quot exe I can t remember the name also they re were like over svchost exe running and system exe kept doing something like send out or take in Malware, Trojan, Keylogger, Virus? On my computer. info After that I used system restore and so the problem wasn t fixed After the trojan or virus malware or whatever stopped everything from working none of the exe work nothing The virus malware trojan deleted a bunch of important files and dlls I used system restore again but it wasn t successful the system restore failed near the end Then I started up my laptop I turned it on and it wouldn t start up after the screen where it says quot Starting Windows quot Everything does black with a mouse cursor still working but nothing shows up and nothing loads I have windows by the way And so I had to reinstall windows and here we are But the malware virus trojan is STILL on my laptop I know because it continues to send out my information to another computer showing the same symtoms like before Anyhow how am I supposed to remove this undetectable virus trojan malware Please help Thank you in advance OTL Logs OTL Extras logfile created on AM - Run OTL by OldTimer - Version Folder C Users Nguyen Desktop bit- Home Premium Edition Version - Type NTWorkstation Internet Explorer Version Locale Country United States Language ENU Date Format M d yyyy Gb Total Physical Memory Gb Available Physical Memory Memory free Gb Paging File Gb Available in Paging File Paging File free Paging file location s pagefile sys binary data SystemDrive C SystemRoot C Windows ProgramFiles C Program Files x Drive C Gb Total Space Gb Free Space Space Free Partition Type NTFS Drive D Gb Total Space Gb Free Space Space Free Partition Type NTFS Computer Name NGUYEN-PC User Name Nguyen Logged in as Administrator Boot Mode Normal Scan Mode All users Include bit Scans Company Name Whitelist Off Skip Microsoft Files Off No Company Name Whitelist On File Age Days Extra Registry SafeList File Associations bit HKEY LOCAL MACHINE SOFTWARE Classes lt extension gt url InternetShortcut -- C Windows System ieframe DLL Microsoft Corporation HKEY LOCAL MACHINE SOFTWARE Classes lt extension gt cpl cplfile -- C Windows SysWow control exe Microsoft Corporation url InternetShortcut -- C Windows System ieframe DLL Microsoft Corporation Shell Spawning bit HKEY LOCAL MACHINE SOFTWARE Classes lt key gt shell command command batfile open -- quot quot File not found cmdfile open -- quot quot File not found comfile open -- quot quot File not found exefile open -- quot quot File not found helpfile open -- Reg Error Key error inffile install -- SystemRoot System InfDefaultInstall exe quot quot Microsoft Corporation InternetShortcut open -- quot C Windows System rundll exe quot quot C Windows System ieframe dll quot OpenURL l Microsoft Corporation InternetShortcut print -- quot C Windows System rundll exe quot quot C Windows System mshtml dll quot PrintHTML quot quot Microsoft Corporation piffile open -- quot quot File not found regfile merge -- Reg Error Key error scrfile config -- quot quot File not found scrfile install -- rundll exe desk cpl InstallScreenSaver l Microsoft Corporation scrfile open -- quot quot S File not found txtfile edit -- Reg Error Key error Unknown openas -- SystemRoot system rundll exe SystemRoot system shell dll OpenAs RunDLL File not found Directory cmd -- cmd exe s k pushd quot V quot Microsoft Corporation Directory find -- SystemRoot Explorer exe Microsoft Corporation Folder open -- SystemRoot Explorer exe Microsoft Corporation Folder explore -... Read more

https://forums.techguy.org/threads/malware-trojan-keylogger-virus-on-my-computer.976089/
Relevancy 42.57%

List My computer has been infected by a Key Logger Virus I am running Windows Ultimate and I am no longer able to log on because the virus has infected my password Each time I attempt to log on I get a message stating that I have an invalid userid password I am confident that I have entered my password correctly I have Keylogger Password - Infected Invalid by Virus my Windows Ultimate update disk and I have tried to restore to an earlier quot working quot environment but the problem persists I stupidly Invalid Password - Infected by Keylogger Virus did not do a full backup of my machine have data only so I do not have a backup image to revert to Using my upgrade disk I am able to get to the command prompt I have used Malwarebytes in the past but do not have it installed on the infected machine but I do have it on a USB drive Invalid Password - Infected by Keylogger Virus My question is is it possible to run Malwarebytes or another anti-virus tool to remove the virus I am hoping not to have to clean the disk and start all over Thanks in advance for any information you can provide Jim Mucka

http://www.bleepingcomputer.com/forums/t/404793/invalid-password-infected-by-keylogger-virus/
Relevancy 42.57%

Hi guys Im new to this forum Hope you can help My ebay and hotmail accounts where hacked and my pw changed on my ebay I have managed to get control back but im worried i might have a virus I have used hack this but it means nothing to me COuld someone plase have a look and tell me what to do to stop it happening again Thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass have think virus a keylogger been Ebay hotmail i might hacked. and has exe C Ebay and hotmail has been hacked. think i might have a keylogger virus WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Analog Devices Core smax pnp exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C PROGRA Grisoft AVG avgcc exe C Program Files BroadJump Client Foundation CFD exe C Program Files QuickTime qttask exe C Program Files Windows Defender MSASCui exe C Program Files TomTom HOME Ebay and hotmail has been hacked. think i might have a keylogger virus HOMERunner exe C WINDOWS system ctfmon exe C Program Files WiFiConnector NintendoWFCReg exe C Program Files ntl broadband medic bin mpbtn exe C Program Files ShortKeys shortkey exe C WINDOWS system igfxsrvc exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO no name - DA C - F- a- CD- CFE CFF - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar no name - DA C - F- a- CD- CFE CFF - no file O - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUN O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run TomTomHOME exe quot C Program Files TomTom HOME HOMERunner exe quot -s O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run EPSON Stylus DX Series C WIN... Read more

A:Ebay and hotmail has been hacked. think i might have a keylogger virus

please someone???
 

https://forums.techguy.org/threads/ebay-and-hotmail-has-been-hacked-think-i-might-have-a-keylogger-virus.709056/
Relevancy 42.57%

My world of warcraft account was hacked times in a row and I think I ve got a keyloger or trojan virus on my computer Please me have keylogger or trojan computer, a help please suspect virus I my on I look at this logg and tell me if its ok and if there s something wrong I would appriciate that you would tell me whats wrong Here it is Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows system wuauclt exe C Windows RtHDVCpl exe C Program Files Java jre bin jusched exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files CyberLink PowerDVD DX I suspect I have a keylogger or trojan virus on my computer, please help me PDVDDXSrv exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Windows Sidebar sidebar exe C Program Files Windows Live Messenger msnmsgr exe C Windows system igfxsrvc exe C Program Files Windows Media Player wmpnscfg exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Windows Live Contacts wlcomm exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Windows Live Toolbar wltuser exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g uk msn com USSMB R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google se R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g uk msn com USSMB R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Symantec NCO BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Norton Internet Security Engine coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C Program Files Norton Internet Security Engine IPSBHO DLL O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SearchHelper dll O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - Toolbar Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Norton Internet Security Engine coIEPlg dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run StartCCC quot C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe quot O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager ia... Read more

A:I suspect I have a keylogger or trojan virus on my computer, please help me

OMG, this is my second time I do this and I never get a reply. I will never get my wow acc back
 

https://forums.techguy.org/threads/i-suspect-i-have-a-keylogger-or-trojan-virus-on-my-computer-please-help-me.874172/
Relevancy 42.57%

I've been told this is a virus but haven't found the specific answer to my computer's particular problem I can't access the internet email from my infected computer I have spybot and avg and ran scans updates regularly but still wasn't able to prevent this from happening My Hijackthis log is to follow - if anyone can help at all I'd really appreciate it Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system devldr exeC WINDOWS Explorer EXEC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgcc exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS Error Msvcrl.dll Virus?) (keylogger.trojan System CTsvcCDA EXEC Msvcrl.dll Error (keylogger.trojan Virus?) Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system svchost exeC WINDOWS System nvsvc exeC Program Files Common Files Panda Software PavShld pavprsrv exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exeC Program Files Canon CAL CALMAIN exeC Program Files Canon ZoomBrowser EX Program ZoomBrowser exeC Program Files Hijackthis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Search Bar O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKCU Run Microsoft Works Update Detection WkDetect exeO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C WINDOWS System msjava dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C WINDOWS System msjava dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - WWW Prefix http ehttp cc O - DPF CC - EF- DFA- C - FFA DF E Musicnotes Viewer - http www musicnotes com download mnviewer cabO - DPF -C A- E-A -C C BBF Windows Genuine Advantage Validation Tool - http go microsoft com fwlink linkid O - DPF - f - bb - d -fa d f a ab YInstStarter Class - C Program Files Yahoo Common yinsthelper dllO - DPF B - - - A - A DE AD Snapfish Activia - http www snapfish com SnapfishActivia cabO - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsoftupdat b O - DPF F D- F- D -A F- E D A Shutterfly Picture Upload Plugin - http web shutterfly com downloads Uploader cabO - DPF A FBBDC-FA - - - AADCCA Rite Aid One Hour Photo Online Control - https photos riteaid com control RiteAidO PhotoOnline cabO - DPF A F B BD-A A - A- - D ScorchPlugin Class - http www sibelius com download software tiveXPlugin cabO - Protocol msnim - A - C - - F- E F - quot C PROGRA MSNMES msgrapp dll quot file missing O - AppInit DLLs O - Winlogon Notify WgaLogon - C WINDOWS SYSTEM WgaLogon dllO - SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - C WINDOWS system WPDShServiceObj dllO - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exeO - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVG avgupsvc exeO - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - C PROGRA Grisoft AVG avgemc exeO - Service Canon Camera Access Library CCALib - Canon Inc - C Program Files Canon CAL CALMAIN exeO - Service Creative Service for CDROM Access - Creative Technology Ltd - C WINDOWS System CTsvcCDA EX... Read more

A:Msvcrl.dll Error (keylogger.trojan Virus?)

Download FindAWF by noahdfear from here & save it to your desktopDouble click on FindAWF.exe to start FindAWFPress any key to continueIt will create the file awf.txtPost the contents of that file as a reply to this topic

http://www.bleepingcomputer.com/forums/t/97082/msvcrldll-error-keyloggertrojan-virus/
Relevancy 42.57%

Hi as you can see in my title I got a keylogger a few days ago and my world of warcraft was hacked I got it back and I made virus is several keylogger, yet? it a gone scans made, Suspecting a lot of scans and stuff and I thought I were safe but got hacked once more I ve done even more scans and removed trojans and stuff Now I just want to know if it s gone yet I don t feel safe before it s gone cant login anywhere HJ Log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program AVG AVG avgrsx exe C Program Delade filer Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Bonjour mDNSResponder exe C WINDOWS Explorer EXE C Program NetLimiter Pro nlsvc exe C Program Google Update GoogleUpdate exe C Program Google Update GoogleCrashHandler exe C WINDOWS System nvsvc exe C WINDOWS system ctfmon exe C Program Wireless-N PCI Adapter WLService exe C Program Wireless-N PCI Adapter WMP N exe C Documents and Suspecting a keylogger, several virus scans made, is it gone yet? Settings Daniel Lokala inst llningar Application Data Google Chrome Application chrome exe C Program Windows Live Messenger msnmsgr exe C Program MessengerDiscovery MessengerDiscovery Live exe C WINDOWS system wuauclt exe C Program Windows Live Messenger usnsvc exe C Program Spotify spotify exe C Program SpeedFan speedfan exe C Documents and Settings Daniel Lokala inst llningar Application Data Google Chrome Application chrome exe C Program Lavasoft Ad-Aware AAWService exe C WINDOWS system rundll exe C Documents and Settings Daniel Lokala inst llningar Application Data Google Chrome Application chrome exe C Program Trend Micro Suspecting a keylogger, several virus scans made, is it gone yet? HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google se R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO WormRadar com IESiteBlocker Suspecting a keylogger, several virus scans made, is it gone yet? NavFilter - CA F - F E- B -A E- E E C C - C Program AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Microsoft Office Office GrooveShellExtensions dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Java jre lib deploy jqs ie jqs plugin dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Program DAEMON Tools Toolbar DTToolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run msnmsgr quot C Program Windows Live Messenger msnmsgr exe quot background O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User LOKAL TJ NST O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User NETWORK SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User Default user O - Extra context menu item E amp xportera till Microsoft Excel - res C Program MI Office EXCEL EXE O - Extra button Skicka till OneNote - A- - f c- - EE C C - C Program MI Office ONBttnIE dll O - Extra Tools menuitem Ski amp cka till OneNote - A- - f c- - EE C C - C Program MI Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C Program MI ... Read more

https://forums.techguy.org/threads/suspecting-a-keylogger-several-virus-scans-made-is-it-gone-yet.855681/
Relevancy 42.14%

Mod Edit Moved to general Security boopmeHi recently i had to format and reinstall windows bit in a computer question: contain virus/spyware/keylogger??? Dumb can Bios who have been infected with all in one keylogger and other spyware from an Dumb question: Bios can contain virus/spyware/keylogger??? idiotic ex husband The computer is a recent one and good one i ssd So to be sure i get rid of any malware virus spyware i boot from usb where i have a win bit sp ready to install i run the setup in the setup i delete ALL partition and i create from scratch and i install windows there before connect to internet i installed also avg free edition offline install file As soon i connected to internet i made windows update install all critical and non critical patches thanks god i have a mbit optic cable and the computer had a ssd so was not too much time lol i install and configured all program and all run fine without suspicius activities at least for what i can see I give back the computer to the woman after around a week the woman contact me saying the ex husband tell her still can control her activityes online to prove to her this him gave her a password she write on desktop and appear the windows of all in one keylogger she immediate uninstalled the keylogger you can unistal it after you write the password and see the keylogger windows she assured me she never open files from ex husband emails or accepted and run files from messenger or stuff like this like i told here before give back her computer also told me the ex husband say he infected the bios so each time she will reinstall window his spyware will be reinstalled and she cannot escape his control Now im not an expert i help friend to reinstall stuff and fix the system for free lol so i ask it is possible to infect a bios and have in case of windows reinstall and partition recreation have certain software automatically reinstalled on boot if yes reset or maybe upgrade the bios flashing it will solve the issue another question is true a keylogger cannot connect to internet if i install a firewall they dont automatically manage to bypass the firewall thanks for help and sorry for my bad english level

A:Dumb question: Bios can contain virus/spyware/keylogger???

I came back to this threat about four times and read it closely each visit.
 
I can see why no one really wants to reply to your question, it's very obvious what's going on and it's not embedded malware on the BIOS.
 
 
Let me just point out, the moment that Computer leaves your hands clean with a fresh install, you can't prove or disprove anything.
 
The only thing you can assure yourself if that someone is installing malware on the machine, AFTER you have wiped it clean.
 
She needs to do an audit of everything, starting from this Network, to the location of the laptop and where it's placed during the day and night. WHO stays with the laptop and has she continually change her passwords?
 
Just because someone shows a password to her, does not mean it was by the means of infecting her Computer.
 
Hope it helps and I hope you know this isn't as complex as you think. It's very simple, someone is installing malware on the machine after you clean it. Figure out where's the source.

http://www.bleepingcomputer.com/forums/t/563676/dumb-question-bios-can-contain-virusspywarekeylogger/
Relevancy 42.14%

Hello, I recently went to a false website via a link in a message board and I believe it contains keylogger/virus's on it. I can provide you with the website address at your request if you can see if this website actually is able to implant a virus/keylogger on my computer or not. I have run several Kaspersky Internet Security scans, Malwarebytes antimalware scan, eset online scan, adaware and combofix. Nothing turned up except for trojan when i scanned with malwarebytes but im not sure how malicious the thing malwarebyte program removed. I will list the malware byte log, combofix and hijackthis log. Please let me know if you find anything malicious on my computer. Its really stressful to wonder if i have a infection on my computer a lot. I will be checking this thread often.

Thank you very much!
 

A:Solved: Possible keylogger/virus from website, need help! Logs included

https://forums.techguy.org/threads/solved-possible-keylogger-virus-from-website-need-help-logs-included.757907/
Relevancy 42.14%

DDS Ver - - - NTFSAMD Internet Explorer Run by Cameron at on - - Microsoft Windows Home Premium GMT SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe Spam in link hotmail, possible Opened virus/keylogger -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Opened Spam link in hotmail, possible virus/keylogger Files Realtek Audio HDA AERTSr exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Application Updater ApplicationUpdater exe C Program Files x Bonjour mDNSResponder exe C Program Files x Hewlett-Packard Shared HPDrvMntSvc exe C Program Files x Hewlett-Packard HP Quick Launch HPWMISVC exe C Program Files x Common Files LightScribe Opened Spam link in hotmail, possible virus/keylogger LSSrvc exe C Program Files x Symantec Norton Online Backup NOBuAgent exe C Program Files x Microsoft BingBar SeaPort EXE C Program Files x Microsoft Application Virtualization Client sftvsa exe C Windows system svchost exe -k imgsvc C Program Files x TeamViewer Version TeamViewer Service exe C Program Files x Microsoft Application Virtualization Client sftlist exe C Program Files x Common Files Microsoft Shared Opened Spam link in hotmail, possible virus/keylogger Virtualization Handler CVHSVC EXE C Windows System alg exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Program Files iPod bin iPodService exe C Program Files x Hewlett-Packard Shared hpqwmiex exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x Hewlett-Packard HP Health Check hphc service exe C Program Files Hewlett-Packard HP Wireless Assistant HPWA Service exe C Program Files Realtek RtVOsd RtVOsdService exe C Windows System svchost exe -k secsvcs C Windows system taskhost exe C Program Files Realtek RtVOsd RtVOsd exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Realtek Audio HDA RtkNGUI exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files x Common Files LightScribe LightScribeControlPanel exe C Program Files x McAfee Security Scan SSScheduler exe C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files x Telstra BigPond Wireless Broadband BigPond CM exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Windows jZip Toolbar Datamngr datamngrUI exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Common Files Spigot Search Settings SearchSettings exe C Program Files Hewlett-Packard HP Wireless Assistant HPWA Main exe C Program Files x Hewlett-Packard HP Advisor HPAdvisor exe C Program Files x Hewlett-Packard Shared hpCaslNotification exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system wbem wmiprvse exe C Windows system wuauclt exe C Program Files x iTunes iTunes exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceHelper exe C Windows system conhost exe C Program Files x Common Files Apple Apple Application Support distnoted exe C Windows system conhost exe C Windows system StikyNot exe C Users Cameron AppData Local Google Chrome Application chrome exe C Windows SysWOW rundll exe C Users Cameron AppData Local Google Chrome Application chrome exe C Users Cameron AppData Local ... Read more

A:Opened Spam link in hotmail, possible virus/keylogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409076 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/409076/opened-spam-link-in-hotmail-possible-viruskeylogger/
Relevancy 42.14%

Here is the Hijackthis I'd hacked help keylogger/virus into Need WIN7/64 account WoW that removing my like to know if there is any other virus other than a keylogger as well this keyloggerhas gotten into my bank account and gotten my wow account hacked all my gear is gone Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Need help removing WIN7/64 keylogger/virus that hacked into my WoW account Running processes C Program Files x ASUS Turbo Gear Enhanced VGA Driver wbctlvga exe C Program Files x ASUS ASUS Live Update ALU exe C Program Files x ASUS Turbo Gear Enhanced VGA Driver wbctlvga exe C Program Files x ASUS Direct Console DCHelper exe C Program Files x ASUS SmartLogon sensorsrv exe C Program Files x Windows Live Messenger msnmsgr exe C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows AsScrPro exe C Program Files x CyberLink Power Go CLMLSvc exe C Program Files x ASUS Direct Console Direct Console exe C Program Files x Seagate SeagateManager FreeAgent Status stxmenumgr exe C Program Files x SteelSeries World of Warcraft MMO Gaming Mouse WoWMHID exe C Program Files x Java jre bin jusched exe C Program Files x ASUS ATK Hotkey HControlUser exe C Program Files x ASUS ATKOSD ATKOSD exe C Program Files x ASUS ATK Media DMedia exe C Program Files ASUS Turbo Gear GearHelp exe C Program Files ASUS Turbo Gear TurboGear exe C Program Files x MessengerDiscovery MessengerDiscovery exe C Program Files x Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files x Microsoft Office Office OUTLOOK EXE C Program Files x Windows Live Contacts wlcomm exe C Program Files x Last fm LastFM exe C Program Files x Mozilla Firefox firefox exe C Program Files x Malwarebytes' Anti-Malware mbam exe C Program Files x Spybot - Search amp Destroy SpybotSD exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AIM Toolbar Search Class - f - dc - -bc - e fefafe - C Program Files x AIM Toolbar aimtb dll F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo COMPAN Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Winamp Toolbar Loader - CEE EC- - bc- B - DDC AB C - C Program Files x Winamp Toolbar winamptb dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files x Kaspersky Lab Kaspersky Anti-Virus ievkbd dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files x Google Google Toolbar GoogleToolbar dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files x Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll O -... Read more

http://www.techsupportforum.com/forums/f284/need-help-removing-win7-64-keylogger-virus-that-hacked-into-my-wow-account-442463.html
Relevancy 42.14%

Need some help Had trojan-bnk win keylogger gen infection Win home security kept popping up Ran rkill and malware bytes per directions Here are the logs Now I can get to the internet but my mcafee issues - keylogger - trojan logs still virus removal firewall won t stay on It keeps popping up saying it is off and i am at risk I d alos like to know where and when i got this if possible And do I need to go and change any of my passwords since this is named quot keylogger quot i am very careful with what i click on Thanks in advance RKILL LOG This log trojan keylogger virus - removal logs - still issues file is located at C rkill log Please post this only if requested to by the person helping you Otherwise you can close this log when you wish Rkill was run on at Operating System Windows Professional Processes terminated by Rkill or while it was running C Users Karen AppData Local dai exe Rkill completed on at Malware bytes log Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Safe Mode Internet Explorer PM mbam-log- - - - - txt Scan type Quick scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected HKEY LOCAL MACHINE SOFTWARE Clients StartMenuInternet IEXPLORE EXE shell open command default Hijack StartMenuInternet - gt Bad quot C Users Karen AppData Local dai exe quot -a quot C Program Files x Internet Explorer iexplore exe quot Good iexplore exe - gt Quarantined and deleted successfully Folders Infected No malicious items detected Files Infected No malicious items detected

A:trojan keylogger virus - removal logs - still issues

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/431354/trojan-keylogger-virus-removal-logs-still-issues/
Relevancy 42.14%

i want to know what exactly is keylogger,malware,adware,hacker,spyware,virus and can antivirus keep pc protected with all the attack that i liste,thnks for any information.
 

https://forums.techguy.org/threads/virus-keylogger-malware-adware-hacker-spyware.470755/
Relevancy 42.14%

nowfind net lt ---has taken over browser me over nowfind.net<---has I it reckon spybot/keylogger my sent taken Virus & my web browser amp I reckon it sent me spybot keylogger trojan Virus I use Zonealarm for my nowfind.net<---has taken over my browser & I reckon it sent me spybot/keylogger Virus internet security yet my pc got infected amp now my internet connection is really slow and when I right click on tool bar and try to go to properties the window does not appear also my notepad does not run I read many forums and downloaded Lavasoft Ad Aware Anti Virus and Hijack This virus tracking software and deleted temporary files and other nowfind.net<---has taken over my browser & I reckon it sent me spybot/keylogger Virus unnecessary files yet my internet connection is less than half I used to had before I'm sending the log I'm getting from Hijack This software I would personally like to thank a lot for having forums like this one which means a lot to people like me many many thanks Logfile of HijackThis v Scan saved at on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS SYSTEM ZONELABS vsmon exe C WINDOWS Explorer EXE C Program Files BroadJump Client Foundation CFD exe C PROGRA ntl BROADB SMARTB MotiveSB exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Java jre bin jusched exe C Program Files Winamp winamp exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files DivX DivX Player DivX Player exe C Program Files MSN Messenger msnmsgr exe C WINDOWS System rundll exe C WINDOWS System rundll exe C Documents and Settings OMI My Documents X loads HijackThis exe C WINDOWS system rundll exe R - HKCU Software Microsoft Internet Explorer Search http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer SearchURL http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Search http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Main Default Search URL http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Main Search Bar http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Main Search Page http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Main Start Page http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Main Default Search URL http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Main Search Page http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Main Start Page http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www nowfind net clickpps php R - HKCU Software Microsoft Internet Explorer Search CustomizeSearch http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www nowfind net clickpps php R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch http www nowfind net clickpps php O - Hosts auto search msn com O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run SystemTray SysTray Exe O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exe O - HKLM Run Motive SmartBridge C PROGRA ntl BROADB SMARTB MotiveSB exe O - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKCU Run Spyware Cleaner quot C Program Files Spyware Cleaner Spyw... Read more

A:nowfind.net<---has taken over my browser & I reckon it sent me spybot/keylogger Virus

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nowfind.net/003/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/003/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/003/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/003/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/003/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/003/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/003/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/003/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/003/clickpps.php
O1 - Hosts: auto.search.msn.com 127.0.0.1
O4 - HKCU\..\Run: [SVCHOST] C:\WINDOWS\System32\click3.exe
O13 - DefaultPrefix: http://101.nowfind.net/gall.php?url=
O13 - WWW Prefix: http://101.nowfind.net/gall.php?url=
O13 - Home Prefix: http://101.nowfind.net/gall.php?url=
O13 - Mosaic Prefix: http://101.nowfind.net/gall.php?url=
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: Win32 Classes -

Delete ... Read more

http://www.techsupportforum.com/forums/f284/nowfind-net-has-taken-over-my-browser-and-i-reckon-it-sent-me-spybot-keylogger-virus-44251.html
Relevancy 42.14%

My first post I'll try to do it right I am not a developer so forgive my layman's terms way of thinking Roguekiller x has detected kernel filters virus rootkit How infection to fix keylogger kernel filter on my PC and directed me to their info page about kernel filters It suggests that the most practical use for a kernel filter would be a Keylogger Even the possibility of a keylogger infection on my system is enough of a threat for me to want to eliminate it ASAP I have not typed any logins or passwords since this scan Here is what RogueKiller found in it's Antirootkit section and highlighted orange kernel-filter ndis sys disk This is an extra hard drive for data kernel-filter ndis sys disk This drive is my Windows install and a list of IEAT Hooks explorer exe about various dll's highlighted orange ndis sys is located How to fix kernel filter rootkit keylogger virus infection in C Windows System drivers ndis sys I am familiar with and have used the following up-to-date programs to scan my PC which I regularly keep clean of malware and bugs Malwarebytes antimalware - none found Malwarebytes antirootkit - none found TDSS Killer with loaded module and all boxes checked - no How to fix kernel filter rootkit keylogger virus infection threats found AdwCleaner - none found JRT - Blank report none found As I said I run a pretty clean system How to fix kernel filter rootkit keylogger virus infection as far as I know- but RogueKiller did find a rootkit kernel filter keylogger I use Samsung SSD G hard drive as C drive with windows installed amp a second Hitachi RPM TB hard drive as D for user data storage and software installs Here is what I've done so far in chronological order updated BIOS software from the recovery console on the original install disk I Formatted C drive but NOT D I executed fixmbr fixboot rebuildbcd just because I didn't know how to deal with this Reinstalled Windows Vista Ran Roguekillerx - same kernel filters found again ndis sys no change but most of the dll's are not listed copied ndis sys from Windows install disk to disk D drive where I store data booted from Install CD to access recovery console command prompt copied ndis sys from D drive to C Windows System drivers probably pointless after reinstalling windows but eh I don't know how to deal with this Then I ran Roguekillerx again Same findings- kernel-filter ndis sys disk kernel-filter ndis sys disk I have attached the Roguekiller log file to this post I read about it but I'm no wizard so most advice I read about these is to replace the hard drives with new ones Well that's expensive and I don't want to give up my Samsung SSD G C drive QUESTION Is there anything I can do to fix this and protect myself AND avoid replacing the hard drives Thank you -jmp

A:How to fix kernel filter rootkit keylogger virus infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543835 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/543835/how-to-fix-kernel-filter-rootkit-keylogger-virus-infection/
Relevancy 42.14%

So...I purchased the KeyGrabber Wi-Fi Premium is a USB wireless keylogger from computersecurity.org and it works too good, I got it for testing but no Anti-Virus or protection software can seem to detect it....any suggestions? This is a nasty little tool that e-mails all your information to the controller....help?

http://www.bleepingcomputer.com/forums/t/580345/anti-virus-wont-detect-usb-wireless-keyloggerany-suggestions/
Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 41.71%

Please help my friend was on my computer and he was playing FREE SLOTS!!! Noooo i told him no he clicked There ads!!!! Im worried i dunno if my bit defender stopped it from comming in!! i have bit defender internet security 2008!!! Please help me!!!

Oh and i have Windows Vista!! I just got my pc on X-MAS
Man i cant to anything....... i know i have to wait but..argghhh I cant wait but.Patience is the KEY
And By the way i dont wanna download junk like super anti spyware and these other stuff
 

A:OMG Noooo i may have a virus/malware/keylogger/ad ware/spyware/trojian!!!

https://forums.techguy.org/threads/omg-noooo-i-may-have-a-virus-malware-keylogger-ad-ware-spyware-trojian.668294/
Relevancy 41.71%

Hi everyone. My world of warcraft account was recently compromised and I have run several scans (in and out of safe mode) with no indication of infection. I am running Windows 7 Ultimate and have Norton Internet Security installed and up-to-date. I've run scans with Norton, AVG, Spybot, and Adaware with no luck. The password to my account has been changed by someone else twice, 4 days apart from one another. I have a Hijack-this report I can provide but I'm not sure if I'm allowed to do that outright in these forums. Please help!

http://www.bleepingcomputer.com/forums/t/328094/possible-keylogger-typical-virusspyware-scans-come-back-clean/
Relevancy 41.28%

My thread was closed and I was told to follow the new instructions which I had read already I am using Windows Vista bit and DDS is not compatible with this OS I did a GMER scan only being able to select the three default options and results turned 64bit - Virus.Win32.FileInfector.gen Windows / Trojan.KeyLogger.origin up with zero results and no log Here is the original message for review unless there is another set of instructions for bit users I have been testing a small application called Alpha Blender which enables me to set windows transparency case to case I originally did a single file scan on Bit Defender and Kaspersky and both came up with clean results Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin However I just used TotalVirus file scanner and it came up with the results below http www virustotal com analisis Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin - Do these results mean that I do in fact have a keylogger on my system tracking my strokes I am using BlackViper tweaks minimum config so I know it may have helped Just need insight on weather or not my passwords may be compromised I have attached an HT log for review If any more information is needed I can help

A:Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

Hi,

Quote:




Do these results mean that I do in fact have a keylogger on my system




No, not necessarily.

Programs, often do not produce the desired results on 64 bit systems.

Lets do a couple of scans to make sure you are clean.


Please do the following:


As a Vista user I will require that all the programs I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programs may fail to operate correctly


Download OTS**to your DesktopClose ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Check the box that says 64 bit
Under Additional Scans check the following:File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.


NEXT

Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

http://www.techsupportforum.com/forums/f284/windows-64bit-virus-win32-fileinfector-gen-trojan-keylogger-origin-389784.html
Relevancy 41.28%

Googled all over, can't find an answer because on almost every link or forum when this question is discussed it invariably turns into a discussion of what people use on smart phones. Or the usual myths about Android is oh, so safe, safe just like the Mac and Linux and whatever they claim. Given that there is NO OPERATING SYSTEM on Earth THAT's SAFE, I post this. Let's start with ...Subject: A tablet that is NOT a smart or dumb phone, uses only Wi-Fi, runs Google's Android 3.1, needs something other than a built-in, default, blanket permission to connect everywhere it wants (facebook, twitter, scumware, trojans...), some of it behind your back, and can download a ton of free applications full of little ads from the Android Marketplace (many of which are sooooo cooool ).Any suggestions? Any places to look?

A:Firewall+Anti[virus,keylogger,rootkit,spyware] for Android tablets

Here's a good start...Noscript Firefox security extension goes mobilePOPULAR FIREFOX SECURITY EXTENSION Noscript has been released for Android and Maemo builds, giving users of these two mobile operating systems access to a web browser security feature comparable to that available to desktop computer users.

http://www.bleepingcomputer.com/forums/t/423944/firewallantiviruskeyloggerrootkitspyware-for-android-tablets/
Relevancy 39.99%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 39.56%

I received a mail containing photos from a friend who later apologised it contained a virus and then a mail with photos and dating profile from a female at yahoo de with whom i have no possible connection at all sent directly at me Following that i ran avast which came up with nothing I then ran uniblue spyeraser which came up with with mail all and keylogger.chatlogger detects spyeraser and uniblue a my virus, data r... suspects dissappeared, Received private a lot of bad tracking cookies and a infection called quot keylogger chatlogger quot at quot HKEY LOCAL Received mail with virus, all my private data dissappeared, and uniblue spyeraser detects a keylogger.chatlogger and suspects r... MACHINE SYSTEM CurrentControlSet Enum Received mail with virus, all my private data dissappeared, and uniblue spyeraser detects a keylogger.chatlogger and suspects r... Root LEGACY NM capabilities quot which doesn't even exist and the infection remain at every scan after start up even though uniblue removes or quans it everytime and other quot Malware General Components quot I also removed the registry keys of the malware components via regedit and the removed quot malware component quot did not return At the immediate next startup after the first uniblue and avast scan my firefox browser data like all my passwords bookmarks applications and msn accounts and some other profile data dissappeared from my side of computer Which meant i had Received mail with virus, all my private data dissappeared, and uniblue spyeraser detects a keylogger.chatlogger and suspects r... to reenter my passwords and profiles to reaccess them so I changed all my pass as well Then i used avira which found quot Virus or unwanted program 'TR Crypt XPACK Gen trojan ' detected in file 'C WINDOWS Temp avast unp tmp quot quot Virus or unwanted program 'TR Crypt XPACK Gen trojan ' detected in file 'C WINDOWS Temp avast unp tmp quot the file appears invisible inside the folder with the second one appearing after the first removed and has been changing its numeric code very often eg to unp tmp unp tmp unp tmp quot C Documents and Settings z Local Settings Application Data Mozilla Firefox Profiles nfethmgg default Cache A A A Bd ' contained a virus or unwanted program 'HEUR HTML Malware' heuristic quot quot C Documents and Settings y Local Settings Temporary Internet Files Content IE Z A SIB a a htm'contained a virus or unwanted program 'HTML Dldr Iframe FR' virus quot I then tried avg anti-spyware which only found some tracking cookies spybot SD which found nothing at all as it could not get access to its malware and trojan database TrendMicro RootkitBuster RUBotted which both found nothing I also used Trendmicro HouseCall online which removed viral file and suspicious files but i have not recorded them down So currently the quot keylogger chatlogger quot still exist at every startup and im very paranoid about typing every word and feels very uncomfortable about my entire system and basically im expecting new stuff at every scan DDS Ver - - - FAT x Run by z at on WedInternet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV AntiVir Desktop On-access scanning enabled Updated AD - F - A-A -FDD C AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D FW ZoneAlarm Firewall enabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system ZONELABS vsmon exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system VTTimer exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir Desktop sched exeC WINDOWS RTHDCPL EXEsvchost exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Common Files Apple Mobile Device Supp... Read more

A:Received mail with virus, all my private data dissappeared, and uniblue spyeraser detects a keylogger.chatlogger and suspects r...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/246981/received-mail-with-virus-all-my-private-data-dissappeared-and-uniblue-spyeraser-detects-a-keyloggerchatlogger-and-suspects-rootkits/
Relevancy 39.13%

Can I delete those and reinstall Win se in DOS mode but will the registry key will still be there here's the Hijackthis Logs maybe other crap is there but didnt notice it or dont know thanks guys wonderfull sites espacially for online scanning that deleted a lot of crap Startup) Mprexe.exe(says Opaserv.t) Pro With I At In Virus) St... Mechanic Msgsrv32.exe(says And Got Litmus 6(file Virus System A damn my kaspersky antirus is totally BS Housecalling found or files spyware virus trojan etc and Bitfender found other files I might think to scan it with panda now since both others found totally I Got A Virus In Msgsrv32.exe(says Litmus Virus) And Mprexe.exe(says Opaserv.t) With System Mechanic Pro 6(file Startup) At St... different crap files Do i need to get or antivirus it seems none can do the job alone AVG last version Logfile of HijackThis v Scan saved at on - - Platform Windows SE Win x A MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLLC WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM mmtask tskC PROGRAM FILES SYGATE SPF SMC EXEC WINDOWS EXPLORER EXEC WINDOWS SYSTEM ATICWD EXEC WINDOWS SYSTEM SYSTRAY EXEC WINDOWS SYSTEM WMIEXE EXEC PROGRAM FILES AEI INTERNET INC AEI HIGHSPEED INTERNET APP ENTERNET EXEC PROGRAM FILES INTERNET EXPLORER IEXPLORE EXEC WINDOWS SYSTEM PSTORES EXEC WINDOWS SYSTEM DDHELP EXEC PROGRAM FILES MOZILLA FIREFOX FIREFOX EXEC PROGRAM FILES HIJACKTHIS HIJACKTHIS EXER - HKCU Software Microsoft Internet Explorer Main Start Page http www ebay com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHELPER DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run AtiCwd Aticwd exeO - HKLM Run SmcService C PROGRA SYGATE SPF SMC EXE -startguiO - HKLM Run Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUpO - HKLM Run eTrust PestPatrol Active Protection quot H Program Etrust PestPatrol PPActiveDetection exe quot O - HKLM Run SystemTray SysTray ExeO - HKLM Run ScanRegistry C WINDOWS scanregw exe autorunO - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM RunServices TrueVector C WINDOWS SYSTEM ZONELABS VSMON EXE -serviceO - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM RunServices SmcService C PROGRAM FILES SYGATE SPF SMC EXEO - HKLM RunServices ioloDelayModule C Program Files iolo System Mechanic Professional delay exeO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - Startup Kaspersky Anti-Virus Monitor lnk C Program Files Kaspersky Lab Kaspersky Anti-Virus Personal Pro AvpM exeO - Global Startup ZoneAlarm Pro lnk C Program Files Zone Labs ZoneAlarm zapro exeO - Extra button no name - B E C - FCB- CF-AAA - C - C PROGRAM FILES JAVA JRE BIN SSV DLL O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C PROGRAM FILES JAVA JRE BIN SSV DLLO - Extra button no name - d f - f - d - - c a - windir bdoscandel exe file missing O - Extra 'Tools' menuitem Uninstall BitDefender Online Scanner v - d f - f - d - - c a - windir bdoscandel exe file missing O - Plugin for spop C PROGRA INTERN Plugins NPDocBox dllO - DPF A A - DA - DAF-B - F E E ActiveScan Installer Class - http acs pandasoftware com activescan as free asinst cabO - DPF D DDB -BDF - B- E E-D F EE BDSCANONLINE Control - http download bitdefender com resources scan oscan cab

A:I Got A Virus In Msgsrv32.exe(says Litmus Virus) And Mprexe.exe(says Opaserv.t) With System Mechanic Pro 6(file Startup) At St...

Virus In Msgsrv32.exe(says Component of Litmus Virus) And Mprexe.exe(says Opaserv.t virus) at Startup.[u] Can I delete those 2 and reinstall Win98se in DOS mode...? but will the registry key will still be there?here's the Hijackthis Logs(maybe other crap is there,but didnt notice it or dont know)thanks guys..wonderfull sites...espacially for online scanning that deleted a lot of crap!,damn my kaspersky antirus is totally BS...Housecalling(found 7 or 8 files(spyware,virus,trojan etc..) and Bitfender(found 5 other files!)...I might think to scan it with panda now...since both 2 others found totally different crap files...Do i need to get 2 or 3 antivirus it seems none can do the job alone... ??AVG last version?the ones in BOLD,are the one I think might be suspicious(mprexe.exe and Msgsrv32.exe are 100% sure)Logfile of HijackThis v1.99.1Scan saved at 12:33:25, on 05-12-18Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\SYGATE\SPF\SMC.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\ATICWD32.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXEC:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\AVPM.EXEC:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\AVPM.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\AEI INTERNET INC\AEI HIGHSPEED INTERNET\APP\ENTERNET.EXEC:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 59.23.201.40:50050O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exeO4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startguiO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "H:\Program\Etrust PestPatrol\PPActiveDetection.exe"O4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -serviceO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXEO4 - HKLM\..\RunServices: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: Kaspersky Anti-Virus Monitor.lnk = C:\Program Files\Kaspersky Lab\... Read more

http://www.bleepingcomputer.com/forums/t/38007/i-got-a-virus-in-msgsrv32exesays-litmus-virus-and-mprexeexesays-opaservt-with-system-mechanic-pro-6file-startup-at-startup/
Relevancy 39.13%

Hi Can you please help as I believe I may be infected After logging on to my computer the Action Centre reports that theFirewall and Virus Protection are turned off with a red cross appearing on the flag on the bottom right hand corner Firewall/Virus & Keystroke - Possible protection Virus Delayed Startup Lag This shows for a good few minutes before disappearing and Mcafee appearing to run normally Also on some occasions going into certain websites causes considerable keystroke lag i e Facebook and the only way to stop this is to restart the computer On looking at the system configuration startup items item Appgraffiti appears which appears online to be malware but this does not show in the programs list to be able to uninstall I tried Possible Virus - Delayed Firewall/Virus protection Startup & Keystroke Lag the Microsoft Fixit facility to uninstall hidden programmes but although Appgraffiti does not appear there are three items showing Name not Available Trying to uninstall one of these fails DDS Log below DDS Ver - - - NTFS AMD Internet Explorer Run by FC at on - - Microsoft Windows Home Premium GMT AV McAfee Anti-Virus and Anti-Spyware Enabled Updated ADA C - F - - A- B E SP McAfee Anti-Virus and Anti-Spyware Enabled Updated C C - - - FA- E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW McAfee Firewall Enabled DA E - - D - - AD FE Running Processes C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS C Program Files x Trusteer Rapport bin RapportMgmtService exe C windows System svchost exe -k LocalServiceNetworkRestricted C windows System svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k LocalService C windows system svchost exe -k netsvcs C windows system svchost exe -k NetworkService C Program Files x PHotkey ASLDRSrv exe C Program Files x PHotkey GFNEXSrv exe C windows System spoolsv exe C windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C windows system CxAudMsg exe C Program Files Common Files EPSON EPW SSRP E S STB EXE C Program Files Common Files EPSON EPW SSRP E S RPB EXE C windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Common Files McAfee Platform McSvcHost McSvHost exe C windows system mfevtps exe C Program Files x Microsoft Application Virtualization Client sftvsa exe C windows system svchost exe -k imgsvc C Program Files McAfee MSC McAPExe exe C windows SysWOW rundll exe C Program Files Common Files McAfee AMCore mcshield exe C windows system rundll exe C windows system wbem wmiprvse exe C windows system wbem unsecapp exe C Program Files Common Files McAfee SystemCore mfefire exe C Program Files x Microsoft Application Virtualization Client sftlist exe C Program Files x Common Files Microsoft Shared Virtualization Handler CVHSVC EXE C windows system SearchIndexer exe C windows system svchost exe -k NetworkServiceNetworkRestricted C windows System WUDFHost exe C windows system taskhost exe C Program Files x PHotkey PHotkey exe C Program Files x PHotkey MsgTranAgt exe C windows system Dwm exe C windows Explorer EXE C Program Files x PHotkey PVDesktop exe C Program Files x PHotkey PVDAgent exe C Program Files x PHotkey MsOsd exe C Program Files x PHotkey MsgTranAgt exe C windows system taskeng exe c Program Files Microsoft Mouse and Keyboard Center ipoint exe c Program Files Microsoft Mouse and Keyboard Center itype exe C Program Files x AmIcoSingLun AmIcoSinglun exe C Program Files FSP FspUip exe C Program Files x Trusteer Rapport bin RapportService exe C Windows system igfxtray exe C Windows system hkcmd exe C Windows system igfxpers exe C Program Files x Intel Intel reg Integrated Clock Controller Service ICCProxy exe C Program Files SRS Labs SRS Control Panel SRSPanel exe C Program Files x Renesas Electronics USB Host Controller ... Read more

A:Possible Virus - Delayed Firewall/Virus protection Startup & Keystroke Lag

Also, attempting to make changes to system configuration startup items and saving changes causes computer to freeze up. Please help as we need this for working from home.

http://www.bleepingcomputer.com/forums/t/550916/possible-virus-delayed-firewallvirus-protection-startup-keystroke-lag/
Relevancy 39.13%

I recently was browsing yahoo when my computer screen went blank and shut off When I restarted or startup icons menu virus desktop pro anti virus, no it I kept getting a virus alert from an antivirus program I did not have loaded on my computer This was anti-virus pro or anti-virus something to that effect I ran AVG and it found sheur trojan and other viruses AVG could not remove all the infections I tried other virus removers and they could not even finish a scan I tried numerous ways to remove the virus and now I have a screen saver and nothing else-no desktop icons or start menu I anti virus pro virus, no desktop icons or startup menu was initially not able to even get the task manager to run but now can at least use that I tried to run the dds and got to the black screen but then it disappears with no report The rootrepeal does the same but I do have the following report that was saved ROOTREPEAL CRASH REPORT ------------------------- Windows Version Windows XP SP Exception Code xc Exception Address x bf Attempt to read from address x Any help would be greatly appreciated at this point Also I tried to boot in safe mode but no luck there either as it stayed on a black screen Thanks in advance Jason

A:anti virus pro virus, no desktop icons or startup menu

Welcome to BCLet's see if we can get a log to postTry this one firstPlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

http://www.bleepingcomputer.com/forums/t/262029/anti-virus-pro-virus-no-desktop-icons-or-startup-menu/
Relevancy 37.84%

I have just finished with my original support and probably have to reformat However I would like to find out what is going on or at least in some contribute to helping someone in the future so I have come here Despite good computer hygiene Adaware Spybot McAfee-now Kasperskey Hijack, & Anti-virus Disabled, Anti-spyware Keylogger, Worms CCleaner HijackThis updating wondering if this might have brought in some problems and Zone Alarm firewall I have problems which I first noticed when I was hijacked from Paypal This showed on my first HJT scan but disappeared without treatment shortly thereafter My antivirus etc have been Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms disabled although they LOOK as if they are working but don't so much as find a cookie anymore--except for CCleaner Spybot doesn't find About Blank but it showed up on the browser scan I tried to delete it and it doesn't show on any scans but I still see it fly by the bottom of my screen as IE pages are loaded When I go to my history or temporary files when I can see them they are mostly ad pages I have tried all the usual CWShredder etc and they don't find anything MWAV is the only scan that has shown much When I submit some suspicious files from comboscan to either VirusScan or Jotti more often than not they jam VirusScan and I get error messages from Jotti that it is either the wrong stream or the file is empty Sometime the folders are empty I have tried to rename them but many times I am not allowed Sometimes when I explore I can see the folders have information but when I go to submit them I get the message they are empty Recently after submitting a file to Jotti I got a page that said quot Prepare to Die quot It also had a photo of a man dressed like a woman leaning over a desk with a big shot facing a another man in a suit When I try to repair or update some of my anti-spyware I often get a navigational error page Also I have noticed than many of my files dates are saying that they are created and modified on June This includes some files I know I had recently accessed installed or tried to delete I am not hopeful but I want to find out what is doing this I know I need to reinstall but I want a good detective to have at it first I ran a newer Hijack This but will include a comboscan with an older version because HijackThis reccomended that I try an older version I was careful while doing the comboscan not to let it access any HijackThis that I already had and not to access the internet for one The scan was quite different I recently also tried IceSword and found many more entries in the startup than have been revealed before It also found items in the drivers and registry but I wasn't sure how to proceed I can't save a log from it but things looked quite different Thanks for the help I don't want to reformat and then find that is thing is in my memory my peripherals and my saved files on CD and reinfect myself again So I do need some urgent help Many thanks amp Happy Hunting Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files AOL Active Virus Shield avp exeC Program Files Dell Printers Additional Color Laser Software Status Monitor DLSDBNT EXEC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS wanmpsvc exeC Program Files Dell Printers Additional Color Laser Software Status Monitor DLPWDNT EXEC Program Files Common Files AOL ee AOLSoftware exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Dell Printers Additional Color Laser Software Status Monitor DLPSP EXEC Program Files AOL Active Virus Shield avp exeC WINDOWS system ctfmo... Read more

A:Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms

Download this program:submit files packerHighlight the files listed below in bold and right-click and selecting copy.C:\WINDOWS\zts2.exeC:\WINDOWS\system32\vcmgcd32.dllC:\WINDOWS\system32\iifgfgf.dllC:\WINDOWS\rundll16.exeC:\WINDOWS\rundl132.dllC:\WINDOWS\logo1_.exeC:\WINDOWS\system32\TASKMGR.COMC:\WINDOWS\REGEDIT.COMC:\WINDOWS\system32\T.COMC:\WINDOWS\R.COMC:\WINDOWS\system32\tmp.regThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example grinler.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

http://www.bleepingcomputer.com/forums/t/85260/anti-spyware-anti-virus-disabled-keylogger-hijack-worms/
Relevancy 37.41%

If he explains it any clearer than me this is the exact same problem - HELP Do I have a trojan or keylogger - Computer Technical Help - Software and Hardware Forum Have noticed this Stub" "Systray.Exe Virus/Keylogger? Help problem since this morning when I opened Firefox and it would just continually load no errors or anything Checked task manager and a strange process was running quot z FF exe quot with the description quot "Systray.Exe Stub" Virus/Keylogger? Help Systray exe stub quot Whenever this was running I could not use the internet Have done multiple virus scans and only one found anything which quot nt info quot and quot DE quot viruses png Now when the process is terminated I manually have to end the Firefox process it doesn't do it itself now then restart it to be able to use the internet Then within minutes I get the Windows UAC pop up asking me if i want to run the executable random file name similar to others and will not go away unless I click yes Weird things I've noticed quot Startup quot folder is gone from start menu Browser wont load pages When the process is ended it clears whatever i had copied to the clipboard ctrl c Have to manually end firefox process If I run any virus programs now they will not find any issues even with this odd process running Please help OTL results attached

A:"Systray.Exe Stub" Virus/Keylogger? Help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/systray-exe-stub-virus-keylogger-help-630479.html
Relevancy 35.26%

So I have two computers that are exactly the same both IBM Windows XP laptops Both had viruses on them The situation on computer got bad and was not allowing the internet to start up so on computer I downloaded Malwarebytes free antivirus software after reading good reviews about it onto a Startup Virus flash drive - the program successfully saved computer Hoping to save computer before it got bad Startup Virus as well I inserted the flash drive back onto computer to copy the Malwarebytes program onto that computer and run it In the middle of the virus scan my arm bumped against the flash drive - and then the screen started becoming quot scrambled quot in pixelated vertical strips then flickered on and off I restarted it with the flash drive out the problem persisted several times after turning the computer off and on What is happening Now when I do make it to Startup Virus the point where I can run malwarebytes on computer it just gets to scanning infections and then starts flickering on off or becoming so scrambled patchy I can't move the mouse or read the screen Is this a virus or a problem caused by hitting the flash drive Any solution to this problem is GREATLY appreciated I'd hate to have killed the computer trying to SAVE it Thanks in advance

http://www.techsupportforum.com/forums/f284/startup-virus-571931.html
Relevancy 35.26%

My antivirus program AVG free on virus startup AP#.htm addition has been picking up some download virus programs on startup For about minutes it picks up numerous files named AP htm AP htm AP#.htm virus on startup and AP htm It quarantines them however they keep coming It also happens at about AM and PM I searched for them on Google and somewhere said to run CCleaner I did but they keep on coming I ran HJT before this problem started so I'll AP#.htm virus on startup post that log AP#.htm virus on startup file too if it helps log txt Any help is appreciated Thanks Deckard's System Scanner v Run by Luke W on - - at Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as Luke W exe ---------------------------------------------- Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C WINDOWS system igfxsrvc exe C Program Files Dell QuickSet quickset exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Dell Media Experience PCMService exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Norton Ghost Agent GhostTray exe C PROGRA SYMANT VPTray exe C Program Files Microsoft IntelliType Pro type exe C Program Files Microsoft IntelliPoint point exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Common Files Real Update OB realsched exe C PROGRA Grisoft AVGFRE avgamsvr exe C Program Files QuickTime qttask exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files DAEMON Tools daemon exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C WINDOWS system ctfmon exe C Program Files AIM aim exe C Program Files DellSupport DSAgnt exe C Program Files Bonjour mDNSResponder exe C Program Files AIM aolsoftware exe C Program Files Canon DIAS CnxDIAS exe C Program Files Symantec AntiVirus DefWatch exe C WINDOWS System GEARSec exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Digital Line Detect DLG exe C Program Files Dell QuickSet NICCONFIGSVC exe C Program Files Norton Ghost Agent VProSvc exe C WINDOWS system svchost exe C Program Files Symantec AntiVirus Rtvscan exe C Program Files Viewpoint Common ViewpointService exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Documents and Settings Luke W Desktop dss exe C PROGRA HIJACK Luke W exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www google com ig dell hl en amp rel amp channel us R - HKCU Software Microsoft Internet Explorer Main Start Page http prod campuscruiser com PageSe welcome amp cp R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKLM Software Microsoft Internet Explorer Main Star... Read more

Relevancy 35.26%

Hi Guys,

I downloaded some stupid .exe file from an unknown site and ran it like an iddiot, knowing it was probably a virus and well, it was.

Now, every time I boot up, svchost asks for permission to run before each and every of my start programs boot. Along with that, it seems to have done something to cause google chrome to fail to load pages very often.
So now I have to deny permission multiple times to scvhost virus before my computer will fully start up.

Could some one please help? I will download and run hijackthis and post a log once someone tells me to.

Thanks
 

A:Startup virus Please Help

Well heres the log. I hope I did it right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:27 PM, on 1/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe&q... Read more

https://forums.techguy.org/threads/startup-virus-please-help.892471/