Windows Support Forum

Is My PC Infected With A Keylogger Or Something Else?

Q: Is My PC Infected With A Keylogger Or Something Else?

I do contract product support for different companies I have established an identity for each plus my personal identity in roboform For several days now my identity buttons on my Roboform browser tool bar have been doing something strange at about minute intervals They seem to not display then display again in sequence From right to left in nano-seconds Very rapidly I Keylogger Else? Something Infected Is With Or My PC A didn't think Is My PC Infected With A Keylogger Or Something Else? much of it at first Don't ask me why I should have immediately been suspicious It's almost like something is reading those identities in sequence A few days back XoftSpy malware program caught a keylogger on my system WebSnitch is a keylogger that captures keystrokes and screenshots The information can be sent to an email address I went through the fix operation and it said it deleted the dll file that was the culprit But still I am having this weird deal happen with the Roboform buttons Now Roboform is not the only program affected by this issue It appears that it is obviously taking up CPU power when it happens but in watching my processes no running program is showing the usage It just spikes to for the to seconds it is happening and then goes back to normal So does what is happening here sound like symptoms you have heard of before or that anyone that reads this post may have experienced and cured ANY thoughts on this issue will be greatly appreciated

http://www.techsupportforum.com/forums/f284/is-my-pc-infected-with-a-keylogger-or-something-else-232699.html
Relevancy 100%
Preferred Solution: Is My PC Infected With A Keylogger Or Something Else?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevancy 54.61%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 47.3%

Hello,
 
I am having a problem with my computer. When i type a letter types different letters for the keys. The letter changes every time i type to different letters.This makes it hard for me to type a readable word.
 
note i did not type this with the infected pc for the above reason.

A:Am I infected i my have a keylogger

Try to install Zemana anti Keylogger free or 15 days trial if you want to be sure you can download for free Zemana Anti Malware for 30 days trial very effective anti-malware from this site www.zemana.com

http://www.bleepingcomputer.com/forums/t/530754/am-i-infected-i-my-have-a-keylogger/
Relevancy 47.3%

Hello I got hacked both my gmail Gmail and WoW I have scanned with F-secure Ad-Aware Spybot and found nothing Therefore I am looking for some extra help I have no idea where it is what kind of keylogger it is or anything about it The only thing I know is that my password changed and they changed again when I tried to retrieve it There was a problem with my Infected a by Keylogger gmer scan I recieved the following error Infected by a Keylogger message C Windows system config system The system cannot find the file specified I did manage to scan however only Services Registry Files C and ADS was checked The rest I couldn't do anything with Hope for a quick answer Regards Matsb Here is my DDS log DDS Ver - - - NTFSX Run by Bjerva at on Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Creative Shared Files CTAudSvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Windows system Dwm exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Program Files x ASUS AsSysCtrlService AsSysCtrlService exe C Program Files x Norton Internet Security Engine ccSvcHst exe C Windows System nvraidservice exe C Windows system wbem wmiprvse exe C Program Files Logitech SetPointP SetPoint exe C Program Files x uTorrent uTorrent exe C Windows system wbem unsecapp exe C Program Files x Norton Internet Security Engine ccSvcHst exe C Program Files x Windows Live Messenger msnmsgr exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files x Skype Phone Skype exe C Windows system SearchIndexer exe C Windows SysWOW Ctxfihlp exe C Program Files x Winamp winampa exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Common Files Java Java Update jusched exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Windows SysWOW CTXFISPI EXE C Windows system svchost exe -k LocalServiceAndNoImpersonation C Users Bjerva AppData Local Apps HW RE KV DJ OBBD X M curs tion eee a b d e e CurseClient exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Skype Plugin Manager skypePM exe C Program Files x Windows Live Contacts wlcomm exe C Windows System svchost exe -k secsvcs C Windows system wuauclt exe C Program Files x Ventrilo Ventrilo exe C Windows SysWOW DllHost exe C HijackThis HijackThis exe C Windows SysWOW NOTEPAD EXE C Program Files x Spybot - Search amp Destroy SDWinSec exe C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files x Mozilla Firefox firefox exe C Program Files x Skype Toolbars Shared SkypeNames exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users Bjerva Downloads dds scr C Windows system conhost exe C Windows system wbem wmiprvse exe Pseudo HJT Report mLocal Page c windows syswow blank htm mWinlogon Userinit userinit exe BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files x common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program files x norton internet security engine coIEPlg dll BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files x norton internet security engine IPSBHO DLL BHO P loggingshjelp for Windows Live d - c - abf- ecc- c - c program files x common f... Read more

http://www.techsupportforum.com/forums/f284/infected-by-a-keylogger-491580.html
Relevancy 47.3%

I have recently been infected with Keylogger with Infected a Keylogger and I have no clue how to remove it i followed the step by step guide and i m about to post the results DDS Ver - - - NTFSx Run by Diljot at Infected with Keylogger on Fri Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Windows system lsm exeC Program Files AVG AVG avgcsrvx exeC Windows system svchost exe -k DcomLaunchC Windows system Infected with Keylogger nvvsvc Infected with Keylogger exeC Windows system svchost exe -k RPCSSC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system nvvsvc exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files SmartSVN bin statuscached exeC Windows system svchost exe -k imgsvcC Program Files TeamViewer Version TeamViewer Service exeC Program Files TomTom HOME TomTomHOMEService exeC Program Files Common Files VMware USB vmware-usbarbitrator exeC Windows system vmnat exeC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Program Files VMware VMware Workstation vmware-authd exeC Windows system vmnetdhcp exeC Windows system Dwm exeC Windows system taskhost exeC Windows system SearchIndexer exeC Program Files AVG AVG avgam exeC Windows Explorer EXEC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Windows system WUDFHost exeC Program Files AVG AVG avgnsx exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files AVG AVG avgcsrvx exeC Program Files Common Files Java Java Update jusched exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Adobe ARM AdobeARM exeC Program Files AVG AVG avgtray exeC Program Files Windows Sidebar sidebar exeC Program Files Windows Live Messenger msnmsgr exeC Program Files PowerArchiver PASTARTER EXEC Program Files LimeWire LimeWire exeC Windows System svchost exe -k LocalServicePeerNetC Program Files Windows Media Player wmpnetwk exeC Program Files iPod bin iPodService exeC Windows system DllHost exeC Program Files Windows Live Contacts wlcomm exeC Program Files iTunes iTunes exeC Program Files Mozilla Firefox firefox exeC Program Files Mozilla Firefox plugin-container exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Users Diljot Downloads Defogger exeC Windows system conhost exeC Windows system DllHost exeC Windows system DllHost exeC Users Diljot Downloads dds scrC Windows system conhost exeC Windows explorer exeC Windows system wbem wmiprvse exeC Windows system Rundll exe Pseudo HJT Report uStart Page hxxp www google ca uInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO CKeyScramblerBHO Object b f - a - - e -c b bc e - c program files keyscrambler KeyScramblerIE dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO C C A-E - b - D - CECB - No FileBHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dllBHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG... Read more

A:Infected with Keylogger

bump, help pleaseEDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

http://www.bleepingcomputer.com/forums/t/332289/infected-with-keylogger/
Relevancy 47.3%

I was told to create a new post so here it is My world of warcraft account was recently hacked and a password change was attempted I have it back now but I still haven t managed to find the source of the keylogger Firstly NOONE else would ever have known my password and additionally an authenticator was placed on the account basically a thing the wow account hackers do to make it a bit harder for the person to retrieve it right away it gives them time to take your gold and sell with Infected keylogger it so this all points to a hack attempt This leaves us with either a keylogger a cracked account unfathomably unlikely or a Blizzard security leak and as Blizzard ASSURE me D its option number and to be honest the nature of it looks that way anyway I still have a keylogger to find I did the DDS Infected with keylogger scan and all virus scans with World of warcraft open and random text in the username and password box some only activate at that moment So far to detect it i have tried with system restore disabled and wow open as stated nod full scankaspersky full scanavast full scanmalwarebyes full scanspybot scanwindows malicious software scanCCleanerAll came up clean unless Ccleaner deleted it then i would have no knowledge but thats unlikely Anyway here are the DDS logs EDIT managed to open and run GMER now inconsistent fellow my computer is log attached DDS Ver - - - NTFSx Run by James at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV Kaspersky Anti-Virus On-access scanning enabled Updated C D BC - - -A F -E C Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Analog Devices SoundMAX Smax exeC Program Files Java jre bin jusched exeC Program Files Common Files Adobe ARM AdobeARM exeC WINDOWS system RUNDLL EXEC Program Files Analog Devices Core smax pnp exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Java jre bin jqs exeC WINDOWS system ctfmon exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Program Files SAGEM SAGEM F st - dslmon exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC Program Files Kaspersky Lab Kaspersky Anti-Virus klwtblfs exeD Programs World of Warcraft WoW exeC Documents and Settings James Desktop dds scr Pseudo HJT Report BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky anti-virus ievkbd dllBHO C C A-E - b - D - CECB - No FileBHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO Windows Live Toolbar Helper e a dc - - a - ea-dc ec acf - c program files windows live toolbar wltcore dllBHO FilterBHO Class e cf -d - a- f - f a f - c program files kaspersky lab kaspersky anti-virus klwtbbho dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB amp Windows Live Toolbar fa ef- d- d - b f- a d - c program files windows live toolbar wltcore dlluRun CTFMON EXE c windows system ctfmon exemRun SoundMAX quot c program files analog devices soundmax Smax exe quot traymRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun... Read more

A:Infected with keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/328419/infected-with-keylogger/
Relevancy 47.3%

Hello everyone This morning I was unfortunately informed by my World of Warcraft colleagues that my characters were logging on and off in and erratic fashion around A M Unfortunately I didn't stop them in time from wiping my characters clean I called Blizzard to talk with them and they notified me that my email was most likely compromised too I checked my GMail and sure enough there a Keylogger Infected with was a login from originating from Infected with a Keylogger the Asian Pacific according to Who is I immediately changed my passwords Infected with a Keylogger on a different computer and went back to the WoW computer to begin scans After running AVG Free Spybot and Malware Bytes nothing could be found As a last resort I opened up a command line and started running netstat to monitor the connections Whenever I ran WoW or Firefox I started noticing random addresses monitoring port which is what WoW uses as its main TCP port I started punching these addresses into Who is noticing several of them were also from the Asian Pacific I'm not sure where this keylogger came from but I'm seriously concerned about using my computer to enter sensitive information now I'm out of ideas and can't do anything but watch the connections come and go on netstat Any and all help that can be offered will be tremendously appreciated Matt DDS Ver - - - NTFSx Run by Matt at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated FW Norton Internet Worm Protection disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cisco Systems VPN Client cvpnd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Google Update GoogleUpdate exe C Program Files LogMeIn x RaMaint exe C Program Files LogMeIn x LogMeIn exe C Program Files LogMeIn x LMIGuardian exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Sony VAIO Event Service VESMgr exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe C WINDOWS system igfxtray exe C WINDOWS system igfxpers exe C Program Files LogMeIn x LogMeInSystray exe C Program Files iTunes iTunesHelper exe C Program Files LogMeIn x LMIGuardian exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Yahoo Widgets YahooWidgetEngine exe C Program Files Apoint Apntex exe C Program Files Yahoo Widgets YahooWidgetEngine exe C Program Files iPod bin iPodService exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C WINDOWS system igfxsrvc exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system mspaint exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgtray exe C Program Files Mozilla Firefox firefox exe C PROGRA AVG AVG avgnsx exe C Documents and Settings Matt Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uInternet Connection Wizard ShellNext hxxp www sony com vaiopeople uInternet Settings ProxyOverride local mSearchAssistant hxxp www google com ie uURLSearchHooks AOLSearchHook Class eb ea-e be- cfd- f f-c a c eafa - BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO AOL Search Enhancement eb ea-e be- cfd- f f-c a c eafa - AOLSearchHook Class BHO SSVHelper Class bb-d f -... Read more

A:Infected with a Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/219958/infected-with-a-keylogger/
Relevancy 47.3%

Accounts i own for WoW have been stolen recently and i think it could be a keylogger A scan with Malwarebytes always finds - threats all related keylogger infected with to flashd dll it says that it removes them all successfully but another scan shows the infected with keylogger same results as last time Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC infected with keylogger Program Files Logitech GamePanel Software LGDevAgt exeC Program Files Logitech GamePanel Software G-series Software LGDCore exeC Windows SOUNDMAN EXEC Program Files DNA btdna exeC Windows ehome ehtray exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Windows ehome ehmsas exeC Windows System cmd exeC Windows system msdio exeC Windows System mobsync exeC Program Files Malwarebytes' Anti-Malware mbam exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro infected with keylogger HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO c ebf- f- dfb- -ef b - b- fe- -bfd -f fbe c - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO no name - C C A- E - E -B E - E C CA - C Windows system vtULeeDT dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - Toolbar no name - B DC F-A - D-BBA -CA B - no file O - Toolbar no name - F - C- BF- - E EA - no file O - HKLM Run Launch LgDevAgt quot C Program Files Logitech GamePanel Software LgDevAgt exe quot O - HKLM Run Launch LGDCore quot C Program Files Logitech GamePanel Software G-series Software LGDCore exe quot SHOWHIDEO - HKLM Run amd dc opt C Program Files AMD Dual-Core Optimizer amd dc opt exeO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run AdobeCS ServiceManager quot C Program Files Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbyloginO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run Windows Defender C Windows system KB EXEO - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKCU Run ehTray exe C Windows ehome ehTray exeO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOCAL SERVICE' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'NETWORK SERVICE' O - HKUS S- - - RunOnce FlashPlayerUpdate C Windows system Macromed Flash FlashUtil f exe User 'SYSTEM' O - HKUS DEFAULT RunOnce FlashPlayerUpdate C Windows system Macromed Flash FlashUtil f exe User 'Default user' O - Global Startup Logitech Desktop Messenger lnk C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeO - Extra context menu item E amp xpor... Read more

A:infected with keylogger

Update: Flashd32.dll removed using avast. A review of my most recent HJT Log would be much appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:25:36 PM, on 9/21/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18294)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Logitech\GamePanel Software\LGDevAgt.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\Windows\SOUNDMAN.EXEC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\DNA\btdna.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\msdio.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\regedit.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: {918c4ebf-967f-8dfb-5424-ef35b3116481} - {1846113b-53fe-4245-bfd8-f769fbe4c819} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: (no name) - {5C503C7A-97E6-4E81-B6E4-81E21C4CA614} - C:\Windows\system32\vtULeeDT.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: (no name) - {1B27DC3F-A487-486D-BBA8-CA45373B1457} - (no file)O3 - Toolbar: (no name) - {7650F636-477C-43BF-8852-09E3EA089951} - (no file)O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Windo... Read more

http://www.bleepingcomputer.com/forums/t/256764/infected-with-keylogger/
Relevancy 47.3%

Hi I was recently had a game account compromised and was told it is likely the result of a keylogger or similar virus I tried running Avast antivirus malewarebytes and spybot normally in safe mode and while the game s launcher a Infected with keylogger? was running and found not a hint of any virus malware adware or anything I was also told to try running ComboFix was annoyed to find that in other places namely here that I should not have run it I did nothing Infected with a keylogger? with it however anything it did it did by itself In anycase I was unable to find anything but I am afraid of my bank account credit card and Infected with a keylogger? so forth becoming hijacked I did change all my passwords on a different computer and haven t had any problems other than with the game A note for the gmer scan however I think I may have been wrong in running it in safemode but I had someone insist that I should I can run it again in normal mode DDS Ver - - - NTFSx Run by Gamer at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning disabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Gigabyte EasySaver ESSVR EXEC Program Files Java jre bin jqs exeC Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wuauclt exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC PROGRA ALWILS Avast ashDisp exeC Program Files iTunes iTunesHelper exeC Program Files DivX DivX Update DivXUpdate exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Steam Steam exeC Program Files AIM aim exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files Sony Sony Picture Utility VolumeWatcher SPUVolumeWatcher exeC WINDOWS System svchost exe -k HTTPFilterC Program Files OpenOffice org program soffice exeC Program Files OpenOffice org program soffice binC Program Files iPod bin iPodService exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files Mozilla Firefox firefox exeC WINDOWS system wuauclt exeC WINDOWS system igfxsrvc exeC WINDOWS system wscntfy exe C WINDOWS system WBEM WMIADAP EXEC Documents and Settings Gamer Desktop dds scr Pseudo HJT Report uInternet Settings ProxyOverride localBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO C C A-E - b - D - CECB - No FileBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO Foxit Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB Foxit Toolbar d c f- a- -a ad- d - c program files ask com GenericAskToolbar dlluRun msnmsgr quot c program files windows live messenger msnmsgr exe quot backgrounduRun Steam quot c program files steam Steam exe quot -silentuRun Aim quot c program files aim aim exe quot d locale en-CAmRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun Persistence c windows system igfxpers exemRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRunmRun ATICustomerCare quot c program files ati aticustomercare ATICustomerCare exe quot mRun QuickTime Task quot c... Read more

A:Infected with a keylogger?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/321963/infected-with-a-keylogger/
Relevancy 47.3%

Help! My screen is all black and various browser windows open with adds for spyware/malware removers. I can't open Task manager, which warns me that it has been disabled by the Administrator. I can't log on as Administrator ( I have never done this before, so I don't have a password. The trojan keeps opening several instances of Internet Explorer and Firefox, and also the "My Documents" folder. My anti-spyware, anti-virus (Zone Alarm)will not open all the way, and the last scans I was able to run found no infection. Ad-Aware keeps finding and deleting malware, but it seems to have no effect. I enabled my wife's Mac to receive my e-mail because I am afraid to leave this machine online.

http://www.bleepingcomputer.com/forums/t/213147/infected-with-keylogger/
Relevancy 47.3%

I ve recently discovered that on one of three computers I have a keylogger trojan virus thing Someone has gotten hold of my email password and one of my game s passwords Thankfully I think they re just after stuff on the game instead of anything important but I still need to get the infection off my computer Unfortunately I have computers and any of the may be infected One of them was reformatable because I had a factory restore image and did that So one of the computers I know is clean But it s not like I went quot Oh I have an infection reformat quot I ve run tons of programs trying to find the infection and none of them caught it I ve run Super AntiSpyware Spybot Search and Destroy Adaware Spyware Blaster Malwarebytes AntiSpyware Avira s virus scan Threat Fire Microsoft Windows Malicious Software Removal Tool and with keylogger a Might infected be I m probably forgetting a couple other things None of them seemed Might be infected with a keylogger to come back with anything more harmful than cookies Might be infected with a keylogger And after running all those changing passwords around myself I still woke up the next day and found that they still had gotten hold of my new passwords so they still had something on one of my computers So that s when I reformatted the first computer The second computer doesn t have a factory restore image and if I had got a similar type disc Might be infected with a keylogger I ve long since lost it I also don t have a Windows CD so reformatting is not an option on the second computer The third computer I could reformat like the first but I really don t want to if I can help it So anyway the logs I was following the instructions on the Preparation guide and was able to use the DDS scanner and get those logs but the gmer rootkit scanner whenever I tried using it it kept crashing my computer to blue screen with the following error message quot STOP c Fatal System Error The Windows Logon Process system process terminated unexpectedly with a status of x x x The system has been shut down quot so I couldn t get that log Also since I have two computers that I d like to get looked at should I post them in two different topics or should I post the other one here Here s the DDS log with the attach txt one attached as per Preparation Guide instructions DDS Ver - - - NTFSx Run by Hunter at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AntiVir Desktop On-access scanning enabled Updated AD - F - A-A -FDD C Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchC WINDOWS system svchost -k rpcssC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k NetworkServiceC WINDOWS system svchost exe -k LocalServiceC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir Desktop sched exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exe -k LocalServiceC WINDOWS Explorer EXEC Program Files Avira AntiVir Desktop avguard exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Avira AntiVir Desktop avshadow exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Java jre bin jqs exec PROGRA mcafee SITEAD mcsacore exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Dell Support Center bin sprtsvc exeC Program Files ThreatFire TFService exeC Program Files Windows Media Player WMPNetwk exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files ThreatFire TFTray exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system wbem wmiprvse exeC WINDOWS System alg exeC WINDOWS system dllhost exeC WINDOWS system msdtc exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC WINDOWS system wbem wmiprvse exeC WINDOWS system wscript exeC Document... Read more

A:Might be infected with a keylogger

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.QUOTEAlso, since I have two computers that I'd like to get looked at, should I post them in two different topics, or should I post the other one here? we will work on them one at a time (so we don't get confused about witch one we are working on) and in different topics ( it makes research later more easier)That being siad i want you to run this.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

http://www.bleepingcomputer.com/forums/t/318694/might-be-infected-with-a-keylogger/
Relevancy 47.3%

Hello all I'm currently infected with a Keylogger which is tracking everything I type and posting it to a log file logdll txt located in Temp folder inside Infected with Keylogger! Documents amp Settings folder This is of huge concern to me as I'm worried about getting various accounts hacked into I have tried Infected with Keylogger! everything in my limited knowledge to find out what's creating this log and to remove the cause but I have failed I've tried on my th anti-virus Ran NOD scans AVG scans Avast scans and currently working on running Kaspersky scans and none so far have detected fixed my main problem When I opened the log file to browse its content I got a message from the Microsoft net Framework that was accessing the file so I removed Frameworks and from my computer via add remove programs This stopped the log from being created although likely caused some other problems for my PC but I had to reinstall them as I need programs for my University work My PC has some major problems aside from this Keylogger which I am sure you will be able to detect from the log files I will post I am also new to these programs and how to use them so advice is welcome Below is the log from Hijackthis and attached are the results from RootRepeal I tried to install run dds scr but got an error 'Access Denied' every time and yes I tried disabling anti-virus and I am administrator but I guess I am also a noob HIJACKTHIS LOG Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Spyware Doctor BDT BDTUpdateService exeC Program Files Java jre bin jqs exeC Program Files Motorola MotoConnectService MotoConnectService exeC WINDOWS Explorer EXEC Program Files Motorola MotoConnectService MotoConnect exeC Documents and Settings Colonel Sanders My Documents System winupdate exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system ctfmon exeC Documents and Settings Colonel Sanders My Documents System msascui exeC Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exeC WINDOWS system tlntsvr exeC Program Files Mozilla Firefox firefox exeC Program Files Kaspersky Lab Kaspersky Anti-Virus klwtblfs exeC Program Files Trend Micro HijackThis HijackThis exeC Documents and Settings Colonel Sanders Desktop RootRepeal exeC Program Files Skype Phone Skype exeC Program Files Skype Plugin Manager skypePM exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO FG CatchUrl - F -AA - B - F D- A B E EF - no file O - BHO Browser Defender BHO - A F D B- - FF -B - CCE E - C Program Files Spyware Doctor BDT PCTBrowserDefender dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file m... Read more

A:Infected with Keylogger!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT

Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

http://www.bleepingcomputer.com/forums/t/273520/infected-with-keylogger/
Relevancy 47.3%

Friend linked me to a bad site malware and virus scanners show clean only cookies Is there any baddies on my be (maybe May log infected keylogger) DDS with system May be infected (maybe keylogger) with DDS log Is there a keylogger Is there anything at all DDS Ver - - - NTFSx Run by Franco at on Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C May be infected (maybe keylogger) with DDS log ACF SP SUPERAntiSpyware enabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exe C Windows May be infected (maybe keylogger) with DDS log system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Avira AntiVir Desktop avguard exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files LightScribe LSSrvc exe c Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files HP QuickPlay Kernel TV QPCapSvc exe C Program Files CyberLink Shared Files RichVideo exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HP QuickPlay Kernel TV QPSched exe C Windows system taskeng exe C Windows System alg exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Motorola SMSERIAL sm hlpr exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP Digital Imaging bin HpqSRmon exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Java jre bin jusched exe C Windows RtHDVCpl exe C Windows System igfxtray exe C Windows system wbem wmiprvse exe C Windows System igfxpers exe C Windows system igfxsrvc exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files iTunes iTunesHelper exe C Program Files Common Files LightScribe LightScribeControlPanel exe C Program Files Windows Live Messenger msnmsgr exe C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Windows ehome ehmsas exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files Hewlett-Packard Shared HpqToaster exe C Program Files Windows Media Player wmpnetwk exe C Program Files iPod bin iPodService exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files Synaptics SynTP SynTPHelper exe c Program Files Hewlett-Packard HP Health Check hphc service exe C Program Files Windows Live Contacts wlcomm exe C Windows system conime exe C Program Files LimeWire LimeWire exe C Program Files uTorrent uTorrent exe C Users Franco AppData Local Google Chrome Application chrome exe C Users Franco AppData Local Google Chrome Application chrome exe C Users Franco AppData Local Google Chrome Application chrome exe C Users Franco A... Read more

Relevancy 47.3%

Hello koala suggested me to follow these steps i have juss completed all the logs and attached here Actually i received an email attachement i downloaded it and ran in my pc after that Norton antivirus detected that its a SC keylogger But i m not sure its still in my pc or not Please review the logs and tell me if there is any malware spyware etc THNX Deckard's System Scanner v Run keylogger with infected by User on - - infected with keylogger Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS explorer exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C WINDOWS system hkcmd exe C Program Files Java j re bin jusched exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Symantec AntiVirus VPTray exe C Program Files Common Files Real Update OB realsched exe C Program Files Yahoo Search Protection SearchProtection exe C WINDOWS system BAsfIpM exe C infected with keylogger Program Files Symantec AntiVirus DefWatch exe C Program Files Dell OpenManage Client Iap exe C Program Files MSN Messenger msnmsgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system ctfmon exe C WINDOWS system svchost exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Symantec AntiVirus Rtvscan exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files MSN Messenger usnsvc exe C WINDOWS system ntvdm exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Internet Explorer iexplore exe C Documents and Settings User Local Settings Temporary Internet Files Content IE DGRNEE dss exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com cust www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www google com ie R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com cust www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkI... Read more

Relevancy 47.3%

DDS Ver - - - NTFSx Internet Explorer Run by R M at on - - Microsoft Windows Vista Home Premium GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Program with infected keylogger Files Microsoft Security Client Antimalware MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService infected with keylogger C Windows system atieclxx infected with keylogger exe C Windows System WLTRYSVC EXE C Windows system WLANExt exe C Windows System bcmwltry exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system AERTSrv exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder infected with keylogger exe C Windows system svchost exe -k bthsvcs C Windows system svchost exe -k hpdevmgmt C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Program Files TomTom HOME TomTomHOMEService exe C ProgramData TVersity Media Server MediaServer exe C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system WUDFHost exe C Windows system taskeng exe C Windows Microsoft NET Framework v mscorsvw exe C Program Files Microsoft Security Client Antimalware NisSrv exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Malwarebytes Anti-Malware mbamservice exe C Program Files Microsoft Security Client msseces exe C Windows System WLTRAY EXE C Program Files DivX DivX Update DivXUpdate exe C Program Files Common Files Java Java Update jusched exe C Program Files iTunes iTunesHelper exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Windows ehome ehtray exe C Program Files Windows Live Messenger msnmsgr exe C Windows ehome ehmsas exe C Users R M AppData Local Audiogalaxy Audiogalaxy exe C Program Files TomTom HOME TomTomHOMERunner exe C Program Files GetRight GetRight exe C Users R M AppData Roaming Dropbox bin Dropbox exe C Users R M AppData Roaming Microsoft Windows Start Menu Programs Startup hpqtra exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files Windows Live Contacts wlcomm exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files HP Digital Imaging bin hpqgpc exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Windows system rundll exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Google Chrome Application chrome exe C Users R M AppData Local Goo... Read more

A:infected with keylogger

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413915 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER... Read more

http://www.bleepingcomputer.com/forums/t/413915/infected-with-keylogger/
Relevancy 47.3%

Hi--- I got a message from CA anti-virus saying I was infected Also got a XP pop-up saying certain Windows files had been replaced and to reinstall SP from CD which I don't have I installed SP instead My problem is that my cursor moves from left to right through a word whenever it's selected or even if the cursor is placed in the middle From letter to Possible Keylogger Infected, letter to the end of the address word whatever No control over this Also whenever drop down menus are selected it jumps to Infected, Possible Keylogger the bottom On multiple button menus it just keeps jumping to and highlighting button after button after button Never did this before I got the two warnings Below is my hijackthis log Please somebody help Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus ISafe exeC Program Files CA SharedComponents PPRT bin ITMRTSVC exeC WINDOWS System svchost exeC Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus VetMsg exeC Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVRID exeC Program Files CA eTrust Internet Security Suite cctray cctray exeC Program Files Java jre bin jusched exeC Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files CA eTrust Internet Security Suite CA Anti-Spyware CAPPActiveProtection exeC Program Files CA eTrust Internet Security Suite CA Anti-Spyware PPCtlPriv exeC Program Files CA eTrust Internet Security Suite ccprovsp exeC Program Files iPod bin iPodService exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run CAVRID quot C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVRID exe quot O - HKLM Run cctray quot C Program Files CA eTrust Internet Security Suite cctray cctray exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ArcSoft Connection Service C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Verizon Custom Uninstall Tracking C DOCUME kresch LOCALS Temp InstallHelper exe uninstalltrackingvendor VerizonO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe User 'SYSTEM' O - HKUS DEFAULT Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra... Read more

A:Infected, Possible Keylogger

Hello cpkresch,Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

http://www.bleepingcomputer.com/forums/t/152380/infected-possible-keylogger/
Relevancy 47.3%

My computer at the moment is affected with many viruses including Keylogger ( some body tried to hack me ), I am able to get on the internet because I restored my computer a earlier working state. Can you guys give me any tips on how to remove all these viruses?

http://www.bleepingcomputer.com/forums/t/432126/infected-with-keyloggermore/
Relevancy 47.3%

Hi My laptop has with Infected (pws.wow) keylogger been infected A Spybot scan has shown that a keylogger pws wow a Infected with keylogger (pws.wow) World of Warcraft keylogger was found on my machine Further scans from ad-aware Spybot again and AVG did not find anymore infections However I am unsure if that is the case as Spybot only found the trojan in one location To my knowledge keyloggers like these are often replicate and hide themselves in many places Please help me check if my laptop is clean thank you in advance Here is the log Logfile of random's system information tool written by random random Run by Jonathan at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS system nvsvc exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgemc exeC WINDOWS system rundll exeC WINDOWS System svchost exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC Program Files Dell QuickSet quickset exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Dell Media Experience DMXLauncher exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Razer Copperhead razerhid exeC PROGRA Intel Wireless Bin Dot XCfg exeC Program Files Razer Copperhead razerofa exeC Program Files Java jre bin jusched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC WINDOWS system dla tfswctrl exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC Program Files Messenger msmsgs exeC Program Files Microsoft ActiveSync WCESCOMM EXEC WINDOWS system ctfmon exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exeC Program Files Digital Line Detect DLG exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC WINDOWS system svchost exeC Program Files iPod bin iPodService exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Windows Live Messenger usnsvc exeC Program Files AVG AVG avgtray exeC Program Files AVG AVG avgui exeC Program Files AVG AVG avgscanx exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeC Downloads RSIT exeC Program Files Trend Micro HijackThis Jonathan exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www ap dell com content default as l en amp s genR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - Hosts cuteworm comO - Hosts www cuteworm comO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker Nav... Read more

A:Infected with keylogger (pws.wow)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/181833/infected-with-keylogger-pwswow/
Relevancy 47.3%

I just clicked a keylogger on the WoW forums http forums worldofwarcraft com thread h amp sid if the URL helps I'm not typing my password into anything but I'm not sure what to do to remove it I'm installing AVG atm to see if I can get Infected With Keylogger rid of it but meanwhile I would appreciate it if anyone would take a look at my HijackThis log Any help is greatly appreciated Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC PROGRA LAUNCH LManager exeC Program Files Java jre bin jusched exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Acer Empowering Technology ePerformance MemCheck exeC Program Files Ray Adams ATI Tray Tools atitray exeC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Common Files LightScribe LSSrvc exeC Program Files CyberLink Shared Infected With Keylogger Files RichVideo exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Mozilla Firefox Infected With Keylogger firefox exeC Program Files mIRC mirc exeC Program Files iTunes iTunes exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http en us acer yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http en us acer yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http en us acer yahoo comR - HKCU Software Microsoft Internet Connection Wizard ShellNext http en us acer yahoo com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - c Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run AzMixerSel C Program Files Realtek InstallShield AzMixerSel exeO - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run Boot C Acer Empowering Technology ePower Boot exeO - HKLM Run LManager C PROGRA LAUNCH LManager exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ePower DMC C Acer Empowering Technology ePower ePower DMC exeO - HKLM Run ClockGen C Documents and Settings Simon Pan Desktop ClockGen exe -i p O - HKLM Run winpol C WINDOWS system winpol exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run ISUSPM quot C Program Files Common Files InstallShield UpdateService ISUSPM exe quot -schedulerO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - Startup ATI Tray Tools lnk C Program Files Ray Adams ATI Tray Tools atitray exeO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - E... Read more

A:Infected With Keylogger

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Scan again with HijackThis and put a checkmark next to the following entry (if present): O4 - HKLM\..\Run: [winpol] C:\WINDOWS\system32\winpol.exeThen close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.Download KillBox from the following link :http://www.bleepingcomputer.com/files/killbox.phpUnzip the folder to your desktop.Start Killbox.exeSelect the "Delete on Reboot" option.Click on the "All Files" button (!important!),which will then flash green.Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:C:\WINDOWS\system32\winpol.exeOpen 'file' in the killbox menu on top and choose Paste from clipboardYou must use the file menu--pasting by right-clicking the mouse will only enter one file.Then press the button that looks like a red circle with a white X in it.Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".Click OK at any Pending File Rename Operations prompts, let me know if there appear.If you don't get that message, reboot manually.Your computer should reboot now.Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply.Please scan once more with HijackThis and post the new log in your next reply, along with the Combofix report.Thanks,Charles

http://www.bleepingcomputer.com/forums/t/100551/infected-with-keylogger/
Relevancy 47.3%

Hey folks My brother was going through his email and clicked on a link from a phony Blizzard Entertainment email He told me the link brought up a page with a bunch of coded text before he exited it My before Am Never keylogger a ? infected had I AVG was not running at the time and since then i have preformed a full scan with AVG free and XoftSpySE and found nothing I downloaded Hijack This and scanned and here is a copy of my following log I would like Am I infected ? Never had a keylogger before to know if i am infected and if it does not show in this report is it conclusive What Am I infected ? Never had a keylogger before are my alternatives to finding out Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWSSystem smss exeC WINDOWSsystem csrss exeC WINDOWSsystem winlogon exeC Am I infected ? Never had a keylogger before WINDOWSsystem services exeC WINDOWSsystem lsass exeC WINDOWSsystem svchost exeC WINDOWSsystem svchost exeC WINDOWSsystem svchost exeC Program FilesAVGAVG avgchsvx exeC Program FilesAVGAVG avgrsx exeC WINDOWSsystem svchost exeC Program FilesAVGAVG avgcsrvx exeC WINDOWSExplorer EXEC WINDOWSSOUNDMAN EXEC WINDOWSsystem RUNDLL EXEC WINDOWSsystem ctfmon exeC Program FilesWindows Media PlayerWMPNSCFG exeC WINDOWSsystem svchost exeC WINDOWSSystem svchost exeC WINDOWSsystem nvsvc exeC Program FilesWindows Media PlayerWMPNetwk exeC WINDOWSSystem alg exeC Program FilesSecurity Task ManagerTaskMan exeC Program FilesWorld of WarcraftWoW exeC Program FilesInternet ExplorerIEXPLORE EXEC Program FilesInternet ExplorerIEXPLORE EXEC Program FilesInternet ExplorerIEXPLORE EXEC Program FilesAIMaim exeC WINDOWSsystem msiexec exeC Program FilesTrend MicroHiJackThisHiJackThis exeR - HKCUSoftwareMicrosoftInternet ExplorerMain Start Page http google com R - HKLMSoftwareMicrosoftInternet ExplorerMain Default Page URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Default Search URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program FilesAVGAVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWSsystem NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWSsystem NvMcTray dll NvTaskbarInitO - HKCU Run ctfmon exe C WINDOWSsystem ctfmon exeO - HKCU Run WMPNSCFG C Program FilesWindows Media PlayerWMPNSCFG exeO - Extra button no name - e e dd -d - - b -f ba - C WINDOWSNetwork Diagnosticxpnetdiag exeO - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWSNetwork Diagnosticxpnetdiag exeO - Extra button Messenger - FB F -F - d -BB E- C F - C Program FilesMessengermsmsgs exeO - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program FilesMessengermsmsgs exeO - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsupdate b O - DPF E E F- F- FB - -AC BF A - http platformdl adobe com NOS getPlusPlus gp cabO - DPF E F EB-E AB- - F - DBAF A Windows Live Hotmail Photo Upload Tool - http gfx hotmail com mail w pr photo ol MSNPUpld cabO - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program FilesAVGAVG avgpp dllO - Winlogon Notify avgrsstarter - avgrsstx dll file missing O - SharedTaskScheduler Browseui preloader - C -A BA- D -B B- A C E - C WINDOWSsystem browseui dllO - SharedTaskScheduler Component Categories cache daemon - C EF- B - d -BE - C - C WINDOWSsystem browseui dllO - ... Read more

A:Am I infected ? Never had a keylogger before

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/340816/am-i-infected-never-had-a-keylogger-before/
Relevancy 47.3%

Got this after visiting a site quot IF U QUIT THE-PKZ I WILL HACK U txt tried to load with Infected Keylogger when restarted computer minutes later it tried to install armadax keylogger then restarted again and got of these http img imageshack us img shot qq png along with my windows saying it had a serious error or something Infected with Keylogger Also my mIRC now crashes when I try to load it Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Infected with Keylogger Common Files LightScribe LSSrvc exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc Infected with Keylogger exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS Explorer EXE C PROGRA McAfee com Agent mcagent exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exe C Program Files SlySoft CloneCD CloneCDTray exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C WINDOWS System DLA DLACTRLW EXE C Program Files Java jre bin jusched exe C Program Files SiteAdvisor SiteAdv exe C Program Files Winamp winampa exe C Program Files Common Files Real Update OB realsched exe C Program Files Microsoft LifeChat LifeChat exe C Program Files AIM aim exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Gadwin Systems PrintScreen PrintScreen exe C PROGRA WINDOW MESSEN DEVICE msgrdvmn exe C Program Files Common Files Sonic Shared CineTray exe C Program Files Java jre bin javaw exe C Program Files SiteAdvisor SAService exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files VentSrv ventrilo svc exe C Program Files Viewpoint Common ViewpointService exe C Program Files VentSrv ventrilo srv exe c WINDOWS system ZuneBusEnum exe C Program Files Teamspeak RC TeamSpeak exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe C PROGRA mozilla org SEAMON SEAMON EXE C Program Files CCleaner CCleaner exe C WINDOWS system notepad exe C WINDOWS system taskmgr exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO Winamp Toolbar BHO - CEE EC- - bc- B - DDC AB C - C Program Files Winamp Toolbar winamptb dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dll O - Toolbar ImageShack Toolbar - D -ABC - -A C-D A E - C WINDOWS ImageShackToolbar ImageShackToolbar dll O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C P... Read more

A:Infected with Keylogger

bump, could really use help :(

http://www.techsupportforum.com/forums/f284/infected-with-keylogger-241892.html
Relevancy 47.3%

My World of Warcraft account was hacked and I suspect it was the work of a keylogger I ran SuperAntiSpyware and Spybot Search and Destroy which found nothing other than some tracking cookies Below is my DDS report Thank you for any help you may be able to give DDS Ver - - - NTFSx Run by John at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Spybot - Search and Destroy enabled Outdated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender disabled Updated D DDC A- F- FAE- E -DA C ACF SP SUPERAntiSpyware enabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Infected with Probably Keylogger Windows system svchost exe -k netsvcs C Probably Infected with Keylogger Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System WLTRYSVC EXE C Windows System bcmwltry exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Intel IntelDH CCU AlertService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system dlbkcoms exe C Program Files Common Files Intel IntelDH NMS AdpPlugins DQLWinService exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee VIRUSS mcods exe c PROGRA COMMON mcafee mcproxy mcproxy exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files McAfee MPF MPFSrv exe C PROGRA McAfee MPS mps exe C Program Files McAfee MSK MskSrver exe C Windows system svchost exe -k NetworkServiceNetworkRestricted c Program Files Common Files Protexis License Service PsiService exe C Program Files SolidWorks COSMOS FloWorks binCFW StandAloneSlv exe C Windows system svchost exe -k imgsvc C Windows system Pen Tablet exe C Program Files Viewpoint Common ViewpointService exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system nvvsvc exe C Program Files Intel IntelDH Intel Media Server Media Server bin ISSM exe C Windows SYSTEM WISPTIS EXE C Program Files Common Files microsoft shared ink TabTip exe C Program Files Intel IntelDH Intel Media Server Shells MCLServiceATL exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system WUDFHost exe C Program Files Intel IntelDH Intel Media Server Media Server bin mediaserver exe C Program Files Intel IntelDH Intel Media Server Shells Remote UI Service exe C Windows system taskeng exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe C Windows system svchost exe -k WindowsMobile C PROGRA McAfee com Agent mcagent exe C Windows system Dwm exe C Windows Explorer EXE C Program Files McAfee MPS mpsevh exe C Windows SYSTEM WISPTIS EXE C Program Files Common Files microsoft shared ink TabTip exe C Windows System CtHelper exe C Windows System CTXFIHLP EXE C Windows system taskeng exe C Windows System WLTRAY EXE C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Logitech G-series Software LGDCore exe C Program Files iTunes iTunesHelper exe C Windows system WTablet Pen TabletUser exe C Windows system Pen Tablet exe C Program Files Windows Sidebar sidebar exe C Program Files DAEMON Tools Lite daemon exe C Program Files Intel IntelDH CCU CCU Engine exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Windows Media Player wmpnscfg exe C Program Files Stardock ObjectDock ObjectDock exe C Program Files Microsoft IntelliPoint dpupdchk exe C ... Read more

A:Probably Infected with Keylogger

UPDATE: I downloaded and ran MBAM, here is my log:

Malwarebytes' Anti-Malware 1.41
Database version: 2880
Windows 6.0.6001 Service Pack 1

9/30/2009 10:18:10 PM
mbam-log-2009-09-30 (22-18-10).txt

Scan type: Quick Scan
Objects scanned: 112264
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d360501e-dc73-4de6-a61c-21925aed7835} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9668ada-fc6b-47f4-8381-de861dba5115} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\McAfee\MPS\McPopup.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
And this is a post MBAM DDS report:

DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 22:32:22.39 on Wed 09/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3324.1792 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1 ... Read more

http://www.bleepingcomputer.com/forums/t/261402/probably-infected-with-keylogger/
Relevancy 47.3%

Heres my OTL + extras http://pastebin.com/iYc7tddghttp://pastebin.com/JaLxKepjHijackthis log:http://pastebin.com/PEJDxAm4Look how many svchost.exe errors? Why are they missing? Unknown owner?I have scanned with :SuperAntispyware : got around 4 infections ( deleted )Malwareantibytes : got around 6 infections ( deleted )Kaspersky IS 2012 : got 1 infection ( deleted )Spybot S&D : got 0 infectionsComboFix : got 4 files deletedComboFix log : http://pastebin.com/8fhb80yvAvast mbr:http://pastebin.com/51hVjAxzPlease assist me further! This bastard tried to send my money from AlertPay to his account and he changed all my email passwords.Anyone please ?EDIT: Please be patient. There are over 380 unanswered topics in this forum at present and the current average wait time to receive help is 16 days. ~Budapest

A:Infected with rat/keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/410551/infected-with-ratkeylogger/
Relevancy 47.3%

Hi Everyone One early morning without thinking I accidently clicked on a link in a WoW forum thread It looked legit on first glance but as soon as I clicked the link IE shut down and I heard my computer running something I've tried numerous scanners already Spybot The Cleaner AVG ZA Adaware etc without any luck If you dont mind please take a look at the below log that I ran this morning The only program I had running at the time was WoW because I heard the keyloggers may not run until the wow exe is loaded Thanks---------------------------------------Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes Infected by keylogger? C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Infected by keylogger? Windows Defender MSASCui exeC Program Files Creative Sound Blaster Infected by keylogger? X-Fi Volume Panel VolPanlu exeC Infected by keylogger? Windows System nvraidservice exeC Program Files Dell Support Center bin sprtcmd exeC Windows System CTXFIHLP EXEC Windows system wbem unsecapp exeC Program Files iTunes iTunesHelper exeC Windows System rundll exeC Program Files AVG AVG avgtray exeC Windows System rundll exeC Program Files AIM aim exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Media Player wmpnscfg exeC Program Files Windows Sidebar sidebar exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Windows ehome ehtray exeC Windows ehome ehmsas exeC Windows SYSTEM CTXFISPI EXEC Program Files AIM aolsoftware exeC Windows system wuauclt exeC Program Files Ventrilo Ventrilo exeC World of Warcraft WoW exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by DellR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files Dell BAE BAE dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run ECenter C Dell E-Center EULALauncher exeO - HKLM Run VolPanel quot C Program Files Creative Sound Blaster X-Fi Volume Panel VolPanlu exe quot rO - HKLM Run UpdReg C Windows UpdReg EXEO - HKLM Run NVRaidService C Windows system nvraidservice exeO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallS... Read more

A:Infected by keylogger?

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Run Scan with KasperskyPlease do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.This scan is for Internet Explorer Only.If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.Open the Kaspersky Scanner page.Click on Accept and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.You can refer to this animation by sundavis.This scanner will only scan. It does not remove any malware it finds.Save Uninstall List with HijackThisDouble click the HijackThis icon on your desktop.If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.Click Open the Misc Tools section.Under System tools, select Uninstall Manager....Near the bottom right, click Save list... and save uninstall_list.txt onto your desktop.Close out of HijackThis.Post back with uninstall_list.txt.Post back with:-the Kaspersky log-the uninstall list-a new HijackThis logPlease also tell me of any changes you have made to your computer since your topic was started.If you do not make a reply in 5 days, we will need to close your topic.With Regards,The PandaImportant Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

http://www.bleepingcomputer.com/forums/t/177046/infected-by-keylogger/
Relevancy 47.3%

Hi, today someone told me many passwords that I use currently on the laptop from which I'm posting. I asked that person how does he know them, he told me that he bind a keylogger to an application I installed.

After he told me about that, I ran some scan with ESET antivirus which wasn't much help either because I didn't scan all drives or it simply didn't know of that keylogger. I left ESET activated as an antivirus and asked that person to give me a solution to get rid of its keylogger he offered me a program that contained PSW.Fignotok.H trojan. I didn't download it on my laptop as ESET was preventing me. I ran a scan with ComboFix and I can post the log if required.

Thanks for assistance!

A:Infected with a keylogger

Oki, here we go:DDS log:.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26Run by IO at 7:39:11 on 2011-08-08Microsoft Windows 7 Ultimate 6.1.7600.0.1250.40.1033.18.2009.1196 [GMT 3:00].AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\OO Software\Shared\GatewayAgent\ooemcgats.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\OO Software\Defrag\oodag.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exeC:\Program Files\ZTE Join Air\AssistantServices.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Launch Manager\HotkeyApp.exeC:\Program Files\Winamp\winampa.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exeC:\Program Files\OO Software\Defrag\oodtray.exeC:\Program Files\Launch Manager\WisLMSvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\IO\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\IO\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\IO\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\IO\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Users\IO\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\s... Read more

http://www.bleepingcomputer.com/forums/t/413321/infected-with-a-keylogger/
Relevancy 47.3%

Hello all I'd be grateful for some Infected a keylogger with help with my pc About days ago my World of Warcraft account was hacked and I was informed by the manufacturers Blizzard that it was as a result of being infected by a keylogger I have followed their tech support forums advice on how to clean my pc which involved the following programmes ATF Cleaner A full scan with ad aware A full scan with Spybot S amp D A full scan with MalwareBytes Anti-Malware A full scan with my Antivirus software Nod The guide then suggested using this site to post a hijackthis Infected with a keylogger log Infected with a keylogger I have however followed the topic we are advised to read before posting a log so have completed the DDS and RootRepeal scans and here is the info DDS Ver - - - NTFSx Run by GeneralKelly at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT AV ESET NOD antivirus system On-access scanning enabled Updated E E D - - F - FB -D ACA F C SP Spybot - Search and Destroy disabled Outdated ED FAF- B F- B -ACA - E C DADBE Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Intel IntelDH NMS AdpPlugins DQLWinService exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Kontiki KService exe c Program Files Common Files LightScribe LSSrvc exe C Program Files LogMeIn x RaMaint exe C Program Files LogMeIn x LogMeIn exe C Program Files LogMeIn x LMIGuardian exe C Windows system taskeng exe C Program Files Eset nod krn exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system WUDFHost exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows system wbem unsecapp exe C Windows System mobsync exe C Windows system wbem wmiprvse exe C Program Files Windows Defender MSASCui exe C hp support hpsysdrv exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C WINDOWS RtHDVCpl exe C Program Files ESET nod kui exe C WINDOWS WindowsMobile wmdSync exe C Program Files Java jre bin jusched exe C WINDOWS ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Windows system svchost exe -k WindowsMobile C Windows ehome ehmsas exe C WINDOWS System rundll exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C Program Files Lavasoft Ad-Aware AAWTray exe C Windows system taskeng exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system taskeng exe C Users GeneralKelly Downloads Security Software dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www bbc co uk news mStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN GB amp c amp bd Pavilion amp pf desktop mDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN GB amp c amp bd Pavilion amp pf desktop uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Adobe PDF Link He... Read more

A:Infected with a keylogger

Is there anyone who can help with this please?Hello generalkelly,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

http://www.bleepingcomputer.com/forums/t/268245/infected-with-a-keylogger/
Relevancy 47.3%

Help My screen is all black and various with Keylogger Infected browser windows open with adds for spyware malware removers I can't open Task manager which warns me that it has been disabled by the Administrator I can't log on as Infected with Keylogger Administrator I have never done this before so I don't have a password The trojan Infected with Keylogger keeps opening several instances of Internet Explorer and Firefox and also the quot My Documents quot folder My anti-spyware anti-virus Zone Alarm will not open all the way and the last scans I was able to run found no infection Ad-Aware keeps finding and deleting malware but it seems to have no effect I enabled my wife's Mac to receive my e-mail because I am afraid to leave this machine online I forgot to add the DDS text file here it isDDS Ver - - - NTFSx Run by Owner at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV ZoneAlarm Security Suite Antivirus On-access scanning enabled Updated FW ZoneAlarm Security Suite Firewall disabled Running Processes C WINDOWSsystem svchost -k DcomLaunchsvchost exeC WINDOWSSystem svchost exe -k netsvcssvchost exesvchost exeC Program FilesLavasoftAd-AwareAAWService exeC WINDOWSsystem userinit exeC WINDOWSsystem spoolsv exeC WINDOWSExplorer EXEC WINDOWSeHomeehRecvr exeC WINDOWSeHomeehSched exesvchost exeC Program FilesJavajre binjqs exeC Program FilesMediafourMacDrive MacDriveService exeC Program FilesCommon FilesMicrosoft SharedVS DEBUGMDM EXEC WINDOWSsystem MrobeService exeC Program FilesNeroNero Nero BackItUpNBService exeC Program FilesCommon FilesNew BoundaryPrismXLPRISMXL SYSC WINDOWSsystem PSIService exeC WINDOWSsystem svchost exe -k imgsvcC WINDOWSsystem Tablet exeC WINDOWSsystem WTabletTabUserW exeC WINDOWSsystem Tablet exeC Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier exeC Program Filesdvd dvd tray exeC WINDOWSsystem dllhost exeC Program FilesCommon FilesRealUpdate OBrealsched exesvchost exeC Program FilesLavasoftAd-AwareAAWTray exeC WINDOWSsystem ctfmon exeC Program FilesMediafourMacDrive MacDrive exeC WINDOWSSystem svchost exeC WINDOWSSystem svchost exeC WINDOWSSystem svchost exeC WINDOWSsystem rundll exeC WINDOWSSystem reader s exeC Program FilesOperaOpera exeC WINDOWSSystem spoolDRIVERSW X E FATI HA EXEC WINDOWSsystem frmwrk exeC WINDOWSsystem ntdll exeC Program FilesInternet Download ManagerIDMan exeC Documents and SettingsOwnerreader s exeC Program FilesInternet Download ManagerIEMonitor exeC Program FilesMaxtorOneTouch Statusmaxmenumgr exeC DOCUME OwnerLOCALS Temp exeC Program FilesStartup Fastersfagent exeC Program FilesInternet ExplorerIEXPLORE EXEC Program FilesMozilla Firefoxfirefox exeC Documents and SettingsOwnerDesktopdds scr Pseudo HJT Report uStart Page hxxp www msn comuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uURLSearchHooks TorrentMan Toolbar c c f -e - d- - f ed c - c program filestorrentmantbTorr dllBHO IDMIEHlprObj Class c - - b-a bf- b c a a - c program filesinternet download managerIDMIECC dllBHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c progra micros office GRA E DLLBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program filesjavajre binssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program filesgooglegoogletoolbar dllBHO Catcher Class adecbed - - -a -e dfba - c program filesmoyeaflv downloaderMoyeaCth dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program filesgooglegoogletoolbarnotifier swg dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program filesjavajre binjp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program filesjavajre libdeployjqsiejqs plugin dllBHO eda b b-a a - - - b bdd f - c windowssystem tegowujo dllTB D A-C B- -B B-B B E D C - No FileTB amp Google c b - - d - b - a cd f - c program filesgooglegoogletoolbar dllTB TorrentMan Toolbar c c f -e - d- - f ed c -... Read more

A:Infected with Keylogger

Hello sparkymike, I am afraid I have some have some bad news for you. Your System is infected with Virut!! Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.More information:http://free.avg.com/66558There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either: Immediately before the encrypted code at the end of the last sectionAt the end of the code section of the infected host in 'slack-space' (assuming there is any)At the original entry point of the host (overwriting the original host code)Miekiemoes, an expert??for malware removal, and an MS-MVP, additionally has a blog post about Virut.I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again. Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

http://www.bleepingcomputer.com/forums/t/213148/infected-with-keylogger/
Relevancy 47.3%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Windows BisonCam BisonHK exeC Windows BisonCam BsMnt exeC Program Files AVG AVG avgtray exeC Windows System rundll exeC Windows System rundll exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files LimeWire LimeWire exeC Program Files Windows Defender MSASCui exeC Program Files Windows Sidebar sidebar exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exeC Program Files Toshiba Bluetooth Toshiba Stack TosA dp exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtHid exeC Windows system wuauclt exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files HP Digital Imaging bin hpqbam exeC Program Files HP Digital Imaging bin hpqgpc exeC Program Files iTunes iTunes exeC Program Files AIM aim exeC Program Files AIM aolsoftware exeC Windows System mobsync exeC Program Files Mozilla Firefox firefox exeC Program Files Ventrilo Ventrilo exeC Program Files AVG AVG avgui exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Trend keylogger Infected possible with Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search Infected with possible keylogger bearshare com R - HKLM Infected with possible keylogger Software Microsoft Internet Explorer Main Default Infected with possible keylogger Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dllO - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AIM Toolbar aoltb dllO - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files HP Digital Imaging Smart Web Printing hpswp BHO dllO - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dllO - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run BisonHK C Windows BisonCam BisonHK exeO - HKLM Run BsMnt C Windows BisonCam BsMnt exeO - HKLM Run BearShare quot C Program Files BearShare BearShare exe quot pauseO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM... Read more

A:Infected with possible keylogger

Hello rve90Welcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

http://www.bleepingcomputer.com/forums/t/180436/infected-with-possible-keylogger/
Relevancy 47.3%

I first noticed this earlier today when i was on steam I i keylogger? a Am with infected was downloading went upstairs and Am i infected with a keylogger? then when i came back it signed me out When i tried to Am i infected with a keylogger? enter my password i was wrong i forget my passwords all the time so i thought this was one of those cases When i opened steam again after changing the password it notified me that steam was signed in three times at a location with a different IP then me That or it said three different attempts occured but i can't exactly remember When i tried to figure out where the IP was it said it was invalid so i assumed it was me Later that day it signed me out again and even though i remember the password it still acted as if it was invalid I decided not to change my password again fearing that it was indeed a keylogger i noticed an email adressed to me from steam stating that someone tried to disable family view Thank god i had it enabled or it would of been able to access my items and possibly my credit info But i am starting to have doubts about if its actually a key logger The reason for this is as follows My original steam password is the same as my emails password I had onyl changed it recently just in case and he most likely say my email I had actually typed in my steam family view passcode after i changed my password the first time Leading me to question why it would even send an email to request it to be disable If my password was in fact changed by this thing then it would of sent an email alerting of it Not to mention you require an email in the first place to change the password and it couldn't of changed my email or i wouldn't of received the other emails and because it had family view I think you get it I had looked up multiple videos to help me identify a keylogger I couldn't find anything I don't know anymore Is there a keylogger or am i just being paranoid Edit I just ran MMB and found there to be or so threats All of which have been deleted Edit My MMB non-malware threats or whatever its called keeps spamming me with something like vc i'll have to check later what its called Edit I had logged onto my steam account again earlier but this time i notified me of numerous other logins A few where from the US so i assume its me but three or so where from the Russian Federation P S just before i had signed onto steam a man asked to be my contact on skype His location was listed as Russia so its possible he found my skype and friended me in an attempt to re-infect my computer with key logging program What is the possibility of that I blocked him immediately

A:Am i infected with a keylogger?

Welcome to BC !
 
I think MMB is MalwareBytes AntiMalware...MBAM. If so, run another scan using it and post the results. Use the canned directions below for recommended
settings and usage.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR  REVIEW.
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the ... Read more

http://www.bleepingcomputer.com/forums/t/593128/am-i-infected-with-a-keylogger/
Relevancy 47.3%

Hello and welcome to keylogger with a Infected Bleeping Computer We apologize Infected with a keylogger for the delay in responding to your request for help Here at Bleeping Computer we get overwhelmed at times and we are trying our best to keep up Please note that your topic was not intentionally overlooked Our mission is to help everyone in need but sometimes it takes just a little longer to get to every request for help No one is ignored here If you have since resolved the original problem you were having we would appreciate you letting us know If not please perform the following steps below so we can have a look at the current condition of your machine If you have not done so include a clear description of the problems you re having along with any steps you may have performed so far Upon completing the steps below another staff member will review your topic an do their best to resolve your issues If you have already Infected with a keylogger posted a DDS log please do so again as your situation may have changed Use the Add Reply and add the new log to this thread Thanks and again sorry for the delay We need to see some information about what is happening in your machine Please perform the following scan Download DDS by sUBs from one of the following links Save it to your desktop DDS scrDDS pifDouble click on the DDS icon allow it to run A small box will open with an explaination about the tool No input is needed the scan is running Notepad will open with the results Follow the instructions that pop up for posting the results Close the program window and delete the program from your desktop Please note You may have to disable any script protection running if the scan fails to run After downloading the tool disconnect from the internet and disable all antivirus protection Run the scan enable your A V and reconnect to the internet Information on A V control HEREWe also need a new log from the GMER anti-rootkit scanner Please first disable any CD emulation programs using the steps Infected with a keylogger found in this topic Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log Instructions on how to properly create a GMER log can be found here How to create a GMER logElle

A:Infected with a keylogger

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Parker Family at 22:17:43.98 on Sat 01/22/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4085.2020 [GMT -6:00]

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\xampplite\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\xampplite\apache\bin\httpd.exe
C:\xampplite\mysql\bin\mysqld.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.... Read more

http://www.bleepingcomputer.com/forums/t/373825/infected-with-a-keylogger/
Relevancy 47.3%

On December someone logged into one of my online game accounts and stole a bunch of things I ran IObit and found removed trojans I also ran Malwarebytes and removed everything keylogger(s) with Infected I found with that I've noticed since the rd that Infected with keylogger(s) my processes in Task Manager seemed really unusual and I tend to watch my processes a lot and I wanted to make sure I got rid of any other major infections that were leftover from the anti-virus programs I'm sure one of the infections I had was a keylogger and that is what I'm most worried about infecting my computer I have not been getting any specific bsod's or errors in general Just looking mostly for possible infections Thanks for your time and help in advance DDS Ver - - - NTFSx Run by Games at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Outdated D DDC A- F- FAE- E -DA C ACF SP Spy Sweeper enabled Updated A C -A E - F -B E -D AB D Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system dllhost exe C Windows system svchost exe -k NetworkService C Program Files IObit IObit Security IS srv exe C Windows system lxczcoms exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system locator exe C Windows System snmptrap exe C Windows system svchost exe -k imgsvc C Windows system SearchIndexer exe C Windows system taskeng exe C Windows system WUDFHost exe C Windows system WUDFHost exe C Windows system taskeng exe C Windows system rundll exe C Windows system Dwm exe C Windows system taskeng exe C Program Files IObit Advanced SystemCare AWC exe C Windows system taskeng exe C Windows Explorer EXE C Windows RtHDVCpl exe C Program Files IObit IObit Security is tray exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Windows System rundll exe C Program Files Logitech GamePanel Software Applets LCDClock exe C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files IObit IObit Security is exe C Program Files Windows Media Player WMPSideShowGadget exe C Program Files Windows Media Player wmplayer exe C Users Games AppData Local Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe C Users Games AppData Local Google Chrome Application chrome exe C Windows System osk exe C Users Games AppData Local Google Chrome Application chrome exe C Users Games AppData Local Google Chrome Application chrome exe C Windows system DllHost exe C Windows system DllHost exe C Windows system DllHost exe C Users Games Desktop dds scr C Windows system conime exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www daemon-search com startpage uInternet Settings ProxyOverride lt local gt BHO MRI DISABLED - No File BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO WormRadar com IESiteBlocker NavFilter ca f - f e- b -a e- e e c c - AVG Safe Search BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO BCA B B- D - E- C -F A AC AF D - No File BHO ca c - b - e-a -a c db f - CBrowserHelperObject Object BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bi... Read more

A:Infected with keylogger(s)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/284061/infected-with-keyloggers/
Relevancy 47.3%

Hi All My laptop is infected with PDM Keylogger and its not going out now Using Kaspersky internet security Pls check the log file below taken from HIJACK TOOLLogfile of with PDM.Keylogger Infected Trend Micro HijackThis v Scan saved at AM on -Mar- Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Analog Devices Core smax pnp exeC Program Files Intel Intel Matrix Storage Manager IAANOTIF EXEC Program Files Synaptics SynTP SynTPEnh exeC Windows System igfxtray exeC Windows System hkcmd exeC Windows system igfxsrvc exeC Windows System igfxpers exeC Program Files ActivIdentity ActivClient acevents exeC Program Files ActivIdentity ActivClient accrdsub exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCtrl exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Infected with PDM.Keylogger Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Hewlett-Packard HP Quick Launch Buttons VolCtrl exeC Program Files Windows Sidebar sidebar exeC Program Files Skype Phone Skype exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Synaptics SynTP SynTPHelper exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Skype Plugin Manager skypePM exeC Program Files Hewlett-Packard Shared hpqToaster exeC Program Files Microsoft Office Office OUTLOOK EXEC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Kaspersky Lab Kaspersky Internet Security klwtblfs exeC Program Files Skype Toolbars Shared SkypeNames exeC Windows system Macromed Flash FlashUtil e exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Internet Security ievkbd dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Infected with PDM.Keylogger SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files Skype Toolbars Internet Explorer skypeieplugin dllO - BHO no name - CC E F - E - FA- FAA- BF - no file O - BHO link filter bho - E CF -D - A- F - F A F - C Program Files Kaspersky Lab Kaspersky Internet Security klwtbbho dllO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run SoundMAX C Program Files Analog Devices SoundMAX soundmax exe trayO - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exeO - HKLM Run SynTPEnh ProgramFiles Synaptics SynTP SynTPEnh exeO - HKLM Run IgfxTray C Windows system igfxtray exeO - HKLM Run HotKeysCmds C Windows system hkcmd exeO - HKLM Run Persistence C Windows system igfxpers exeO - HKLM Run acevents quot C P... Read more

A:Infected with PDM.Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/302390/infected-with-pdmkeylogger/
Relevancy 47.3%

Also is Trojan Agent AFMX clean It's used for a hack tool in a Keylogger Hello, I With To Just If Im A Infected Need Know game that I play and Hello, I Just Need To Know If Im Infected With A Keylogger It's said that some viruses Hello, I Just Need To Know If Im Infected With A Keylogger are required to bypass XTRAP Hello, I Just Need To Know If Im Infected With A Keylogger which is a security tool for a game Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Sygate SPF smc exeC WINDOWS system spoolsv exeC WINDOWS Explorer exeC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files HP HP Software Update HPwuSchd exeC WINDOWS plite exeC Program Files Java jre bin jusched exeC WINDOWS system RUNDLL EXEC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Eset nod krn exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC WINDOWS system wscntfy exeC WINDOWS eHome ehmsas exeC Program Files MSN Messenger usnsvc exec windows system hpsysdrv exeC WINDOWS system PnkBstrA exeC Program Files Ares Ares exeC Program Files Ventrilo Ventrilo exeC Program Files MSN Messenger msnmsgr exeC Program Files MessengerDiscovery MessengerDiscovery Live exeC PROGRA Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE a amp pf desktopF - REG system ini Shell Explorer exeO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - A C D-DFC - A F-B CA- CA F C - no file O - BHO BndDrive BHO Class - FB B -E CB- cd-B D -ED FAE - C Program Files ISM BndDrive dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO HpWebHelper - AAAE A- FFF- - C F- D DCB - C WINDOWS pchealth helpctr Vendors CN Hewlett-Packard L Cupertino S Ca C US plugin WebHelper dllO -... Read more

A:Hello, I Just Need To Know If Im Infected With A Keylogger

Hello and welcome to the forum.

I would like to give you some help, if you are still in need.

It will take a little while to analyze your log and receive approval from the experts for the fix.

Please be patient and do not start any other threads about this same problem.

Thanks for your support.

DR

http://www.bleepingcomputer.com/forums/t/117388/hello-i-just-need-to-know-if-im-infected-with-a-keylogger/
Relevancy 47.3%

my kaspersky says key logger detected running module \Driver\kbdcap. how do i fix this any help would be useful

A:Plz Help Infected With Keylogger

you seem to have an active HJT log on here http://www.bleepingcomputer.com/forums/t/145139/plz-help-infected-with-keylogger-help-plz/so any instructions will need to be on THAT thread inside the HJT forum section and not here

http://www.bleepingcomputer.com/forums/t/145142/plz-help-infected-with-keylogger/
Relevancy 47.3%

Hi One of my frnd uses SC-Keylogger for Sc-keylogger With Infected hacking purposes and i think he has infected me too But I am not experiencing any problem like slowing down my computer or anythng like dat As I read in the search results of google after doing the google search Infected With Sc-keylogger it says it run in the background undetected and it doesnt even show up in the task manager process list and not even in the startup its completely hidden program Is there anyway to remove this infection of SC-Keylogger manually or by using of any cleaning software WITHOUT FORMATTING my system Becoz as everyone knows formatting the system and then re-installing all those needed softwares is completely a huge headache and takes a lot of time and i have to then make back-up of everythng ensuring nothing is lost or forgotten I dont have that patience So plz help me in searching and removing Infected With Sc-keylogger this SC-Keylogger if i am infected with it Thnx

A:Infected With Sc-keylogger

i think he has infected me too. But, I am not experiencing any problemIf your not having any problems, what makes you think he installed a keylogger?

http://www.bleepingcomputer.com/forums/t/123317/infected-with-sc-keylogger/
Relevancy 47.3%

After using my credit card to buy clothes I found out my credit card was used for something on autotrade com I never ordered anything from that site and I m certain my computer is infected with some type of keylogger Please help Here is the HiJackThis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC Program Files Intel Intel Matrix Storage Manager iaanotif exeC WINDOWS system igfxtray exeC infected got Think a keylogger with I WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC Program Files Think I got infected with a keylogger Google Google Desktop Search GoogleDesktop exeC WINDOWS system igfxsrvc exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Java jre bin jusched exeC PROGRA ALWILS Avast ashDisp exeC Program Files Microsoft Office Office GrooveMonitor exeC WINDOWS WebCam M M Mnt exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Intel Intel Matrix Storage Manager IAANTMon exeC Program Files Java jre bin jqs exeC WINDOWS system svchost exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files iPod bin iPodService exeC Program Files AIM aim exeC Program Files Mozilla Firefox firefox exeC Program Files Alwil Software Avast ashSimpl exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage gateway com rdr aspx b ACG wu a n t R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage gateway com rdr aspx b ACG wu a n t R - HKLM Software Microsoft Internet Explorer Main Default Page URL http homepage gateway com rdr aspx b ACG wu a n t R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage gateway com rdr aspx b ACG wu a n t R - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot mailurl mailto info magnums netR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run M Mnt Rundll exe M Rmv dll WinMainRmv StartStillMntO - HKLM Run Camera Assistant Software quot C Program Files Video Web Camera traybar exe quot O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - H... Read more

A:Think I got infected with a keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/303045/think-i-got-infected-with-a-keylogger/
Relevancy 47.3%

Iam infected with a keylogger.

I didnt have my antivirus installed because it was having some problems.

And Somehow I got infected with a keylogger. This guy is really annoying me, he is taking over all my email accounts and I dont know if I can get them back

He is just tookover the new account I made a few hours ago.

I reinstalled Kaspersky and its warning me of a keylogger action...

keybmon.sys

I did a google search and it does look like a hack but all the sites are in russian.

I cant find any removal info.

I have yet to scan with kaspersky but iam gonna min a min after i run a Spybot search and deystroy scan. I already ran an Adaware scan but that didnt get it.

Does anyone have info on this keylogger ? I wanna get this jerk off my PC ASAP

A:Iam Infected With A Keylogger

What OS (Win XP/2000, etc) are you using? Try doing your Kaspersky and other anti-malware scans in "SAFE MODE". If your running Win XP/2000, download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out the AVG Anti-Spyware Install-Scan Instructions and read the User Manual. Keyloggers and backdoor Trojans can be dangerours. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. You should consider them to be compromised. I suggest you change them by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.

http://www.bleepingcomputer.com/forums/t/74234/iam-infected-with-a-keylogger/
Relevancy 47.3%

I have been having issues with having my world of warcraft account being hacked into i have run malwarebytes and found a few trojens and other such programs and infected with keylogger they were removed i have also run bitdefender com scan and it also found several items and delected them only problem is that they are coming back please help have been infected with keylogger hacked times already into my world of warcraft account thank you hope to hear from you soon DDS Ver - - - NTFSx Run by David Gevorkian at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C WINDOWS Explorer EXE c PROGRA mcafee com agent mcagent exe C WINDOWS system VTTimer exe C Program Files Windows Defender MSASCui exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS RTHDCPL EXE C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files iPod bin iPodService exe C Documents and Settings David Gevorkian Local Settings Application Data Google Update GoogleUpdate exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Hewlett-Packard Digital Imaging bin hpohmr exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Logitech SetPoint SetPoint exe C WINDOWS system OSK exe C WINDOWS system MSSWCHX EXE C Program Files Common Files Logishrd KHAL KHALMNPR EXE C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee VIRUSS mcshield exe C Program Files iTunes iTunes exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C Program Files Common Files Apple Mobile Device Support bin distnoted exe C Program Files Ventrilo Ventrilo exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Internet Explorer iexplore exe C WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exe C Program Files MSN Messenger msnmsgr exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Apple Mobile Device Support bin SyncServer exe C Program Files Common Files Apple Mobile Device Support bin MDCrashReportTool exe C Documents and Settings David Gevorkian Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo com fr fp-yie uSearch Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uWindow Title Windows Internet Explorer provided by Yahoo uDefault Page URL hxxp www yahoo com fr fp-yie uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion ins... Read more

A:infected with keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/235237/infected-with-keylogger/
Relevancy 47.3%

Hello, I have this suspicious process running called WDC.exe, I have no idea where it came from. When I try to end the process it brings up an Access denied message, ran MW Bytes, found nothing. I searched for the file it was located in, found nothing. It won't even let me view the properties of it. I have no clue where to start fixing this from, I really need some advice. Please help?

archives on this site identify it as a component of SpyWare Watchdog. It's a keylogger which basically tracks every aspect of your computer, anyone know about this?

Thanks,
chight10.

http://www.bleepingcomputer.com/forums/t/365239/i-think-i-may-be-infected-with-a-keylogger/
Relevancy 47.3%

My EA Account was hacked and even after changing my password they still managed to change a with Infected Am Maybe KeyLogger I my email address to this below They have even deleted my EA Account that I had since This is part of the email I received from EA Customer service I have checked your bfbc key code in our database and found that it is registered on email id quot lolitsaspamaccount googlemail com quot We request you to please confirm first if the registered id is yours then please try to login it Please help me I Maybe Am Infected with a KeyLogger I am concerned if I Maybe Am Infected with a KeyLogger I enter the new Serial Key from EA Support this is going to be hijacked as well Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP v WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Fraps fraps exeC Program Files x Common Files Acronis Schedule schedhlp exeC App RocketDock exeC Program Files x HP Digital Imaging bin hpqtra exeC Users Towle AppData Roaming Dropbox bin Dropbox exeC Program Files x Acronis TrueImageHome TrueImageMonitor exeC Program Files x Malwarebytes Anti-Malware mbamgui exeC Program Files x NetWorx networx exeC Windows SysWOW CTXFISPI EXEC Program Files x APC APC PowerChute Personal Edition apcsystray exeC Windows SysWOW Ctxfihlp exeF Everest everest exeC Program Files x Windows Media Player wmplayer exeC Program Files x HP Digital Imaging bin hpqSTE exeC Program Files x HP Digital Imaging bin hpqbam exeC Program Files x HP Digital Imaging bin hpqgpc exeC Program Files x uTorrent uTorrent exeC Program Files x Adobe Acrobat Acrobat AcroTray exeC Program Files x PC Connectivity Solution Transports NclMSBTSrvEx exeC Program Files x doubleTwist doubleTwist DeviceHelper exeC Program Files x Malwarebytes Anti-Malware mbam exeC Program Files x Windows Live Mail wlmail exeC Program Files x Windows Live Contacts wlcomm exeC Program Files x Sophos Sophos Anti-Rootkit sargui exeC Users Towle Desktop opvuqev exeC Program Files x RivaTuner v MSI Master Overclocking Arena edition RivaTuner exeC Program Files x Pale Moon project palemoon exeC Program Files x HP Digital Imaging smart web printing hpswp clipbook exeC Users Towle AppData Local Google Google Talk Plugin googletalkplugin exeC Program Files x Trend Micro HijackThis HiJackThis exeC Users Towle AppData Local Temp nxrzwh exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www skip-search com cfg - - -hnrfR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dllO - BHO HP Print Enhancer - C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files x Real RealPlayer rpbrowserrecordplugin dllO - BHO dTPodcastBHO - FDF-F A - B D- D -CDF CFD - C Program Files x Common Files doubleTwist IEPodcastPlugin dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GROOVEEX DLLO - BHO Windows Live Sign-in Helper ... Read more

A:I Maybe Am Infected with a KeyLogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/327661/i-maybe-am-infected-with-a-keylogger/
Relevancy 47.3%

my anti-virus program has detected a key logger but it Help Plz Infected Help Plz With Keylogger wont let me remove it i terminated the process but every time i log on its back Plz Help Infected With Keylogger Help Plz i use Kaspersky here are my HJT log files plz help meLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Kaspersky Lab Plz Help Infected With Keylogger Help Plz Kaspersky Anti-Virus avp exeC WINDOWS system cisvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system HPZipm exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exec WINDOWS system ZuneBusEnum exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS system cidaemon exeC WINDOWS Explorer EXEC Program Files Analog Devices SoundMAX SMax PNP exeC Program Files Analog Devices SoundMAX Smax exeC WINDOWS System igfxtray exeC WINDOWS System hkcmd exeC Program Files Java jre bin jusched exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Zune ZuneLauncher exeC Program Files iTunes iTunesHelper exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC windows system schedullingagent exeC WINDOWS system ctfmon exeC Program Files Common Files InstallShield UpdateService isuspm exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files HP Digital Imaging bin hpqimzone exeC Program Files iPod bin iPodService exeC Program Files iTunes iTunes exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files Mozilla Firefox firefox exeC hjt HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook no name - EA - - DB- F -D CA FB C D - no file O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO IEHlprObj Class - CA ED -F FB- -A - E - C PROGRA IWINGA IWINGA DLL file missing O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS System IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS System IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run SoundMAXPnP C Program Files Analog Devices SoundMAX SMax PNP exeO - HKLM Run SoundMAX quot C Program Files Analog Devices SoundMAX Smax exe quot trayO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE isuspm exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe... Read more

A:Plz Help Infected With Keylogger Help Plz

help anyone plz

http://www.bleepingcomputer.com/forums/t/145139/plz-help-infected-with-keylogger-help-plz/
Relevancy 46.87%

Hello about weeks ago I got my WoW account and hotmail account hacked for the first time I ran a norton scan and Avast I think it was and they found nothing besides a tracking cookie One week later plus minus day I got hacked again and since that day I haven t logged on to that trojan Infected by a or keylogger computer I think I Infected by a keylogger or trojan do know the source from where I could have gotten it I got a mail one day saying that may account was involved in trading selling business and that I should follow that link and guess what I did I ve read about those e-mails a thousand of times and still I followed it I m pretty sure there should Infected by a keylogger or trojan be a some kind of keylogger or trojan within my computer but I do not know how to find it so I searched the web and found quot Hijackthis quot and after a guide I was redirected here to post a log I would like to have some help checking my log if there s something wrong with it I m new here and hope this is the way to go

A:Infected by a keylogger or trojan

Hello,before we move you to the HJT area let's run these.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts... Read more

http://www.bleepingcomputer.com/forums/t/310450/infected-by-a-keylogger-or-trojan/
Relevancy 46.87%

While Keylogger Infected Possibly with browsing the Forums for World of Warcraft I clicked on a link unintentionally The URL was http www sin a com goto php d amp urlname S I have ample reason to believe this is a link to a keylogger Fortunately I was using Firefox so I believe the keylogger may not have infected me but I wish to be certain Active Scan log from Panda and HijackThis Log below ---------------------------------------------------------------- Active Scan Log ---------------- Incident Status Location Spyware Cookie Com com Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt com com Spyware Cookie Atlas DMT Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt atdmt com Spyware Cookie Xiti Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt xiti com Spyware Cookie Overture Not disinfected Possibly Infected with Keylogger C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt overture com Spyware Cookie Go Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt go com Spyware Cookie myaffiliateprogram Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt www myaffiliateprogram com Spyware Cookie Weborama Not disinfected C Documents and Settings FWF User Application Data Mozilla Firefox Profiles im elsut default cookies txt weborama fr Spyware Cookie Advertising Not disinfected C Documents and Settings FWF User Cookies fwf user advertising txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings FWF User Cookies fwf user atdmt txt Spyware Cookie Doubleclick Not disinfected C Documents and Settings FWF User Cookies fwf user doubleclick txt Spyware Cookie Tribalfusion Not disinfected C Documents and Settings FWF User Cookies fwf user tribalfusion txt Virus Trj Agent DPE Disinfected C setup files Security actualkeylogger exe Potentially unwanted tool Application Pskill K Not disinfected C setup files Utilities TBird Cleanup zip TBird Cleanup pskill exe ---------------------------------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Broadcom ASFIPMon AsfIpMon exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Cisco Systems VPN Client cvpnd exe C WINDOWS system inetsrv inetinfo exe C Program Files MySQL MySQL Server bin mysqld-nt exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C WINDOWS system StacSV exe C WINDOWS system dllhost exe C Program Files UltraVNC WinVNC exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe C WINDOWS system rundll exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files Apoint ApMsgFwd exe C Program Files Dell QuickSet quickset exe C WINDOWS stsystra exe C Program Files Apoint Apntex exe C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe C Program Files Apoint HidFind exe C Program Files Wave Systems Corp SecureUpgrade exe C WINDOWS system WLTRAY exe C WINDOWS system KADxMain exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Google Google Desktop Search GoogleDesktop exe C PROGRA Grisoft AVG avgcc exe C Program Files Adobe Reader Reader Reader sl exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOW... Read more

Relevancy 46.87%

I seem to be infected with some sort of keylogger Had an account compromised about three months ago and thought I fixed the Persistent with Infected Keylogger problem after downloading MBAM HJT Spybot AVG and others but it was compromised again recently so it seems it slipped under their radars After the second compromise I updated AVG to AVG which told me Infected with Persistent Keylogger I had PWS Agent AEJH and promptly cleaned it However I m still worried that it might be hanging around Any help would be great thanks in advance DDS Ver - - - NTFSx Run by g at Infected with Persistent Keylogger on MonInternet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exed Program Files Alwil Software Avast aswUpdSv exeC WINDOWS system Ati evxx exed Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS stsystra Infected with Persistent Keylogger exeC Program Files Winamp winampa exeD Program Files iTunes iTunesHelper exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files Java jre bin jusched exeD PROGRA ALWILS Avast ashDisp exeD program files steam steam exeD Program Files DAEMON Tools Lite daemon exeD Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system dlcfcoms exeC Program Files Java jre bin jqs exeC WINDOWS system PnkBstrA exe quot C WINDOWS system svchost exe quot C Program Files iPod bin iPodService exed Program Files Alwil Software Avast ashMaiSv exed Program Files Alwil Software Avast ashWebSv exeD Program Files Mozilla Firefox firefox exeC WINDOWS system wuauclt exeC WINDOWS system wuauclt exeC Documents and Settings g Desktop dds scrC WINDOWS system conime exe Pseudo HJT Report uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride localBHO Spybot-S amp D IE Protection - f - d - - d f - d progra spybot SDHelper dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dlluRun Steam quot d program files steam steam exe quot -silentuRun DAEMON Tools Lite quot d program files daemon tools lite daemon exe quot -autorunuRun SpybotSD TeaTimer d program files spybot - search amp destroy TeaTimer exeuRun Aim quot c program files aim aim exe quot d locale en-USuRun ctfmon exe c windows system ctfmon exemRun IMJPMIG quot c windows ime imjp IMJPMIG EXE quot Spoil RemAdvDef Migration mRun PHIME ASync c windows system ime tintlgnt TINTSETP EXE SYNCmRun PHIME A c windows system ime tintlgnt TINTSETP EXE IMENamemRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun SigmatelSysTrayApp stsystra exemRun WinampAgent quot c program files winamp winampa exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun iTunesHelper quot d program files itunes iTunesHelper exe quot mRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRunmRun DLCFCATS rundll c windows system spool drivers w x DLCFtime dll RunDLLEntry mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun avast d progra alwils avast ashDisp exeIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE DFB A - F - C -A - CAB FD A - - F - D - - D F - d progra spybot SDHe... Read more

A:Infected with Persistent Keylogger

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do no... Read more

http://www.bleepingcomputer.com/forums/t/286056/infected-with-persistent-keylogger/
Relevancy 46.87%

Hi everyone first time user here So yesterday I got an email from paypal saying that they've restriced access on my account because they think something was happening Sure enough when I checked my account history I had a transaction go through that I did NOT do I phone paypal and they said that it was probably a keylogger -- they were really nice and said they would refund my money phew Anyways I changed all my passwords to important sites through a safe computer somewhere else and now am ready to scour my system Keylogger Horrible Infected I ran Spybot Adaware AVG Malwarebytes Spyware Doctor and Avast and found a few things to delete Problem is only Spybot and Spyware Doctor finished their scans -- the others all stalled and froze up after a certain point S I let them run all day not at the same time of course and still no luck I'm on Vista Ultimate running ZoneAlarm as a firewall I used to have utorrent but uninstalled it yesterday vowing NEVER to download anything again I just ran DDS but I think something messed up because the black box gave me some quot can't read quot errors before the Infected Horrible Keylogger txt stuff popped up Please tell me if I still have this horrible bug and if so how to sqash it Thanks a million DDS Ver - - - NTFSx Run by Devon at on Internet Explorer Pseudo HJT Report uStart Page hxxp www google ca uWindow Title Internet Explorer provided by Dell uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO E D - A- EC-A -BA D E E - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dll BHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c program files bae BAE dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB Veoh Browser Plug-in d - - -a b -aefaf ab - c program files veoh networks veoh plugins reg VeohToolbar dll uRun ehTray exe c windows ehome ehTray exe uRun MsnMsgr quot c program files windows live messenger MsnMsgr Exe quot background uRun WMPNSCFG c program files windows media player WMPNSCFG exe uRun Update Service quot c program files common files teknum systems update exe quot startup uRun lt NO NAME gt mRun Apoint c program files apoint Apoint exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun WavXMgr c program files wave systems corp services manager docmgr bin WavXDocMgr exe mRun SecureUpgrade c program files wave systems corp SecureUpgrade exe mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun ECenter c dell e-center EULALauncher exe mRun Google Desktop Search quot c program files google google desktop search GoogleDesktop exe quot startup mRun Windows Defender ProgramFiles Windows Defender MSASCui exe -hide mRun FaxCenterServer quot c program files lexmark fax solutions fm exe quot s mRun lxdimon exe quot c program files lexmark - series lxdimon exe quot mRun lxdiamon quot c program files lexmark - series lxdiamon exe quot mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun UVS Preload c program files ulead systems ulead videostudio se uvPL exe mRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exe mRun SigmatelSysTrayApp sttray exe mRun NvSvc RUNDLL EXE... Read more

A:Infected Horrible Keylogger

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/202383/infected-horrible-keylogger/
Relevancy 46.87%

Hello,
I keep getting hacked i am pretty sure i have a keylogger running on my system but cannot find a way to get rid of the problem, please help
Regards,

A:Computer is infected with keylogger

Hello.. Did you scan with your Antivirus?How are you hacked?Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware

http://www.bleepingcomputer.com/forums/t/413588/computer-is-infected-with-keylogger/
Relevancy 46.87%

I have fond that my comuter is infected bye some sort off keylogger sins my WOW accont has been tamperd whit I am unable to run Rootrepel program sins the program won t start the computer will come to an stand still DDS Ver - - - NTFSx Run by Jonathan at on - - Internet Explorer Microsoft Windows XP Professional GMT AV Spyware Doctor with AntiVirus On-access scanning disabled Updated D C B -C DC- F- EF - AF A EFF AV Norton Internet Security On-access scanning enabled Updated E A - - -B - C C F FW NVIDIA Firewall disabled EDC - D - c -A A-EC whit Infected a keylogger D F D FW Norton Internet Security enabled C A C -F F- AC -B -A E C F Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exesvchost exeD Program Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Delade filer Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Symantec Infected whit a keylogger LiveUpdate AluSchedulerSvc exeC Program Bonjour mDNSResponder exesvchost exeC Program NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exeC Program Canon IJPLM IJPLMSVC EXEC Program Java jre bin jqs exeC Program Delade filer Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC Program NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exeC Program Delade filer Microsoft Shared VS DEBUG MDM EXEC Program Nero Nero Nero BackItUp NBService exeC Program Norton Internet Security Norton Internet Security Engine ccSvcHst exeC Program NVIDIA Corporation NetworkAccessManager bin nSvcIp exeC Program NVIDIA Corporation NetworkAccessManager bin nSvcLog exeC WINDOWS system nvsvc exeC Program Sony Ericsson Sony Ericsson PC Suite SupServ exeC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC Program Spyware Doctor pctsAuxs exeC Program Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system SearchIndexer exeC Program NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exeC Program Norton Internet Security Norton Internet Security Engine ccSvcHst exeC WINDOWS Explorer EXEC WINDOWS system rundll exeC Program Java jre bin jusched exeC WINDOWS system wuauclt exeC Program ScanSoft OmniPageSE OpwareSE exeC Program Delade filer Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC WINDOWS system RUNDLL EXEC Program NVIDIA Corporation NetworkAccessManager bin nTrayFw exeC Program Lavasoft Ad-Aware AAWTray exeC WINDOWS SOUNDMAN EXEC WINDOWS system ctfmon exeC WINDOWS system rundll exeC Program Windows Live Messenger msnmsgr exeC Program IObit Advanced SystemCare AWC exeC Program Skype Phone Skype exeC Program Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Program Logitech SetPoint SetPoint exeC Program Personal bin Personal exeC Program Delade filer Logitech KHAL KHALMNPR EXEC WINDOWS system wbem wmiapsrv exeC Program Skype Plugin Manager skypePM exeC Documents and Settings Jonathan Application Data U B EBF LaunchPad exeM Documents Downloads dds scr Pseudo HJT Report uSearch Page hxxp g msn se SESVSE SAOS FORM TOOLBRuSearchURL Default hxxp g msn se SESVSE SAOS FORM TOOLBRmSearchAssistant BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program delade filer adobe acrobat activex AcroIEHelperShim dllBHO AskBar BHO f d - - d - c -aa e ed - c program askbardis bar bin askBar dllBHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program norton internet security norton internet security engine coIEPlg dll a ebf- a d-ef - - fd BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program norton internet security norton internet security engine IPSBHO DLLBHO Search Helper ebf - f- bff-a f-b e aac b - c program microsoft search enhancement pack search helper SEPsearchhelperie dllBHO eeb - d - f c- a -b fc a ca a - DrFlex IE HelperBHO Windows Live inloggningshj lpen d - c - abf- ecc- c - c p... Read more

A:Infected whit a keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/286069/infected-whit-a-keylogger/
Relevancy 46.87%

Despite having Norton installed and having allegedly caught and cleaned a trojan from persistent Keylogger..? with Infected my Vista system I have still experienced e-mail hackery which I can only attribute to my password being stolen I have taken steps to avoid password theft again hopefully but I d breathe much easier if I knew any trace of malware was gone Please help I have been stuck with this problem for weeks Thanks in advance KCDDS txt DDS Ver - - - NTFSX Run by Kevin at on Thu Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated FOOTER Change skin language mark as read etc Running Processes C Windows system Infected with persistent Keylogger..? wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Program Files Dell DellDock DockLogin exeC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Realtek Audio HDA AERTSr exeC Program Files x Common Files Dell MySQL bin mysqld exec Program Files x Common Files Dell Advanced Networking Service hnm svc exeC Windows system Ati evxx exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Program Files x Norton Internet Security Engine ccSvcHst exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files Windows Defender MSASCui exeC Program Files x Common Files Dell apache bin httpd exeC Program Files x Common Files Dell Remote Access File Sync Service dsl fs sync exeC Program Files x Common Files Dell apache bin httpd exeC Program Files Realtek Audio HDA RAVCpl exeC Windows System rundll exeC Program Files x Norton Internet Security Engine ccSvcHst exeC Program Files Dell DellDock DellDock exeC Program Files x Java jre bin jusched exeC Windows SysWOW DllHost exeC Program Files x Dell DataSafe Online DataSafeOnline exeC Program Files x ATI Technologies ATI ACE Core-Static MOM exeC Program Files CyberLink PowerDVD DX PDVDDXSrv exeC Program Files x ATI Technologies ATI ACE Core-Static CCC exeC Program Files x Dell Support Center bin sprtsvc exeC Program Files x Trend Micro HijackThis HijackThis exeC Program Files x Mozilla Firefox firefox exeC Windows system wbem wmiprvse exeC Windows system DllHost exeC Windows system DllHost exeC Users Kevin Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com mLocal Page c windows syswow blank htmmWinlogon Userinit userinit exeBHO Adobe PDF Link Helper FOOTER Change skin language mark as read etc - c program files x common files adobe acrobat activex AcroIEHelperShim dllBHO FOOTER Change skin language mark as read etc - No FileBHO Symantec NCO BHO FOOTER Change skin language mark as read etc - c program files x norton internet security engine coIEPlg dllBHO Symantec Intrusion Prevention FOOTER Change skin language mark as read etc - c program files x norton internet security engine IPSBHO DLLBHO Search Helper FOOTER Change skin language mark as read etc - c program files x microsoft search enhancement pack search helper SearchHelper dllBHO Windows Live Sign-in Helper FOOTER Change skin language mark as read etc - c program files x common files microsoft shared windows live WindowsLiveLogin dllBHO Java Plug-In SSV Helper Copyright Information - c program files x java jre bin jp ssv dllBHO Windows Live Toolbar Helper Copyright Information - c program fil... Read more

A:Infected with persistent Keylogger..?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/291454/infected-with-persistent-keylogger/
Relevancy 46.87%

Hi Since last year someone has been trying to access my computer files and email When I was out on vacation I had to give my password to a co-worker and ever since then even though I ve changed keylogger Suspect a infected with my password a few times no one ever tries to hack into it anymore Yet this coworker seems to get the jump on my Suspect infected with a keylogger work I suspect some kind of spyware but don t know how to find it I ve been following the preparation guide and have some trouble with the GMER window I ve unchecked the boxes as directed however Suspect infected with a keylogger the example on your site has many boxes checked which my computer would not allow me to check They are System Sections Devices Modules Processes Threads and Libraries The only boxes my computer would allow me to have checks in are Services Registry Files quot C quot and ADS I ran a scan and saved it as directed Would the scan be accurate if the boxes you show should be quot checked quot are not checked Thank you so much for this site I m not very knowledgeable about computers and appreciate the help very much Sincerely Jeanne DDS Ver - - - NTFS AMD Internet Explorer Run by Marketing at on - - Microsoft Windows Professional GMT - AV Norton Internet Security Enabled Updated DF - - D- - DC EFD BF SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Norton Internet Security Enabled Updated D BEB -B A- E - B -B B FW Norton Internet Security Enabled BE D -DB F- - AD - F E C FC Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files Realtek Audio HDA AERTSr exe C Program Files x Bonjour mDNSResponder exe C Program Files Carbonite Carbonite Backup carboniteservice exe C Program Files x Cobian Backup cbVSCService exe C Windows system taskhost exe C Program Files x Cobian Backup cbService exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Norton Internet Security Engine ccSvcHst exe C Windows system svchost exe -k imgsvc C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Norton Internet Security Engine ccSvcHst exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Realtek Audio HDA RAVCpl exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x Roxio OEM Roxio Burn RoxioBurnLauncher exe C Program Files x Cobian Backup cbInterface exe C Program Files x Carbonite Carbonite Backup CarboniteUI exe C Program Files x Common Files Java Java Update jusched exe C Windows system SearchIndexer exe C Users Marketing AppData Roaming Dropbox bin Dropbox exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe C Windows System svchost exe -k secsvcs C Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXE C Windows system svchost exe -k SDRSVC C Program Files x LogMeIn x LMIGuardianSvc exe C Program Files x LogMeIn x LogMeIn exe C Program Files x LogMeIn x RaMaint exe C Program Files x LogMeIn x LogMeInSystray exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Program Files x Microsoft Office Office OUTLOOK EXE C Program Files x Common Files Microsoft Shared Source Engine OSE EXE C Program Files x Internet Explorer iexplore exe ... Read more

A:Suspect infected with a keylogger

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please post the logs for my review.

http://www.bleepingcomputer.com/forums/t/474294/suspect-infected-with-a-keylogger/
Relevancy 46.87%

Hello My bank has informed me that I have infected zeus with keylogger a virus called zeus keylogger I went to log in to my account online and was directed to enter pin number and other personal info Also the night before this I had a blue screen I was able to shut the computer down and it started infected with zeus keylogger up ok I have pasted the dds txt info below and attached the attach txt as well as the ark txt infected with zeus keylogger Please help DDS Ver - - - NTFSx Run by RandyP at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast Antivirus On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast AvastSvc exeC PROGRA ALWILS Avast avastUI exeC Program Files TechSmith Jing Jing exeC WINDOWS system ctfmon exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Cobian Backup cbVSCService exeC WINDOWS system dlcxcoms exeC WINDOWS system svchost exe -k hpdevmgmtC Program Files Java jre bin jqs exeC Program Files Common Files Motive McciCMService exeC Program Files Micro Niche Finder srvany exeC WINDOWS System svchost exe -k HPZ C Program Files Micro Niche Finder bggoogle exeC WINDOWS System svchost exe -k HPZ C WINDOWS system svchost exe -k imgsvcC WINDOWS System svchost exe -k HTTPFilterC Program Files Mozilla Firefox firefox exeC Documents and Settings RandyP Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo com uDefault Search URL hxxp www google com ieuInternet Connection Wizard ShellNext hxxp osalerts zonelabs com osanalyze jsp Product ZoneAlarm Security Suite amp ProductVersion amp HU ZLN - amp CL en amp LICFLAG amp OEM amp SKU amp Mode amp Product ZoneAlarm Security Suite amp DTST amp QSRC amp PU amp OS Windows XP- -Service Pack -SP amp LANG amp PN Internet Connection Wizard amp VER xpsp sp rtm - amp FN icwconn exe amp Created c amp Size amp MD a b b cfbc ec amp SKIMP dadb e f a d b amp CT amp EV amp SUB amp SEV amp ARG C A CWINDOWS Csystem Crundll exeuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q sBHO D -C F - efb- B - ECA - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB A A -BACC- D - - A E E - No FileuRun swg quot c program files google googletoolbarnotifier GoogleToolbarNotifier exe quot uRun Jing c program files techsmith jing Jing exeuRun ctfmon exe c windows system ctfmon exemRun SiSPower Rundll exe SiSPower dll ModeAgentmRun avast c progra alwils avast avastUI exe noguidRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exeIE E amp xport to Microsoft Excel - c progra mi office EXCEL EXE IE Google Sidewiki - c program files google google toolbar component GoogleToolbarDynamic mui en D E dll cmsidewiki htmlIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra mi office REFIEBAR DLLDPF - - - - AA B - hxxp download microsoft com download A A F B - F C- D -A -E CAB EB F wmvadvd cabDPF ECB AA- - C-A AB-D DAD EE - hxxp h www hp com ediags gmn install HPProductDetection cabDPF DD E - FA - D -AFB - B F - hxxp www swiftview com product public svinstall green exeDPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF E - F ... Read more

A:infected with zeus keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/300829/infected-with-zeus-keylogger/
Relevancy 46.87%

Here's my HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Infected keylogger Possibly with a Platform Windows Vista SP WinNT Possibly Infected with a keylogger MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files Possibly Infected with a keylogger Windows Defender MSASCui exeC Program Files DellTPad Apoint exeC Windows OEM Mon exeC Program Files Sigmatel C-Major Audio WDM sttray exeC Windows System rundll exeC Windows System rundll exeC Windows System rundll exeC Program Files Dell Dell Webcam Manager DellWMgr exeC Windows System WLTRAY EXEC Program Files Dell MediaDirect PCMService exeC Program Files Digital Line Detect DLG exeC Program Files Dell QuickSet quickset exeC Program Files DellTPad ApMsgFwd exeC Program Files DellTPad Apntex exeC Program Files DellTPad HidFind exeC Windows system wbem unsecapp exeC Program Files Xfire xfire exeC Program Files Trillian trillian exeC Program Files AVG AVG avgtray exeC Program Files AVG AVG avgrsx exeC Program Files Mozilla Firefox firefox exeC Users Eugene Desktop stinger exeC Program Files Trend Micro HijackThis HijackThis exeC Windows system SearchFilterHost exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by DellR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run ECenter C Dell E-Center EULALauncher exeO - HKLM Run Apoint C Program Files DellTPad Apoint exeO - HKLM Run OEM Mon exe C Windows OEM Mon exeO - HKLM Run SigmatelSysTrayApp ProgramFiles SigmaTel C-Major Audio WDM sttray exeO - HKLM Run NvSvc RUNDLL EXE C Windows system nvsvc dll nvsvcStartO - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInitO - HKLM Run NVHotkey rundll exe C Windows system nvHotkey dll StartO - HKLM Run DELL Webcam Manager quot C Program Files Dell Dell Webcam Manager DellWMgr exe quot sO - HKLM Run Broadcom Wireless Manager UI C Windows system WLTRAY exeO - HKLM Run dscactivate quot C Program Files Dell Support Center gs agent custom dsca exe quot O - HKLM Run PCMService quot C Program Files Dell MediaDirect PCMService exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run SmcService C PROGRA Sygate SPF smc exe -startguiO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOCAL SERVICE' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'NETWORK SERVICE' O - Global Startup Digital Line Detect lnk C Program Files Digital Line Detect DLG exeO - Global Startup QuickSet lnk C Program Files Dell QuickSet... Read more

A:Possibly Infected with a keylogger

Did I do something wrong with my log? Lots of other people were answered before me...

http://www.bleepingcomputer.com/forums/t/173455/possibly-infected-with-a-keylogger/
Relevancy 46.87%

Hi A few days ago one of my gaming accounts got compromised As the account has only been accessed from this computer I am assuming that there is a keylogger in play I ve had several attempts at finding and removing this threat but so far have been unsuccessful AVG-scans have shown nothing Kaspersky-scans have found and deleted some trojan-downloader java openstream asf but that s about it Rootkit-tools have not been able to find anything either Hopefully you guys will be able to help me I was not able to run a RootRepeal-scan due to it s -bit limitation HIJACKTHIS---------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x Lavasoft Ad-Aware AAWTray exeC Program Files x DAEMON Tools Lite DTLite exeC Program Files Logitech GamePanel Software Applets LCDMedia exeC Program Files x OpenOffice org program soffice exeC Program Files x OpenOffice org program soffice binC Program Files x iTunes iTunesHelper exeC Program Files x ROCCAT Kone KoneHID EXEC Program Files x Java jre bin jusched exeC Program Files x Kaspersky Lab Kaspersky Internet Security some Infected with sort Keylogger of avp exeC Program Files x ROCCAT Kone osd exeC Program Files x Windows Media Player wmplayer exeC Program Files x Mozilla Firefox firefox exeC Program Files x Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Infected with some sort of Keylogger AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll file missing O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - Infected with some sort of Keylogger C Program Files x Kaspersky Lab Kaspersky Internet Security Infected with some sort of Keylogger ievkbd dllO - BHO P loggingshjelp for Windows Live - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dllO - BHO link filter bho - E CF -D - A- F - F A F - C Program Files x Kaspersky Lab Kaspersky Internet Security klwtbbho dllO - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files x Common Files Adobe ARM AdobeARM exe quot O - HKLM Run lxdimon exe quot C Program Files x x Lexmark - Series lxdimon exe quot O - HKLM Run lxdiamon quot C Program Files x x Lexmark - Series lxdiamon exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottimeO - HKLM Run Kone quot C Program Files x ROCCAT Kone KoneHID EXE quot O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run AVP quot C Program Files x Kaspersky Lab Kaspersky Internet Security avp exe quot O - HKCU Run DAEMON Tools Lite quot C Program Files x DAEMON... Read more

A:Infected with some sort of Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/287121/infected-with-some-sort-of-keylogger/
Relevancy 46.87%

A couple of questions. If one of the computers on my network is infected with a keylogger is there a good chance that it will probably spread to the rest of the network?

I've read the instructions on http://forums.techguy.org/malware-removal-hijackthis-logs/500865-think-i-got-keylogger-world.html but i have no idea how to read the reports. Would anyone be able to help me to check if the computers are clean from any keyloggers?

I will paste the results of the hijack scans for two of the suspected infected computers when i get the results and also the avg anti-spyware results.

Thank you in advance for your help.
 

https://forums.techguy.org/threads/i-think-my-network-is-infected-with-a-keylogger.611080/
Relevancy 46.87%

Hi I m posting by it! but Think infected cant keylogger, a im find this here in the hope that someone can give me some advice or at least some peace of mind after doing a spyware Virus check with with different scanners Norton detected a known keylogger inside a deleted file inside my recycle bin It said it was called SmartKeystrRecPro exe Now I know I opened this file Think im infected by a keylogger, but cant find it! but Think im infected by a keylogger, but cant find it! as usual nothing was amiss at the time Ive since done a check with various progs but it only ever spots the deleted file in the bin and not one in my system anywhere Is it hiding somewhere I m presuming it excecuted when I opened the file and installed itself somewhere but I cant find the Think im infected by a keylogger, but cant find it! thing Can anyone please recommend a scan to mke sure it isn t my system somewhere Why can my scanners spot the deleted threat but not the installed one Please help I m totally stuck this time I m running Vista Home Premimum I d really appreciate any advice at all on this thanks

A:Think im infected by a keylogger, but cant find it!

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

http://www.bleepingcomputer.com/forums/t/188433/think-im-infected-by-a-keylogger-but-cant-find-it/
Relevancy 46.87%

I've been advised by my bank that our on-line banking logon/password has been compromised, as we have discovered a fraudulent EFT transfer to an unrecognised bank account.  Our User/PWD has therefore been disabled and the bank has requested that we have the cause detected and fixed.  The bank has suggested that the PC has been infected with a key logger that has revealed our bank account and password details.
 
I'm running Windows 7 and have the Avast! free antivirus and Malwarebytes installed.  For several months I've been receiving messages from Avast saying that a threat has been detected, but all of my attempts to remove it have failed.  When I run a scan on Avast!, I get the following report:
 
THREAT DETECTED
 
C:\Windows\System 32\services.exe
 
Threat:  Win32 : Sirefef-ZT[Trj]
 
When I click on the default 'Move to Chest', I get:
 
X Error: The specified file is read only (6009).
 
How can I clean this up?
 
 

A:Infected - Trojan/Keylogger?

Hello,please do these next. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Click the Scan button to start the scan.On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well. Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE:Sometimes if ESET finds no infections it will not create a log.>>>>>>>>>>>>>>>>Because your computer was compromised please read:Identity Theft Victims Guide - What to doInternet Fraud Tips for Victims of ID TheftFiling a Report:How to Report a Fraud or ScamFile a report with your local FBI OfficeReporting Computer Hacking, Fraud and Internet-Related CrimeReporting Internet FraudInternet Crime Complaint Center (IC3): Filing a ComplaintFTC Identify Theft Site - FTC Complaint Assistant

http://www.bleepingcomputer.com/forums/t/501342/infected-trojankeylogger/
Relevancy 46.87%

Hi I am sure that I am either infected with a RAT or RAT like software I dont know wether a keylogger is there or not I have seen my mouse cursor move in front of me with out my intervention when connected to internet Moreover when RAT really or I with Infected a Keylogger. am worried. I disconnected it stopped moving and behaved normally I am really worried as I dont know wether my various account information is compromised or not Below is my DDS log DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by admin at on - - Microsoft Windows Professional GMT AV Sophos Anti-Virus Disabled Updated FBD - D - EF-C ED- BE E C A SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Sophos Anti-Virus Disabled Updated DE A -B E - A -FD D- EB Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files x Cisco Cisco AnyConnect VPN Client vpnagent exe C Program Files NVIDIA Corporation Display nvxdsync exe C Windows Infected with a RAT or Keylogger. I am really worried. system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system WLANExt exe C Windows System spoolsv exe C Program Files DigitalPersona Bin Infected with a RAT or Keylogger. I am really worried. DpHostW exe C Infected with a RAT or Keylogger. I am really worried. Program Files Realtek Audio HDA AERTSr exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Intel Bluetooth devmonsrv exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files Intel WiFi bin EvtEng exe C ProgramData DatacardService HWDeviceService exe C ProgramData Idea Net Setter OnlineUpdate ouc exe C Program Files MySQL MySQL Server bin mysqld exe C Windows System svchost exe -k HPZ C Program Files Common Files Nitro PDF Professional NitroPDFDriverService x exe C Windows SysWOW NLSSRV EXE C Program Files x Dell Dell Datasafe Online NOBuAgent exe C Program Files Palo Alto Networks Pan Connect PanInstaller exe C Windows System svchost exe -k HPZ C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files Reliance Netconnect-Broadband RelianceService exe C Program Files Reliance Netconnect-Broadband BGService exe C Program Files x Microsoft Application Virtualization Client sftvsa exe C Windows system svchost exe -k imgsvc C Program Files x TeamViewer Version TeamViewer Service exe C Windows System svchost exe -k secsvcs C Windows system taskhost exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Intel Bluetooth obexsrv exe C Windows system Dwm exe C Windows Explorer EXE C ProgramData DatacardService DCSHelper exe C Program Files x Microsoft Application Virtualization Client sftlist exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system wbem wmiprvse exe C Program Files TortoiseSVN bin TSVNCache exe C Program Files x Common Files Microsoft Shared Virtualization Handler CVHSVC EXE C Program Files Realtek Audio HDA RtkNGUI exe C Windows System igfxtray exe C Program Files TortoiseGit bin TGitCache exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files NVIDIA Corporation Display nvtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files DellTPad Apoint exe C Windows System rundll exe C Users admin AppData Local Google Chrome Application chrome exe C Program Files x Skype Phone Skype exe C Program Files x Intel Bluetooth mediasrv exe C ... Read more

A:Infected with a RAT or Keylogger. I am really worried.

Greetings Vijay and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.
===================================================Ground Rules:
First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button but use the button instead.
In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
I would like to remind you to make no further changes to your computer unless I direct you to do so.
Now let's get started
===================================================
Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.
Thank you for your patience thus far. Can you tell me what browsers you use and which browsers are affected.
Please complete the following.
===================================================Obtaining Current ComboFix.txt
--------------------
Please copy and paste the contents of the following file in your reply.
 
C:\ComboFix.txt
 
===================================================AdwCleaner by Xplode - Delete Adware
-------------------
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browser
Double click on AdwCleaner.exe, select OK, then Run
Click on Delete
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart
Copy and paste the contents in your reply
You can find the logfile at C:\AdwCleaner[S1].txt
===================================================Junkware Removal Tool by thisisu
-------------------
Please download Junkware Removal Tool and save it to your desktop.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Right-mouse click JRT.exe and select Run as administrator (Windo... Read more

http://www.bleepingcomputer.com/forums/t/489853/infected-with-a-rat-or-keylogger-i-am-really-worried/
Relevancy 46.87%

Logfile of Trend Micro HijackThis v Scan saved at PM on Fix Keylogger? :) Help Please Computer Or Possible Infected Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Infected Computer Or Possible Keylogger? Please Help Fix :) Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files NVIDIA Corporation nTune nTuneService exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C Program Infected Computer Or Possible Keylogger? Please Help Fix :) Files Viewpoint Common ViewpointService exe C Program Files Infected Computer Or Possible Keylogger? Please Help Fix :) Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS System alg exe C WINDOWS System svchost exe C WINDOWS system RUNDLL EXE C WINDOWS LOGI MWX EXE C WINDOWS system rundll exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS SOUNDMAN EXE C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C PROGRA ALWILS Avast ashDisp exe C Program Files Java jre bin jusched exe C Program Files AIM aim exe C Program Files TGTSoft StyleXP StyleXP exe C FRAPS FRAPS exe C Program Files iTunes iTunesHelper exe C Program Files AIM aim exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files AIM aolsoftware exe C Program Files iPod bin iPodService exe C Program Files Ventrilo Ventrilo exe C Program Files Steam steam exe C Program Files Mozilla Firefox firefox exe C Program Files Alwil Software Avast ashSimpl exe C WINDOWS system notepad exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG win ini load C WINDOWS system jkkjk exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Logitech Utility LOGI MWX EXE O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run b dd rundll exe quot C WINDOWS system ytsgjdkm dll quot b O - HKCU Run Aim quot C Program Files AIM aim exe quot d locale en-US ee aol imApp O - HKCU Run STYLEXP C Program Files TGTSoft StyleXP StyleXP exe -Hide O - HKCU Run NVIDIA nTune quot C Program Files NVIDIA Corporation nTune nTuneCmd exe quot clear O - HKCU Run Steam quot C Program Files Steam Steam exe quot -silent O - HKCU Run Fraps C FRAPS FRAPS EXE O - Global Startup Logitech SetPoint lnk C Program Files Logitech SetPoint SetPoint exe O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button BitComet - D A B -D C- ed -AFC -C E DC AF A - res C Program Files BitComet tools BitCometBHO dll file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB ... Read more

Relevancy 46.87%

Running Windows XP with all of the security updates and service packs I ran spybot a month or so ago and it caught this Ardamax Keylogger I found a website that told me how to remove it and I did But yesterday I ran spybot again and once again Ardamax Keylogger was there Spybot only found entry for it in c windows system sys which it removed I want to make sure it does not come back again so I downloaded hijack this and am now following the instructions by posting the Keylogger With Ardmax Infected log here I have run Stinger and Ad-aware and spybot and they do not find entries My question--how did it Infected With Ardmax Keylogger keep coming back Did I not get everything removed I am posting my hijack Infected With Ardmax Keylogger this log Thank you for any help or suggestions Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system brsvc a exeC WINDOWS system spoolsv exeC WINDOWS system brss a exeC Program Files Apoint Apoint exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system rundll exeC WINDOWS system rundll exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system dla tfswctrl exeC WINDOWS system RunDLL exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Dell QuickSet Quickset exeC Program Files iTunes iTunesHelper exeC Program Files Apoint HidFind exeC WINDOWS system ctfmon exeC Program Files Apoint Apntex exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files CVSNT cvslock exeC Program Files CVSNT cvsservice exeC WINDOWS system E S RP EXEC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files MioNet MioNetManager exec Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files MioNet jvm bin MioNet exeC WINDOWS system nvsvc exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Toshiba Bluetooth Toshiba Stack TosA dp exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system SAgent exeC WINDOWS system svchost exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtHid exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system wbem wmiprvse exeC WINDOWS System alg exeC Program Files iPod bin iPodService exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files Mozilla Thunderbird thunderbird exeC Program Files Google Google Talk googletalk exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Virginia Vigmostad Desktop HiJackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www y... Read more

A:Infected With Ardmax Keylogger

Hello viggy and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

http://www.bleepingcomputer.com/forums/t/124969/infected-with-ardmax-keylogger/
Relevancy 46.87%

I have recently had my Amazon com account stolen and someone had made several digital purchases of Xbox game cards How they got my account is unknown I am suspecting it was a keylogger Below is my dds log file DDS Ver - - - NTFSx Run by Anon at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Trend Micro Internet Security On-access scanning enabled Updated D BC- CC- - E- E AF FW Trend Micro Personal Firewall enabled E E E- A D- -A F - EC F EB Running Processes C WINDOWS system nvsvc exe C WINDOWS trojan Infected keylogger or system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C WINDOWS RTHDCPL EXE C WINDOWS system RUNDLL EXE C Program Files Microsoft IntelliPoint ipoint exe C Program Files Common Files Pure Networks Shared Platform nmctxth exe C Program Files Microsoft IntelliPoint dpupdchk exe C Program Files DNA btdna exe C WINDOWS system ctfmon exe C Program Files Trend Micro Internet Security TMAS OE TMAS OEMon Infected trojan or keylogger exe svchost exe C Program Files Linksys Linksys Updater bin LinksysUpdater exe C Program Files Common Files System aa exe Infected trojan or keylogger C Program Files Spyware Terminator sp rsser exe C WINDOWS system java exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C WINDOWS System svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Program Files Common Files bugoilen bungo exe C Program Files Common Files Pure Networks Shared Platform nmsrvc exe C Program Files Java jre bin jusched exe C Program Files Java jre bin jqs exe C WINDOWS system drwtsn exe C WINDOWS system drwtsn exe C WINDOWS TEMP pn exe C WINDOWS Cursors supdate exe C Program Files Trend Micro Internet Security SfCtlCom exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Trend Micro BM TMBMSRV exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Mozilla Firefox firefox exe C Documents and Settings Anon Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig mWinlogon Shell Explorer exe c windows cursors lsass exe mWinlogon UIHost c windows system logonuiX exe BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - Infected trojan or keylogger c program files common files adobe acrobat activex AcroIEHelperShim dll BHO cb bf -bbae- a - f - ff d - c progra crawler toolbar ctbr dll BHO C C A-E - b - D - CECB - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB amp Crawler Toolbar b ea- - dc -a fc- f d - c progra crawler toolbar ctbr dll TB D C F- A- -A AD- D - No File EB - a - b-a - c a a - No File uRun BitTorrent DNA quot c program files dna btdna exe quot uRun ctfmon exe c windows system ctfmon exe uRun OE c program files trend micro internet security tmas oe TMAS OEMon exe uRun CurseClient c program files curse CurseClient exe -silent uRun AdobeBridge uRun AlcoholAutomount quot c program files alcohol soft alcohol axcmd exe quot automount uRun WinUpd c windows system WinUpd exe mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun UfSeAgnt exe quot c program files trend micro internet security UfSeAgnt exe quot mRun PWRISOVM EXE c program files poweriso PWRISOVM EXE mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun amd dc opt c program files amd dual-core optimizer amd dc opt exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun... Read more

A:Infected trojan or keylogger

formatted / reinstalled windows to insure the keylogger is gone. Please close thread.

http://www.bleepingcomputer.com/forums/t/232917/infected-trojan-or-keylogger/
Relevancy 46.87%

Hi all recently my WOW account had been hacked twiced and i've updated my ant-virus and installed some spyware not sure if my laptop is still infected by keylogger I appriciate your help here Regards LimLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot Laptop keylogger infected by mode NormalRunning processes g Program Files Norton Internet Security Engine ccSvcHst exeC Windows system taskeng exeC Windows system Dwm exeC Laptop infected by keylogger Windows Explorer EXEC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files TOSHIBA Bluetooth Toshiba Stack ItSecMng exeC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA SmoothView SmoothView exeC Program Files TOSHIBA FlashCards TCrdMain exeC Windows WindowsMobile wmdSync exeC Program Files TOSHIBA TOSCDSPD TOSCDSPD exeC Program Files Laptop infected by keylogger Windows Media Player wmpnscfg exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files TOSHIBA ConfigFree CFSwMgr exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Windows Live Toolbar wltuser exeC Windows system SearchFilterHost exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO ContributeBHO Class - C DC - - A A- D-C C - G Program Files Adobe Adobe Contribute CS contributeieplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Symantec NCO BHO - ADB E- AFF- - AA - DAC DFA - g Program Files Norton Internet Security Engine coIEPlg dllO - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - g Program Files Norton Internet Security Engine IPSBHO DLLO - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - G Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - G Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - G Program Files Adobe Adobe Contribute CS contributeieplugin dllO - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dllO - Toolbar Norton Toolbar - FEBEFE - B - - D -FFB D B CA - g Program Files Norton Internet Security Engine coIEPlg dllO - HKLM Run NDSTray exe NDSTray exeO - HKLM Run cfFncEnabler exe cfFncEn... Read more

A:Laptop infected by keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.To enable topic notifications you should do the following:Click on the My Controls link at the top of the page to enter your control panel.Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/281393/laptop-infected-by-keylogger/
Relevancy 46.87%

Hello I recently had my bank call me and unknown? Infected keylogger Possible with tell me that my online banking login password had been used from fradulent IP addresses in another Infected with unknown? Possible keylogger state so it's highly likely that my computer has been infected with some kind of malware However I've run TrendMicro and Malwarebytes and Spybot and neither of them have detected anything beyond cookies For reference my HiJackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v FIREFOX en-US Boot mode Normal Running processes C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Program Files Infected with unknown? Possible keylogger x Steam Steam exe C Users Ryuuen AppData Local FluxSoftware Flux flux exe C Program Files x CyberLink YouCam YCMMirage exe C Program Files x CyberLink Power Go CLMLSvc P G exe C Program Files x CyberLink PowerDVD PDVD Serv exe C Users Ryuuen AppData Roaming Dropbox bin Dropbox exe C Program Files x Hewlett-Packard HP CoolSense CoolSense exe Infected with unknown? Possible keylogger C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Adobe Acrobat Acrobat acrotray exe C Program Files x Mozilla Firefox firefox exe C Users Ryuuen AppData Roaming Google Google Talk googletalk exe C Program Files x Common Files Java Java Update jucheck exe C Program Files x Mozilla Firefox plugin-container exe C Users Ryuuen AppData Local Google Google Talk Plugin googletalkplugin exe C Program Files x Spybot - Search amp Destroy SDTray exe C Windows SysWOW NOTEPAD EXE C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Users Ryuuen Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g jp msn com HPALL R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http g jp msn com HPALL R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g jp msn com HPALL R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http g jp msn com HPALL R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Vuze Remote Toolbar - ba e- - -b f - e d cc - C Program Files x Vuze Remote prxtbVuze dll F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Trend Micro NSC BHO - CA B-DC D- A - - E FAC - C Program Files Trend Micro AMSP Module TmopIEPlg dll O - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Adobe Acrobat Create PDF Toolbar Helper - AE CD -E - f- - EE - C Program Files x Common Files Adobe Acrobat WCIEActiveX AcroIEFavClient dll O - BHO URLRedirectionBHO - B F A - E - -BA - B E FF - C PROGRA MICROS Office URLREDIR DLL O - BHO Vuze Remote - ba e- - -b f - e d cc - C Program Files x Vuze Remote prxtbVuze dll O - BHO TmBpIeBHO - BBACBAFD-FA E- - B - EB F D AC - C Program Files Trend Micro AMSP Module TmBpIe dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO HP Network Check Helper - E FD -C BA- DCB- F - BD ADE - C Program Files ... Read more

A:Infected with unknown? Possible keylogger

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)2: DDS.pif3: DDS.COMDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===Please paste the logs in your next reply, DO NOT ATTACH THEMLet me know what problem persists.

http://www.bleepingcomputer.com/forums/t/512165/infected-with-unknown-possible-keylogger/
Relevancy 46.87%

Hi there I'm messaging here about some spontaneous problems that happened to my who what a else... infected keylogger... and Computer knows with grandmother's computer we have no idea where it came from or what happened but as I did a net search for what the problem was and it came Computer infected with a keylogger... and who knows what else... up here as a keylogger I thought I'd go through the Hijack This log and put it up and tell show you what is happening I myself have used Hijack This before but from an older computer that caught 'the plague' as I like to put it from an msn-message link infection not sure what the site was I had used then though at this time But help there got it fixed up then Anyways back to this computer just after I came up for a few days my Computer infected with a keylogger... and who knows what else... grandmother who is pretty computer knowledgable for anyone her age told me her computer was acting weird There was warnings on here with the Vista security logo saying it was infected with like or or more bugs including malware spyware trojans etc you name it So as nothing was getting rid of it and showed it as a Windows security warning we seen the Computer infected with a keylogger... and who knows what else... only option of cleaning it to pay for the service thru micrsoft Shortly after found out it was the rogue anti-virus Total Security sent email for refund very frustrating and stressing especially for my grandmother who finds a lot of stress relief and such in her computer Anyways after finding it was a scam that somehow infected her computer who knows how I have a gut feeling it may have been from an infected 'junk' email from a relative friend jokes and fwds ya know - someone up in age who knows little about computer viruses We tried running the Maliscious Software Removal Tool from may from microsoft which actually mentions at least one of them the bug on this machine saying there was a trojan associated with Win Winwebsec buit after attempted runs it never gets further than about half done after - hrs waiting it keeps failing So this is the next step and hopefully with help here we can fix these problems without loads of files lost Thanks in advance for any help we can get to exorcise the demons on this machine so to say haha EDIT Crap accidentally missed the click box for email notifications and I'm not seeing the option reappear My email is Removed to protect from spambots OB just incase Here is the log from Hijack This Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows MHotKey exeC Windows ChiFuncExt exeC Program Files x Azigo Services ss-runner exeC Program Files x Windows Live Messenger msnmsgr exeC Program Files x Common Files Ahead Lib NMBgMonitor exeC ProgramData Macrovision FLEXnet Connect ISUSPM exeC Users Owner AppData Local TheWeatherNetwork WeatherEye WeatherEye exeC ProgramData exeC Program Files x HP Digital Imaging bin hpqtra exeC Program Files x IOI Smart Copy ButtonMonitor exeC WINDOWS CNYHKey exeC Program Files x Google Gmail Notifier G - gnotify exeC Program Files x Avira AntiVir Desktop avgnt exeC Program Files x QuickTime qttask exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x Nova Development Greeting Card Factory Photo Card Maker ReminderApp exeC Program Files x Java jre bin jusched exeC Program Files x Common Files Ahead Lib NMIndexStoreSvr exeC Windows SysWOW conime exeC Windows ModLedKey exeC Program Files x HP Digital Imaging bin hpqSTE exeC Program Files x HP Digital Imaging bin hpqbam exeC Program Files x Windows Live Contacts wlcomm exeC Program Files x Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Windows SysWow Macromed Flash FlashUtil c exeC Program Files x Internet Explorer iexplore exeC Program Files x Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Sea... Read more

A:Computer infected with a keylogger... and who knows what else...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/271668/computer-infected-with-a-keylogger-and-who-knows-what-else/
Relevancy 46.87%

I ran a trial scan of Spy Sweeper Which Keylogger...not Trojan, Sure Infected With that pointed out a Trojan I'm infected with as well as Infected With Trojan, Keylogger...not Sure Which regular spyware It's causing my internet connections to go funky and I get a lot more pop-ups than I used to not to mention that my Explorer crashes on occasion My job requires an internet connection so it's very hard to get anything done Please this is urgent and I really need some help Here's my HiJackThis Log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system CTsvcCDA exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS system svchost exeC Program Files Webroot Spy Sweeper SpySweeper exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Dell Media Experience DMXLauncher exeC WINDOWS system Rundll exeC DOCUME KRISTI SHE LOCALS Temp clclean C Program Files Canon CAL CALMAIN exeC PROGRA MUSICM MUSICM MMDiag exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Creative MediaSource Detector CTDetect exeC Program Files Messenger msmsgs exeC Program Files Yahoo Search Protection SearchProtection exeC Program Files MUSICMATCH Musicmatch Jukebox mim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files NETGEAR WPN wpn exeC WINDOWS system dllhost exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC WINDOWS eHome ehmsas exeC Program Files HP Digital Imaging bin hpqimzone exeC WINDOWS System svchost exeC Program Files HP Digital Imaging bin hpqSTE exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgemc exeC PROGRA Grisoft AVG avgupsvc exeC Program Files Grisoft AVG avgcc exeC Program Files MSN Messenger msnmsgr exeC Program Files Adobe Photoshop Photoshop exeC Program Files AIM aim exeC WINDOWS explorer exeC Program Files Internet Explorer iexplore exeC Documents and Settings Kristin T Sheen Desktop Kristin's Folder Programs hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp def search ie htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp def www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http www wwe com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ycomp def www yahoo comR - HKCU Software Microsoft Internet Explorer Main Window Title BlueFrog com - The Best Internet R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar no name - BF - F - - - FE E AA - no file O - HKLM Run ehTray C WINDOWS ehome eht... Read more

A:Infected With Trojan, Keylogger...not Sure Which

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Krissy Kris Run 'BitDefender Online Scanner' using Internet Explorer:http://www.bitdefender.com/scan8/ie.htmlRead the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.You'll be prompted to install the activex control,please do so.Once installed,disable your current antivirus program,then click the 'Click here to scan' button.The virus signatures will then load.Once loaded the scan will start.The scan will take quite some time so please be patient.Once the scan has finished select the 'Detected Problems' tab.Click on 'Click here to export scan'.Save the file as an HTML file to your desktop.Then click on the saved file and allow it to open with your browser.Go to 'Edit'/'Select All' then copy and paste that log into your next reply.*Note*Don't forget to re-enable your antivirus program.***************************Download AVG Anti-Rootkit and save to your desktop1. Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit.2. Accept the license and follow the prompts to install.3. You will be asked to reboot to finish the installation so click "Finish".4. After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.5. You will see a window with four buttons at the bottom.6. Click "Search For Rootkits" and the scan will begin.7. You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.8. When the scan has finished, a small window will open so you can view the results.9. Right click and select "Save Result To File".10. By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file). Copy and paste the results in your next reply.11. If anything was found, click "Remove selected items"12. If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.***************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/93455/infected-with-trojan-keyloggernot-sure-which/
Relevancy 46.87%

Hello there my computer has recently been infected with a keylogger Best explanation how i know is i lost a video game account and while i was losing it i kept having my reset password figured out So i have been using AVG and Ad-aware for security and after running a scan AVG found nothing corrupted and Ad-aware just removed some small files nothing high risk which i figured a keylogger would be I could be wrong So with Infected an Computer keylogger I downloaded Malwarebytes and ran that it came up with nothing too So I am curious if someone could look at my hi-jack this file and see if they see any keylogger or virus problems within it Since these problems my comp has been slow Computer Infected with an keylogger so not sure if they is corruption or me just running these scans to try to find a problem Hi-Jack this file I also use Windows Vista bit Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Windows Media Player wmplayer exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Users Dirkus Computer Infected with an keylogger AppData Local Google Chrome Application chrome exe C Program Files x Lavasoft Ad-Aware AAWTray exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Program Files x Trend Micro HiJackThis HiJackThis exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Users Dirkus AppData Local Google Chrome Application chrome exe C Program Files x Malwarebytes Anti-Malware mbam exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook DeviceVM Url Search Hook - BF -BFFF- B F- D - DF F DD - C Windows SysWOW dvmurl dll F - REG system ini UserInit C Windows SysWOW userinit exe O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User LOCAL SERVICE O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User NETWORK SERVICE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Protocol grooveLocalGWS - FED C-F CA- -A - CB B CD - C PROGRA MICROS Office GR D DLL ... Read more

A:Computer Infected with an keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

http://www.bleepingcomputer.com/forums/t/368265/computer-infected-with-an-keylogger/
Relevancy 46.87%

Hi everyone I dont have any problems with my computer in any ways the only thing that has happened is that my account in World of Warcraft was hacked Well first I just thought infected I im belive with keylogger a it was like bad luck since it does happen to many ppl But then my friends in my guild told me it could be I belive im infected with a keylogger a keylogger I dont rly have a clue if it is a keylogger or what it is So I would mostly want a quick feedback if it might be a keylogger or just that someone I belive im infected with a keylogger had extremly luck and figured my password in WoW out themself Regards Ricky aka SeraC Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot I belive im infected with a keylogger mode Normal Running processes D WINDOWS System smss exe D WINDOWS system winlogon exe D WINDOWS system services exe D WINDOWS system lsass exe D WINDOWS system svchost exe D WINDOWS System svchost exe E program Alwil Software Avast aswUpdSv exe E program Alwil Software Avast ashServ exe D WINDOWS system spoolsv exe D WINDOWS Explorer EXE D WINDOWS ATKKBService exe D Program AVG AVG avgwdsvc exe D WINDOWS RTHDCPL EXE E program Comodo BOClean BOCORE exe D Program Java jre bin jqs exe D WINDOWS system nvsvc exe D WINDOWS system svchost exe E program Logitech G-series Software LGDCore exe E program Logitech G-series Software LCDMon exe D Program AVG AVG avgtray exe E program COMODO BOC exe E program Logitech G-series Software Applets LCDClock exe D Program Java jre bin jusched exe E program Logitech G-series Software Applets LCDPop LCDPOP exe D WINDOWS system LVCOMSX EXE E program Logitech G-series Software Applets LCDMedia exe E program Logitech Video LogiTray exe E program ALWILS Avast ashDisp exe D WINDOWS system ctfmon exe E program Logitech Desktop Messenger Program LogitechDesktopMessenger exe D Program AVG AVG avgemc exe D Program AVG AVG avgam exe D Program DNA btdna exe D Program AVG AVG avgrsx exe D Program AVG AVG avgnsx exe E program Spybot - Search amp Destroy TeaTimer exe D Program AVG AVG avgcsrvx exe E program Logitech SetPoint SetPoint exe E program Alwil Software Avast ashMaiSv exe E program Alwil Software Avast ashWebSv exe E program Logitech Video FxSvr exe D Program Delade filer Logitech KHAL KHALMNPR EXE D Program AVG AVG avgcsrvx exe D WINDOWS system wscntfy exe E program Mozilla Firefox firefox exe E program Winamp winamp exe E program VLC vlc exe E program BitTorrent bittorrent exe D WINDOWS system wuauclt exe E program Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http sv-se facebook com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - D Program AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - E program SPYBOT SDHelper dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - D Program Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - D Program Java jre lib deploy jqs ie jqs plugin dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - D Program DAEMON Tools Toolbar DTToolbar dll O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run NvCplDaemon RUNDLL EXE D WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE D WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Launch LGDCore quot E program Logitech G-series S... Read more

https://forums.techguy.org/threads/i-belive-im-infected-with-a-keylogger.839193/
Relevancy 46.87%

hello
i was in yahoo games the other day and someone told me that he would put a keylogger into my laptop i told em that i have anti virus and antimalewares but they said all they need is my ip address and i dont need to download a file or a virus .so i got worried and now i think im infected i downloaded teh free version of spyshelter and it doeasnt realy have a scan or something like that so i was wondering
1: is that possible to install an keylogger into someones comp without sending them a file or asking them to visit a webpage , and just by IP address?
2: anyways to do a keylogger detector scan to see if theres one in my comp?
im sorry if this is a stupid question or its been asked before .im noob
thanks.........

A:is it possible to get infected by keylogger by just IP addy

How does your computer connect to the Internet? Do you use a NAT-router?

http://www.bleepingcomputer.com/forums/t/382870/is-it-possible-to-get-infected-by-keylogger-by-just-ip-addy/
Relevancy 46.87%

Hi I'm new to this forum and fairly uneducated as far as trouble shoting computer problems My computer was recently infected with a number of viruses and some keyloggers which I've been trying hard to get rid of I've used a number of anti-spyware Possibly infected with keylogger... and anti-virus programs to scan my computer and I've succesfully removed some viruses A friend told me HijackThis can be fairly useful in determining as to weather or not my computer is still infected so I saved my log file and was hoping that someone here could Possibly infected with keylogger... analyze it and give me feedback about the status of my computer Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system Possibly infected with keylogger... csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC WINDOWS system svchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS system svchost exeC Program Files ThreatFire TFService exeC Program Files Canon CAL CALMAIN exeC WINDOWS system wbem unsecapp exeC WINDOWS system wbem wmiprvse exeC WINDOWS System alg exeC WINDOWS Explorer EXEC Program Files iTunes iTunesHelper exeC Program Files Analog Devices SoundMAX SMTray exeC Program Files Java jre bin jusched exeC Program Files Adobe Reader Reader Reader sl exeC Program Files ThreatFire TFTray exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS System svchost exeC WINDOWS system ctfmon exeC Program Files Uniblue ProcessQuickLink ProcessQuickLink exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files iPod bin iPodService exeC Program Files Windows Live Messenger usnsvc exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - Toolbar no name - CCC A -B CA- -B A - F DD - no file O - HKLM Run StartCCC quot C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Smapp C Program Files Analog Devices SoundMAX SMTray exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run ThreatFire C Program Files ThreatFire TFTray exeO - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot backgroundO - HKCU Run swg quot C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe quot O - HKCU Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exeO - HKCU Run ctfmon exe... Read more

A:Possibly infected with keylogger...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/256138/possibly-infected-with-keylogger/
Relevancy 46.44%

About months ago I had my account from Final Fantasy Online stolen It was assumed by people in the gaming community that this was done by the rsbo exe keylogger that used an old realplayer exploit This virus was injected into many FF websites in the form of an iframe At the time I was not using IE as a browser and even though I was firewalled and had several AV programs installed with all security up to date it still got past everything My password and login info was all autosaved so I never typed them in so they were stolen by some other means than a simple keylogger possibly by stealing and breaking With Infected Is It Somewhere? Keylogger, Previously Hiding Still the login file for the game stored on my harddrive Anyway after my account was stolen I found rsbo exe as well as in dll and Previously Infected With Keylogger, Is It Still Hiding Somewhere? kb ss p dll which I was told were associated with it and manually removed them as well as the registry changes they added since no AV programs I had would detect them Now months later I may be getting my account returned If not I may start playing another online MMO which could be affected by this Either way I'd like to know if my system was clean or not I have become very paranoid about entering any personal information online such as CC or any other kind of account information Deckard's System Scanner v Run by PG on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis-------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Intel Intel Application Accelerator iaanotif exeC Program Files Creative SBAudigy Surround Mixer CTSysVol exeC Program Files Creative SBAudigy DVDAudio CTDVDDet EXEC WINDOWS system CTHELPER EXEC WINDOWS System DSentry exeC Program Files Dell Media Experience PCMService exeC WINDOWS system dla tfswctrl exeC Program Files MusicMatch MusicMatch Jukebox mmtask exeC Program Files Roxio Easy CD Creator DragToDisc DrgToDsc exeC Program Files Roxio Easy CD Creator AudioCentral RxMon exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC WINDOWS Logi MwX ExeC Program Files Microsoft IntelliType Pro type exeC Program Files Microsoft IntelliPoint point exeC Program Files Windows Defender MSASCui exeC WINDOWS system RUNDLL EXEC WINDOWS SnoopFreeUI exeC Program Files Spyware Doctor pctsTray exeC Program Files BitDefender BitDefender bdagent exeC WINDOWS system ctfmon exeC Program Files Linksys EasyLink Advisor LinksysAgent exeC Program Files Google Google Updater GoogleUpdater exeC Program Files Roxio Easy CD Creator AudioCentral Playlist exeC WINDOWS System CTsvcCDA exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Intel Intel Application Accelerator iaantmon exeC WINDOWS system nvsvc exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC WINDOWS System SnoopFreeSvc exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exeC Program Files Common Files BitDefender BitDefender Communicator xcommsvr exeC Program Files Common Files BitDefender BitDefender Update Service livesrv exeC Program Files BitDefender BitDefender vsserv exeC WINDOWS System svchost exeC WINDOWS System alg exeC WINDOWS System svchost exeC Documents and Settings Patrick Gregory Desktop dss exeC PROGRA TRENDM HIJACK PATRIC EXEC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Intern... Read more

A:Previously Infected With Keylogger, Is It Still Hiding Somewhere?

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.click on Start, click on Run copy and paste the following in bold in the open window and then click OK"%userprofile%\desktop\dss.exe" /configThis will open up DSS configuration click on Check Allclick ScanDSS will now run again when finishedPlease post back both logs that open in notepadMain txt and extra txtNextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

http://www.bleepingcomputer.com/forums/t/148960/previously-infected-with-keylogger-is-it-still-hiding-somewhere/
Relevancy 46.44%

Hello Turns out I have been kelogged I have successfully secured my financial information and avast along with spybot seem to have taken care of the problem However to be on the safeside I d like you guys to check out my logs DDS DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Bednar at on - - Microsoft Windows Ultimate GMT SP Spybot - Search amp amp Destroy Enabled Updated EAF D - -F B -EB - F F EE SP Windows Defender Enabled Updated D DDC A- - Infected malware with - need it removing keylogger help F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System Infected with malware - keylogger - need help removing it svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows Explorer EXE C Windows System spoolsv Infected with malware - keylogger - need help removing it exe C Windows Infected with malware - keylogger - need help removing it system taskhost exe C Program Files x Common Files Adobe ARM armsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system hasplms exe C Program Files x Spybot - Search amp Destroy SDFSSvc exe C Program Files Classic Shell ClassicStartMenu exe C Program Files x Tlen tlen exe C Program Files TortoiseSVN bin TSVNCache exe C Windows system svchost exe -k imgsvc C Program Files x TeamViewer Version TeamViewer Service exe C Windows System svchost exe -k secsvcs C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Spybot - Search amp Destroy SDUpdSvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Spybot - Search amp Destroy SDWSCSvc exe C Program Files x Brother Brmfcmon BrMfcWnd exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Brother ControlCenter brccMCtl exe C Program Files x Brother Brmfcmon BrMfcmon exe C Program Files x Spybot - Search amp Destroy SDTray exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Opera opera exe C Windows system DllHost exe C Program Files x Firefox firefox exe C Program Files x Firefox plugin-container exe C Program Files x Adobe Reader Reader AcroRd exe C Program Files x Adobe Reader Reader AcroRd exe C Program Files x Firefox plugin-container exe E Gry zainstalowane Steam Steam exe C Windows system wbengine exe C Windows System vds exe C Windows system taskeng exe C Windows system sppsvc exe C Windows SysWOW cmd exe C Windows system conhost exe C Windows SysWOW cscript exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google pl BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO ExplorerBHO Class d d e- - e -b f- cb cd e - C Program Files Classic Shell ClassicExplorer dll BHO Spybot-S amp D IE Protection - f - d - - d f - C Program Files x Spybot - Search amp Destroy SDHelper dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - C Program Files x Microsoft Office Office GrooveShellExtensions dll BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - C Program Files x Java jre bin ssv dll BHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - C... Read more

A:Infected with malware - keylogger - need help removing it

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/445144/infected-with-malware-keylogger-need-help-removing-it/
Relevancy 46.44%

Hi, I have been having problems with my computer for a while now. I purchased Kaspersky antivirus 2009 June 14, 2009. First time I ran it it said I had a trojan and deleted it. Since then all the reports say I have a keylogger and when I check my computer in the morning after not using it for at least 6 hours, a lot of the settings on Kaspersky have been changed. I would like to upload a log so that someone could help me to get rid of these problems, please!

Would also like to add that Kaspersky never finds anything in the scan.

A:infected computer, keylogger? rootkit?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/250140/infected-computer-keylogger-rootkit/
Relevancy 46.44%

Hi Thanks for trojan/keylogger with Infected unknown taking the time to look at this in advance Now i had my online gaming account hacked on saturday they made a very bad mess of it Im a high level player in a high level raiding guild It has probably earned a chinese gold seller hundreds of pounds After Infected with unknown trojan/keylogger the account was hacked i ran Infected with unknown trojan/keylogger what i thought was a decent clean up updates virus scans changing of passwords etc The gaming company restored all of my loses last night but this Infected with unknown trojan/keylogger morning i get several notifacations from email game online banking that my passwords have been changed now you can imagine my horror Nobody else has acces to my pc so it is somone remotly accessing it and due to the second hack there are able to see read my activities when i use the computer I normally work on Linux and game on windows So i have used a seperate linux machine to recover my online bank accounts gaming account email etc I am sure these are now secure As i am not logging into any of these from this infected windows machine now So now comes the clean up that is why i am seeking you help the professionals i use windows xp it is upto date with firewall and avg antiviurs running a scan with the anti-virus reveals nothing I have installed and scanned with spy-bot search and destroy again nothing adware remover nothing again So i am unsure how to proceed i am hoping someone will be kind enough to look at these logs and see if something is amiss If it helps allthough the lab that i work at may not be to impressed i use a professional paid proxy service to run the online game as the lab blocks all ports on there firewall except for internet ports I dont know if that will help you i am confident the proxy provider is legit as i have used them for years without any problems But it may give you an indication as to the origin of this threat I am sorry i cannot give you any more detailed info about the infection but as yet i havent actually found anything And ruling out physical acccess to my system it means that someone is somehow remotly accessing it Help Kind regards DDS Ver - - - NTFSx Run by phs dm at on Internet Explorer Microsoft Windows XP Professional GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe c drivers audio r stacsv exe C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostControlService exe C Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostStorageService exe svchost exe C Program Files Dell Dell ControlPoint Connection Manager SMManager exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Intel ASF Agent ASFAgent exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Dell Dell ControlPoint DCPButtonSvc exe C PROGRA AVG AVG avgrsx exe C Program Files Dell Dell ControlPoint System Manager DCPSysMgrSvc exe C PROGRA AVG AVG avgnsx exe C Program Files WIDCOMM Bluetooth Software BtTray exe C Program Files Orange ICON USB Connect GtDetectSc exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Java jre bin jqs exe C Program Files DellTPad Apoint exe C WINDOWS system rundll exe C WINDOWS system RUNDLL EXE C Program Files Kontiki KService exe C Program Files Java jre bin jusched exe C Program Files IDT WDM sttray exe C WINDOWS system AESTFltr exe C Program Files DellTPad ApMsgFwd exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files DellTPad HidFin... Read more

A:Infected with unknown trojan/keylogger

Ok i just finished a scan with mbam, and it gave an interesting result......Malwarebytes' Anti-Malware 1.39Database version: 2426Windows 5.1.2600 Service Pack 314/07/2009 15:58:04mbam-log-2009-07-14 (15-58-00).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 245111Time elapsed: 1 hour(s), 5 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WindowsServer2003-KB889101-SP1-x86-ENU.exe (Trojan.Agent) -> No action taken.When i tried to "fix" selected problem, the scanner quite with a memory error, i assume maybe the trojan was trying to stop itself being deleted. I have now deleted this by hand. So i "think it is gone" could it be this easy? I remember downloading this package when i was trying to make a usb boot disk, could it be someone has modified the windows server cab to include a trojan? But that then means the hack against my warcraft account was not specific, but random, maybe the info was sold onto someone with an interest in hacking these accounts? again your advice would be appreciated!!Many thanks===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/241429/infected-with-unknown-trojankeylogger/
Relevancy 46.44%

Hello My computer seems to have a keylogger spyware I realised this when my account details for a game was changed without me knowing and I know that no one else knows my personal keylogger/malware infected with Machine details I ve ran Malwarebytes Anti-Malware Avast Spybot S amp D Windows Malicious Software Removal Tool scans and also RegistryBooster ATF-Cleaner I got rid of what I could and changed my passwords but my gaming account was compromised again This had lead me to believe that I didn t remove the keylogger I ve ran those scans again and deleted a handful more infections and cookies etc I ve done what I could and I cannot identify where this keylogger is if it s still on my machine I ve ran HijackThis and here s the logLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS Machine infected with keylogger/malware System svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast aswUpdSv exeC Program Files CheckPoint ZAForceField IswSvc exeC Program Files Lavasoft Ad-Aware AAWService exeC Program Files Alwil Software Avast ashServ exeC Program Files CheckPoint ZAForceField ForceField exeC WINDOWS system spoolsv exeC Program Files Common Files EPSON EBAPI eEBSVC exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files IVT Corporation BlueSoleil BTNtService exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files EPSON EBAPI SAgent exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system PnkBstrA exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system svchost exeC WINDOWS system SearchIndexer exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS stsystra exeC WINDOWS System spool DRIVERS W X E S IC EXEC WINDOWS ehome ehtray exeC WINDOWS eHome ehmsas exeC Program Files iTunes iTunesHelper exeC Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exeC Program Files Java jre bin jusched exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Dell Support Center bin sprtcmd exeC Program Files Windows Live Messenger msnmsgr exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Belkin F D Belkinwcui exeC Program Files Logitech SetPoint SetPoint exeC Program Files Windows Desktop Search WindowsSearch exeC Program Files Xfire xfire exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC Program Files iPod bin iPodService exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Leon Man Desktop HijackThis exeC WINDOWS system SearchProtocolHost exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www daemonsearch com intl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelpe... Read more

A:Machine infected with keylogger/malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/292977/machine-infected-with-keyloggermalware/
Relevancy 46.44%

Hello All I think i def have had some sort of infection on my computer Possible With Trojan/worm/keylogger Infected problem is Infected With Possible Trojan/worm/keylogger i really do not know what to do i have been searching the forums and saw alot of the time it was suggested to use Trend Micro HiJackThis via quot DSS quot so i have done this and the results are below Deckard's System Scanner v Run by ItsRic on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed LEGO Indiana Jones Demo - - UTC - RP - Software Distribution Service - - UTC - RP - System Checkpoint - - UTC - RP - Software Distribution Service -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as ItsRic exe ----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC Infected With Possible Trojan/worm/keylogger WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system Infected With Possible Trojan/worm/keylogger lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS Explorer EXEC WINDOWS system ZoneLabs avsys ScanningProcess exeC WINDOWS system spoolsv exeC WINDOWS system ZoneLabs avsys ScanningProcess exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system nvsvc exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC WINDOWS system svchost exeC Program Files Spyware Doctor pctsTray exeC WINDOWS System alg exeC WINDOWS system RUNDLL EXEC WINDOWS RTHDCPL EXEC Program Files iTunes iTunesHelper exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files REALTEK RTL Wireless LAN Driver and Utility RtWLan exeC Program Files iPod bin iPodService exeC Program Files Zone Labs ZoneAlarm MailFrontier mantispm exeC Documents and Settings ItsRic Desktop Zone Alarm spyware thingy dss exeC WINDOWS system wbem wmiprvse exeC PROGRA TRENDM HIJACK ItsRic exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www planet-f com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run ISTray quot C Program Files S... Read more

A:Infected With Possible Trojan/worm/keylogger

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.If you have not resolved these issues, here is some feedback.1) HJT can't show everything, but nothing that looks like malware is showing in this HJT log.2) If you are still having these issues, provide more information, anything you think will help. What security programs is showing you what. Post a new HijackThis log using Add Reply.I would like to help, but I need more information to provide a direction to look in.Thanks

http://www.bleepingcomputer.com/forums/t/152194/infected-with-possible-trojanwormkeylogger/
Relevancy 46.44%

Hello everybody hope you can help me with this problem multiple Infected Trojan-Spy.win32.keylogger.aa with pop ups with fake windows Infected with Trojan-Spy.win32.keylogger.aa alert telling me I have a Infected with Trojan-Spy.win32.keylogger.aa security problem here is my logLogfile of Trend Infected with Trojan-Spy.win32.keylogger.aa Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Java jre bin jusched exeC PROGRA Grisoft AVG avgcc exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC Program Files Hewlett-Packard hp deskjet series Toolbox HPWITBX exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC DOCUME PC LOCALS Temp video cfgC DOCUME PC LOCALS Temp c exeC WINDOWS system zmlenkji exeC Documents and Settings All Users Application Data irqhinqb mxavsfqn exeC Program Files SpyNoMore SNM exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www drudgereport com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO XML module - BCA - A - eaf- - C B D - C WINDOWS system msxml dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run HPWITOOLBOX C Program Files Hewlett-Packard hp deskjet series Toolbox HPWITBX exe quot -i quot O - HKLM Run SNM C Program Files SpyNoMore SNM exe startupO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run NVIDIA nTune quot C Program Files... Read more

A:Infected with Trojan-Spy.win32.keylogger.aa

Hello w66 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Do not change any settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Close Notepad (saving the change if necessry).Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt. I will review it when it comes in. Cheers.OT

http://www.bleepingcomputer.com/forums/t/174194/infected-with-trojan-spywin32keyloggeraa/
Relevancy 46.44%

I was on my computer and the message appeared that I was infect with Trojan-BNK.Win32.Keylogger.gen, this program has been redirecting me to different web pages and not allowing me to utilize my computer. I had to go into safe mode to be able to get into certain sites, please help me remove.

A:Infected with Trojan-BNK.Win32.Keylogger.gen PLEASE HELP

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf you still can't run it, try in the Safe ModePlease include the following in your next post:DDS.txt and Attach.txt logsGMER log

http://www.bleepingcomputer.com/forums/t/438327/infected-with-trojan-bnkwin32keyloggergen-please-help/
Relevancy 46.44%

My wife's computer is infected with - Adware purityscan and the AVG anti-spyware can't get Keylogger Infected And Maybe Handy Purityscan With rid of it AVG pops up asking what to do about - times I have searched for ClickSpring Cowabanga by OIN ipwindows Infected With Purityscan And Maybe Handy Keylogger ipwins MediaTickets MediaTickets by OIN OIN Etc Found nothing I have tried to download OiUninstaller exe but can't connect to the link I was given Please Help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC Infected With Purityscan And Maybe Handy Keylogger WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system CTHELPER EXEC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files QuickTime QTTask exeD itunes iTunesHelper exeC WINDOWS system RUNDLL EXEC WINDOWS system JVAW EXEC WINDOWS system SSEMBL dexplore exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system devldr exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Bonjour mDNSResponder exeC WINDOWS System nvsvc exeC WINDOWS System svchost exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WUSB Gv exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http securityresponse symantec com avcenter fix homepageR - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file N - Netscape user pref quot browser startup homepage quot quot http home netscape com bookmark home html quot C Documents and Settings CAROL Application Data Mozilla Profiles default n m wx slt prefs js N - Netscape user pref quot browser search defaultengine quot quot quot C Documents and Settings CAROL Application Data Mozilla Profiles default n m wx slt prefs js O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - DC B-ABB - -F F- E F F - no file O - BHO no name - EC - -AC -D C-DC F BD B - no file O - HKLM Run WINDVDPatch CTHELPER EXEO - HKLM Run UpdReg C WINDOWS UpdReg EXEO - HKLM Run Jet Detection C Creative SBLive PROGRAM ADGJDet exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot D itunes iTunesHelper exe quot O - HKCU Run NvMediaCenter RUNDLL EXE C WINDOWS System NVMCTRAY DLL NvTaskbarInitO - HKCU Run Hlb C WINDOWS system JVAW EXEO - HKCU Run Hscr quot C WINDOWS system SSEMBL dexplore... Read more

A:Infected With Purityscan And Maybe Handy Keylogger

mattiedawg,Welcome to the Bleeping Computer Forum. If you have not resolved your issue and still need assistance then do this please.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

http://www.bleepingcomputer.com/forums/t/127866/infected-with-purityscan-and-maybe-handy-keylogger/
Relevancy 46.44%

Tech Keylogger? infected. computer Worried is Support Guy System Info Utility version OS Version Microsoft Windows Professional Service Pack bit Processor Intel R Core TM i CPU GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card ATI Radeon Worried computer is infected. Keylogger? HD Series Mb Hard Drives C Total - MB Free - MB Motherboard ASUSTeK Computer INC P P LX Antivirus Kaspersky Internet Security Updated and Enabled Hello My computer was working fine this afternoon Returning hours later I found that my firefox igoogle home Worried computer is infected. Keylogger? page has lost all the styling Some sites I visit have no styling others look fine Kaspersky did flag a warning earlier today about a pdm keylogger but according to Kaspersky it is inactive Worried computer is infected. Keylogger? I see at the end of the hijackthis log a lot of missing files and also an odd looking one HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local lt local gt that I haven t never seen before Have run Malwarebytes and Kaspersky but everything was clean Any help much appreciated Thank you nbsp

https://forums.techguy.org/threads/worried-computer-is-infected-keylogger.1053158/
Relevancy 46.44%

I am infected with Trojan-BNK.Win32.Keylogger.gen

Win 7 Antivirus 2012 has blocked a program from accessing the Internet.

Yes, activate Win 7 Antivirus 2012

No, continue unprotected (dangerous)

I also get a popup on the lower right: "Threat: Devices.2000" Do you want to block this attack (Yes / No)"

Please advise on how to continue.

A:I am infected with Trojan-BNK.Win32.Keylogger.gen

Have a look at here

http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012

http://www.bleepingcomputer.com/forums/t/432299/i-am-infected-with-trojan-bnkwin32keyloggergen/
Relevancy 46.01%

DDS Ver - - - NTFSx Run by Chris at on Internet Explorer Microsoft Windows XP keylogger/trojan wow account infected? hacked-pc Professional GMT AV AVG Internet Security On-access scanning enabled Updated DDD - wow account hacked-pc infected? keylogger/trojan FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system wow account hacked-pc infected? keylogger/trojan svchost exe -k WudfServiceGroupC WINDOWS system Ati evxx exesvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files AVG AVG IdentityProtection agent Bin AVGIDSAgent exeC WINDOWS Explorer EXEsvchost exeC Program Files NVIDIA Corporation NvMixer NVMixerTray exeC Program Files DAEMON Tools daemon exeC Program Files Lexmark Series lxcjmon exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Lexmark Series ezprint exeC Program Files ATI Technologies ATI ACE CLI EXEC PROGRA AVG AVG avgtray exeC Program Files AVG AVG IdentityProtection agent bin AVGIDSUI exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgwdsvc exeC Program Files Curse CurseClient exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files AVG AVG IdentityProtection agent Bin AVGIDSWatcher exeC Program Files Java jre bin jqs exeC WINDOWS System svchost exe -k imgsvcC Program Files TomTom HOME TomTomHOMEService exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC PROGRA AVG AVG avgemc exeC Program Files AVG AVG IdentityProtection agent bin AVGIDSMonitor exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system lxcjcoms exeC WINDOWS System svchost exe -k HTTPFilterC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings Chris Desktop dds scr Pseudo HJT Report uStart Page hxxp www aol co uk mURLSearchHooks H - No FileBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB CCC A -B CA- -B A - F DD - No FileTB A A -BACC- D - - A E E - No FileEB - a - b-a - c a a - No FileuRun ctfmon exe c windows system ctfmon exeuRun CurseClient c program files curse CurseClient exe -silentuRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exemRun NVMixerTray quot c program files nvidia corporation nvmixer NVMixerTray exe quot mRun DAEMON Tools quot c program files daemon tools daemon exe quot -lang mRun ATICCC quot c program files ati technologies ati ace CLIStart exe quot mRun lxcjmon exe quot c program files lexmark series lxcjmon exe quot mRun EzPrint quot c program files lexmark series ezprint exe quot mRun AVG TRAY c progra avg avg avgtray exemRun Synchronization Manager SystemRoot system mobsync exe logonmRun UserFaultCheck systemroot system dumprep -umRun LXCJCATS rundll c windows system spool drivers w x LXCJtime dll RunDLLEntry mRun AVGIDS quot c program files avg avg identityprotection agent bin AVGIDSUI exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRunOnce Uninstall Adobe Download Manager quot c windows system rundll exe quot quot c program files nos bin getPlus Helper dll quot Uninstall Get noarpdRun CTFMON EXE c windows system CTFMON ... Read more

A:wow account hacked-pc infected? keylogger/trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/253339/wow-account-hacked-pc-infected-keyloggertrojan/
Relevancy 46.01%

I think I have a key logger on my computer that I cannot remove The symptoms are input lag from the keyboard when ever typing and also installation of new programs is blocked Usually the installation will just before it is complete If I boot into safe mode I have none of these problems I have run scans with Norton Malwarebytes spybot and super antispyware none of them detected anything Finally I am new to this forum so keylogger programs with installation Infected blocks of that please forgive any Infected with keylogger that blocks installation of programs breach in etiquette Anything you can do to help would be much appreciated Thank you DDS Ver - - - NTFS AMD NETWORKInternet Explorer BrowserJavaVersion Run by Chris at on - - Microsoft Windows Home Premium GMT - Running Processes C Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows Infected with keylogger that blocks installation of programs System svchost exe -k LocalServiceNetworkRestrictedC Infected with keylogger that blocks installation of programs Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system svchost exe -k LocalServiceNoNetworkC Program Files SUPERAntiSpyware SASCORE EXEC Windows System svchost exe -k LocalSystemNetworkRestrictedF Hamachi hamachi- exeF Hamachi LMIGuardianSvc exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows Explorer EXEC Windows system ctfmon exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Users Public Downloads Norton N P -SHPD-FSD NortonN Downloader exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Users Public Downloads Norton N P -SHPD-FSD N -PremierUpgradeESDND- -EN exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Windows system wbem wmiprvse exeC Windows System cscript exe Pseudo HJT Report uStart Page hxxp www default-search net sid amp aid amp itype n amp ver amp tm amp src hmpuProxyServer localhost BHO Ant com browser helper video detector FDE -DFF - A- C -BA DC FF EF - C Program Files x Ant com IE add-on Download dllBHO Norton Identity Protection ADB E- AFF- - AA - DAC DFA - C Program Files x Norton Engine CoIEPlg dllBHO Norton Vulnerability Protection D EC - AAE- -AEEE-F F C - C Program Files x Norton Engine IPS IPSBHO dllBHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dllBHO Windows Live ID Sign-in Helper D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllBHO Java Plug-In SSV Helper DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dllTB Ant com Video Downloader toolbar E F F- F - BD - - F E D - C Program Files x Ant com IE add-on AntToolbar dllTB Ant com Video Downloader toolbar E F F- F - BD - - F E D - C Program Files x Ant com IE add-on AntToolbar dllTB Norton Toolbar FEBEFE - B - - D -FFB D B CA - C Program Files x Norton Engine CoIEPlg dlluRun Steam C Program Files x Steam Steam exe -silentuRun Logitech Vid C Program Files x Logitech Vid HD Vid exe -bootmodeuRun Sidebar C Program Files Windows Sidebar sidebar exe autoRunuRun OpenHardwareMonitor F OpenHardwareMonitor OpenHardwareMonitor exeuRun Norton Download Manager N P -SHPD-FSD C Users Public Downloads Norton N P -SHPD-FSD NortonN Downloader exe mmRun XFastUSB C Program Files x XFastUSB XFastUsb exe mRun THX TruStudio NB Settings C Program Files x Creative THX TruStudio THXNBSet THXAudNB... Read more

A:Infected with keylogger that blocks installation of programs

Greetings dahue and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.Now let's get started ===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far. While I review our situation please run the below for me.===================================================Farbar Recovery Scan Tool (FRST)--------------------Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktopIf you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one shouldDouble click the iconClick Yes to the disclaimerMake sure the Addition.txt box is checkedClick Scan and allow the program to runClick OK on the Scan complete screen, then OK on the Addition.txt pop up screen2 Notepad documents should now be open on your desktop.Please copy and paste the contents of both in your reply===================================================System Summary Information--------------------Press the windows key + r on your keyboard at the same timeType msinfo32 and press EnterLeft click on System SummaryClick File, Save, and name the file SummaryZip and attach the file to your reply===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. FRST resultsAddition logAttached System Summary Informa... Read more

http://www.bleepingcomputer.com/forums/t/537836/infected-with-keylogger-that-blocks-installation-of-programs/
Relevancy 46.01%

Hello and Chrome keylogger M1N3R with am I of think infected somesort I a thanks for anyone who would help me Booting up my windows machine suddenly alerted me of a file name quot bleepakes exe quot and wishing to send them to microsoft alt-tabbing between application I noticed I had several invisible applications running they had invisible displays but they had small icons with what looks like the default one if you build a GUI from visual studio Running task manager I spotted applications that are suspicious One is called Chrome-M N R I tried to kill it but it was constantly being rerun I tried shutting I think I am infected with Chrome M1N3R a keylogger of somesort down I think I am infected with Chrome M1N3R a keylogger of somesort the other applications and killing M N R and seems to have killed it The other applications look to be disguised as adobe bridge files also I have found the file quot net I think I am infected with Chrome M1N3R a keylogger of somesort exe quot in my AppData Roaming Folder I am trying to delete it but it constantly gets rewritten to the folder This folder also contains textfiles with my keylogged keyboard inputs in it Along with a suspicious file named FacBook update yes its spelled FacBook As I am typing right now looks like the keylogger is still working The paragraph I have typed above is saved in a newly created file name quot Rs quot in the same AppData Roaming folder Scanning the files above passes through MSE Right now I am running Malwarebytes with objects detected EDIT NOTE- looks like the forum has a auto censoring function the bleepsakes exe above should be fu--sakes exe also M N R is running again Again thanks for any kindly soul who would lend a hand

A:I think I am infected with Chrome M1N3R a keylogger of somesort

Hello, these do appear to be malware files. Post theMBAM log when complete..Also run these,TDSS AltPlease Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE:Sometimes if ESET finds no infections it will not create a log.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

http://www.bleepingcomputer.com/forums/t/480545/i-think-i-am-infected-with-chrome-m1n3r-a-keylogger-of-somesort/
Relevancy 46.01%

Just as I've stated my Warcraft password was stolen and changed as well as a one of my emails I need stealing my Keylogger passwords. with Malware, Infected to get rid of it ASAP because my credit card is attached to one I fear a Trojan Keylogger and am doing my best not to log into any Infected with Malware, Keylogger stealing my passwords. of my accounts I've already gone and deleted cookies and the like DDS Ver - - - NTFSx Run by Anna at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- Infected with Malware, Keylogger stealing my passwords. E B- D D BF SP AVG Anti-Virus Free enabled Updated DDD - FF- F- E B- D D BF SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe Infected with Malware, Keylogger stealing my passwords. C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files LightScribe LSSrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files HP QuickPlay Kernel TV QPCapSvc exe C PROGRA AVG AVG avgrsx exe C Program Files CyberLink Shared Files RichVideo exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C PROGRA AVG AVG avgemc exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HP QuickPlay Kernel TV QPSched exe C Program Files AVG AVG avgcsrvx exe C Windows system taskeng exe C Windows system nvvsvc exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C WINDOWS RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files HP Digital Imaging bin HpqSRmon exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files AVG AVG avgtray exe C Windows system wbem wmiprvse exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system wbem unsecapp exe C Program Files iPod bin iPodService exe c Program Files Hewlett-Packard HP Health Check hphc service exe C Program Files Common Files Microsoft Shared Ink InputPersonalization exe C PROGRA AVG AVG avgnsx exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Windows NT Accessories wordpad exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users Anna Downloads dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop mStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion a... Read more

A:Infected with Malware, Keylogger stealing my passwords.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/232540/infected-with-malware-keylogger-stealing-my-passwords/
Relevancy 46.01%

Hi Like the post suggested I am having problems with key loggers which in turn is causing my world of warcraft account to be hacked Apparently they can access the email that I use frequently use as well I have run Spybot S amp D and cleared a vundone or whatever trojan but I am still not sure whether my system is clean Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Java jre bin jqs exeC WINDOWS system nvsvc exeC PROGRA AVG AVG avgrsx exeC WINDOWS system svchost exeC PROGRA AVG AVG avgnsx exeC PROGRA AVG AVG avgemc exeC Program Files AVG AVG avgcsrvx exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Documents and Settings Desktop Windows Live Messenger msnmsgr exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Flock flock exeC Documents and Settings Infected warcraft hacked.. having keylogger of world and with a My Documents Spyware HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX Infected with a keylogger and having world of warcraft hacked.. AcroIEHelper dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B Infected with a keylogger and having world of warcraft hacked.. -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Java Plug-In Infected with a keylogger and having world of warcraft hacked.. SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B E dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dllO - Toolbar amp Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dllO - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKCU Software Policies Microsoft Internet Explorer Restrictions presentO - HKCU Software Policies Microsoft Internet Explorer Control Panel presentO - Extra button Blog This - C - CB - a-A C -D FCDDC D - C Program Files Windows Live Writer WriterBrowserExtension dllO - Extra 'Tools' menuitem a... Read more

Relevancy 46.01%

List My computer has been infected by a Key Logger Virus I am running Windows Ultimate and I am no longer able to log on because the virus has infected my password Each time I attempt to log on I get a message stating that I have an invalid userid password I am confident that I have entered my password correctly I have Keylogger Password - Infected Invalid by Virus my Windows Ultimate update disk and I have tried to restore to an earlier quot working quot environment but the problem persists I stupidly Invalid Password - Infected by Keylogger Virus did not do a full backup of my machine have data only so I do not have a backup image to revert to Using my upgrade disk I am able to get to the command prompt I have used Malwarebytes in the past but do not have it installed on the infected machine but I do have it on a USB drive Invalid Password - Infected by Keylogger Virus My question is is it possible to run Malwarebytes or another anti-virus tool to remove the virus I am hoping not to have to clean the disk and start all over Thanks in advance for any information you can provide Jim Mucka

http://www.bleepingcomputer.com/forums/t/404793/invalid-password-infected-by-keylogger-virus/
Relevancy 46.01%

Hi I have been attempting to resolve all threats on my parents machine and have removed using S amp d and Avira the basics the majority of the threats brought up by s amp D i ahve also succesfully removed Pc, As Wel Infected As Slow Keylogger With Performing Others Perfect other threats using avira the remaining threats that S amp D keeps flaggin up and is unable to resolve are My War My barnews updateperfect keylogger andwild tangent any help would be greatfully appreciated Logfile of Trend Slow Performing Pc, Infected With Perfect Keylogger As Wel As Others Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC WINDOWS system drivers CDAC BA EXEC WINDOWS System CTsvcCDA EXEC WINDOWS system dolserve exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system pctspk exeC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS System MsPMSPSv exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS Explorer EXEC WINDOWS Mixer exeC Program Files Adaptec Easy CD Creator DirectCD DirectCD exeC WINDOWS system RUNDLL EXEC Program Files Canon MyPrinter BJMyPrt exeC WINDOWS System svchost exeC Program Files Creative SBAudigy Taskbar CTLTray exeC Program Files Creative SBAudigy Taskbar CTLTask exeC Program Files Microsoft AntiSpyware gcasDtServ exeC WINDOWS system ctfmon exeC Program Files QuickTime qttask exeC Program Files Adobe Acrobat Reader AcroRd exeC Program Files Avira AntiVir PersonalEdition Classic sched exeC Program Files Avira AntiVir PersonalEdition Classic avguard exeC Program Files Avira AntiVir PersonalEdition Classic avgnt exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system sessmgr exeC WINDOWS system RDSHOST exeC WINDOWS system winlogon exeC WINDOWS PCHealth HelpCtr Binaries HelpCtr exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC PROGRA MOZILL FIREFOX EXER - HKCU Software Microsoft Internet Explorer Main Start Page http www bbc co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http uk red clientapps yahoo com customi fo bt side htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink linkid O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C PROGRA YAHOO COMMON yiesrvc dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO SidebarAutoLaunch Class - F AA - - -B C -A CCDF CBF D - C Program Files Yahoo b... Read more

A:Slow Performing Pc, Infected With Perfect Keylogger As Wel As Others

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

http://www.bleepingcomputer.com/forums/t/170633/slow-performing-pc-infected-with-perfect-keylogger-as-wel-as-others/
Relevancy 45.58%

  I seem to have a keylogger on my system.
 
  While playing the Battlefield 4 beta, Origin has been telling me that somebody else is logging onto my account from another computer.
 
 
  So I changed my Password and a couple hours later the hacker was trying to use my account again.   I changed the pass again and scanned my PC with scanners like malware bytes and AVG   It was ok for half a day or so.
 
 
  But just now the hacker tried to get into my Origin Account again.   So I went and changed the pass again as soon as possible and this time I pasted in a word.   Instead of typing it in.
 
 
 That should stop him from being able to change any of my account info.
 
 
 But I need help to remove this Trojan / Keylogger because the stuff I have scanned didnt find it.
 
 
 Ive attached the info from the DDS program.

A:Infected with Keylogger - Hacker is trying to compromise Origin Account

When I woke up this morning I saw that the Hacker had logged into my Origin Account again.
 
 Iam starting to think its not a keylogger, or maybe it is and he also has some way to take my Origin Password from my PC because i was clicking Remember Me on the loggin screens.
 
 
 So this time I changed my password again but this time I unchecked remember me from the login options.
 
 
  If he has a keylogger he will be able to take the pass again and just logg into the account again.  But if he had some way to Strip the Origin Account info from the Origin system on my PC I dont think he will be able to gain access because I didnt save the pass.
 
 
 
 *edit*
 
 Just now the Hacker got into the account again, so it must be a keylogger for sure.
 
 
 I went on another PC and changed my information.   The hacker can probably even read this, so you are cut off now pal.

http://www.bleepingcomputer.com/forums/t/510568/infected-with-keylogger-hacker-is-trying-to-compromise-origin-account/
Relevancy 45.58%

So my sister s boyfriend has just had his account in World of Warcraft hacked via her computer His password was changed with his character stripped clean of everything He never gave his account info out to anyone Furthermore I have found a Worm by the name of Win WormAutoRun earlier today which Ad-Aware destroyed Even prior to that I found a Trojan which I took out with Comcast s spyware sweeper Haven t found anything else since but various tracking cookies often identified as spyware like AtlasDMT atdmt com Doubleclick o and others I m not prepared to name off but those are the main threats It s hard to say where this originated from but it spread throughout our home network fast and infected all Desperate has considering help! computer, for Worm / Keylogger infected my reformat? computers my computer sister s Worm / Keylogger has infected my computer, considering reformat? Desperate for help! computer laptop and parents computer Can keyloggers exist through Worm / Keylogger has infected my computer, considering reformat? Desperate for help! spyware tracking cookies alone or is a trojan worm required for that to work I have used the following programs in order to attempt to fully clean out my system AVG Anti-Virus Free Detected around appliances of the atdmt Doubleclick o First scan Comcast Toolbar s Spyware Sweep Temporary Detected several atdmt s as well as a Trojan ATF Cleaner Ad-Aware Found Win WormAutoRun twice in one scan as well as various spyware like atdmt and Doubleclick I constantly have a Ad-Aware scan going on but somehow the Spyware keep coming back I haven t seen the Trojan or Worm since I deleted them but it makes me uneasy knowing that the spyware can just come back so easily without being detected Currently as I make this post Ad-Aware is detecting nothing else Panda ActiveScan Results came back with quot no infections quot SpyBot Search and Destroy By the time I ran this minutes ago none of the scanning programs used above were detecting anything I thought that maybe I was clean until I used SpyBot Scanning came back with several instances of Doubleclick as well as Zedo This has never happened to me or my family before and I m somewhat disturbed that it could happen so easily My surfing habbits don t usually change but my sister did mention she was browsing a lot of World of Warcraft Guild-related websites some which she hadn t heard of before Her computer is now reformated When she first tried to reformat Ad-Aware still found traces of Spyware even JUST AFTER a fresh install of Vista After reformatting again I notice that her computer was automatically turning on file sharing when connecting to the network so I had unplugged the Ethernet cable I m hoping to God her computer is fine for I may have to reformat all these computers I realize that several cases like mine have happened but I turn to you to try and figure out if reformat is not my only option I ve always been very safe in my surfing habbits and it shocks me that it could happen like this so easily Spyware I could possibly tolerate but a KEYLOGGER I can t have that running around I currently have all other computers disconnected from the internet and network to prevent spreading but I just don t know what else to do I m dumbfounded and paranoid that something else may be around that these programs are not picking up I guess I should mention here that if I open up Internet Explorer despite not being connected to the internet it will still create tracking cookies like atdmt I heard that some Worms may leave a quot backdoor quot Trojan on your PC What does this mean exactly Did it create an additional vulnerability so that Spyware and other malicious programs can find their way on my hard drive easier Is there any way for me to be ABSOLUTELY CERTAIN that everything malicious stays off my computer Furthermore how can I protect myself against these spyware attacks that just seem to come back again and again so easily Is reformat my only option here Eve... Read more

https://forums.techguy.org/threads/worm-keylogger-has-infected-my-computer-considering-reformat-desperate-for-help.837628/
Relevancy 43.43%

On separate occasions I got viruses from video viewing sites On all occasions I did everything you re supposed to - virus scan and removal in safe mode checking processes to see if there were - viruses Antivirus keylogger Contracted Infected possibly twice with software fake & multiple removed and any I did not recognize monitoring the percentage of the cpu being used After removing the first virus everything seemed to work normally but apparently I missed something because my Infected possibly with multiple viruses and keylogger - Contracted & removed fake Antivirus software twice internet service was out for about weeks and when the company finally repaired it I discovered that my email address had unauthorized use nobody in my house but me so it had to come from outside source So I proceeded to do another safe mode scan didn t find anything did OneCare Live scanner online didn t find anything So I changed my email password and went on about my business Then about weeks ago I was on a different video site and got the virus that acts like virus removal software It disabled my security software wouldn t allow me on the websites all that nonsense Now that exact thing has happened to me twice in the last weeks with different video hosting sites So both times I managed to remove the virus in safe mode or so I thought but I have again discovered unauthorized access to my email account and my computer just does random strange things out of nowhere so I think maybe there may be other viruses spyware malware still on my computer So I followed the preparation guide in this forum My results are pasted and attached as instructed DDS Ver - - - NTFSx Run by Jamie at on Sun Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k hpdevmgmtC Program Files Common Files LightScribe LSSrvc exeC Program Files Norton Engine ccSvcHst exeC Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files HP QuickPlay Kernel TV QPCapSvc exeC Program Files CyberLink Shared Files RichVideo exeC Program Files Comcast Desktop Doctor bin sprtsvc exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files HP QuickPlay Kernel TV QPSched exeC Windows system taskeng exeC Windows system rundll exeC Windows system svchost exe -k HPServiceC Windows system DllHost exec Program Files Hewlett-Packard HP Health Check hphc service exeC Program Files Windows Media Player wmpnetwk exeC Windows system wbem wmiprvse exeC Program Files Norton Engine ccSvcHst exeC Windows system Dwm exeC Windows system taskeng exeC WINDOWS System wpcumi exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exeC Program Files Netgear Update Assistant LANUpdate exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files HP HP Software Update hpwuSchd exeC Program Files DivX DivX Update DivXUpdate exeC WINDOWS System rundll exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Sidebar sidebar exeC WINDOWS ehome ehtray e... Read more

A:Infected possibly with multiple viruses and keylogger - Contracted & removed fake Antivirus software twice

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/318801/infected-possibly-with-multiple-viruses-and-keylogger-contracted-removed-fake-antivirus-software-twice/
Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 39.56%

When I start up my laptop I get these messages Internet Sharing Configuration C WINDOWS Explorer EXE is attempting to chnage or view this computer s Internet Connection Protection settings To give C WINDOWS Explorer EXE permission to edit these settings for as long as the program and with Infected Download.Trojan Trojan.Keylogger is open click YES I can click Yes No and More info The latter does not work I just click no because I think it s the right thing to do svchost exe - Unable To Locate Component This application has failed to start because dltime dll was not Infected with Download.Trojan and Trojan.Keylogger found Re-installing the application may fix this problem OK Norton Antivirus Where C WINDOWS dltime dll Name Keylogger Trojan Action Removed Norton Antivirus Where C Documents and Settin d exe Name Download Trojan Action Cannot be fixed Norton Antivirus Where C Documents and Settin d exe Name Download Trojan Action Acces to file denied So after a bit of research I found out the meanings of these Infected with Download.Trojan and Trojan.Keylogger messages exept for the first one What does this mean and by what is it caused Is it possibly caused by the Download Trojan I think it has to be -------------------------------------------------------------------------- Here is the Hijackthis log Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe D Norton AntiVirus navapsvc exe D Norton AntiVirus SAVScan exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS SOUNDMAN EXE C WINDOWS AGRSMMSG exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Messenger Plus MsgPlus exe D Java JRE bin jusched exe C Program Files QuickTime qttask exe C WINDOWS System wuauclt exe D iTunes amp Quicktime iTunesHelper exe C Program Files Pinnacle Shared Files InstantCDDVD PCLETray exe C Program Files iPod bin iPodService exe D Pinnacle InstantCDDVD InstantWrite iwctrl exe C Program Files MSN Messenger msnmsgr exe D Utopia Angel Angel exe C Documents and Settings HIVE Start Menu Programs Startup winupdate exe C WINDOWS system NOTEPAD EXE C Program Files Internet Explorer IEXPLORE EXE D Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http best-search cc index php v amp aff R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com O - BHO DAPHelper Class - CC -ACF - cac-A A -DD E - D DAP DAPBHO dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - D Adobe Acrobat Reader Reader ActiveX AcroIEHelper dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - D Norton AntiVirus NavShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - D Norton AntiVirus NavShExt dll O - Toolbar DAP Bar - - FC- baf- C C-BCE BD F - D DAP DAPIEBar dll file missing O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS System IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS System IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run NAV CfgWiz C Program Files Common Files Symantec Shared CfgWiz exe GUID NAV CMDLINE quot REBOOT quot O - HKLM Run ATIModeChange Ati mdxx exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM R... Read more

A:Infected with Download.Trojan and Trojan.Keylogger

Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.intermute.com/spysubtract/cwshredder_download.html

Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=6569574

O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe

O4 - Startup: winupdate53065978[1].exe

^^ you will need to manually delete this from the All Programs > Startup folder


3 >> Go to Start > Run and enter cmd and a command shell will open. At the prompt carefully type and enter each line:

del C:\WINDOWS\svchost.exe

Warning: do not confuse this with the svchost.exe which is in c:\windows\system32. Do not try to delete that.

Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them

>> Reboot and post a new Scanlog. Let us know of any continuing problems

You may need to remove MesserngerPlus3 from Add/remove programs -- some versions install and maintain a "lop.com" hijack.
 

https://forums.techguy.org/threads/infected-with-download-trojan-and-trojan-keylogger.319543/
Relevancy 29.67%

Hi I recently got infected by a kelogger at least and that pretty much stole a lot of my accounts I got various anti viruses recommended and used them all and removed some malware spyware adware etc but I guess it's better to be safe than sorry so my friend suggested I post a hijackthis log here Hope I didn't do anything wrong and thanks in advance Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows System mobsync exe C Program Files Windows Defender MSASCui exe keylogger Possible C Windows RtHDVCpl exe C hp support hpsysdrv exe C Program Files Possible keylogger Hewlett-Packard On-Screen OSD Indicator OSD exe C Program Files Windows Media Player wmpnscfg exe C Program Files Java jre bin jusched exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Common Files Symantec Shared ccSvcHst exe C Windows System rundll exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files PowerISO PWRISOVM EXE C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Windows Live Messenger msnmsgr exe C Program Files DAEMON Tools Lite daemon exe C Program Files MagicDisc MagicDisc exe C Windows ehome ehmsas exe C Program Files Windows Sidebar sidebar exe C Program Files Lavasoft Ad-Aware AAWTray exe E World of Warcraft BackgroundDownloader exe C hp kbd kbd exe C Windows System NOTEPAD EXE C Program Files Mozilla Firefox firefox exe C Windows system wuauclt exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Windows System NOTEPAD EXE C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY vilion amp pf cndt R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Common Files Symantec Shared coShared Browser CoIEPlg dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run h... Read more

A:Possible keylogger

Hello and welcome to TSF.

HijackThis is no longer used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-438747.html