Windows Support Forum

A safe keylogger?

Q: A safe keylogger?

Hi guys

Is there such a thing as a safe keylogger? I've been asked to do so PI work and stupidly I said yes without really knowing *****.

Help!

Relevancy 100%
Preferred Solution: A safe keylogger?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: A safe keylogger?

http://www.techsupportforum.com/rules.php
5th paragraph @general
and for fun read INTENTIONALLY HARMFUL ADVICE

http://www.techsupportforum.com/forums/f10/a-safe-keylogger-179983.html
Relevancy 51.6%

i'm not stingy, i'm just a bit worried whenever i lend my laptop to my sister for her projects. is there a program out there that is safe and won't get deleted by norton?
 

A:A safe Keylogger for my laptop

thank you very much!
 

http://www.techspot.com/community/topics/a-safe-keylogger-for-my-laptop.125291/
Relevancy 51.17%

Hey all, I'm new here.

I was trying to find an affordable key logger so I know what my kids are doing with the computer when I'm away. I tried IamBigBrother, but my Avast antivirus says its a virus. I was using PayPal to buy it, but it sent me to this thing called Clickbank.net. Can someone please help me? Thanks!

http://www.bleepingcomputer.com/forums/t/265775/i-want-a-safe-keylogger-but-my-avast-says-its-a-virus/
Relevancy 49.88%

I followed the steps in the quot Preparation Guide for use before posting about your potential Malware problem quot I was unable to use RootRepeal as it says it is not compatible with bit OS I also do not see anywhere to attach a file to my post perhaps because I am new to the forum I can post the Attach txt if needed Logs are at the bottom of post after my long-winded explanation Recently Saturday my World of Warcraft account was accessed by someone else and my characters devasted Since I absolutely without exception do not share my account information with anyone else I am left with the conclusion that this was most likely accomplished by a keylogger on my system However I am pretty zealous about computer security within the account system WoW hacked; is trying keylogger; safe. to probably ensure bounds of my knowledge and I am not sure how my system was compromised I run Avast AV in full active mode update and run Malwarebytes WoW account hacked; probably keylogger; trying to ensure system is safe. regularly browse Internet using Firefox w NoScript WoW account hacked; probably keylogger; trying to ensure system is safe. and Adblock Matters are further complicated by the fact that I have been unable to detect any malicious programs etc on my system since the hack The only evidence I have is that my WoW account is in shambles I was able to recover access to my account by using my laptop but the damage is already done However I would very much like to ensure that my system is truly clean and would very much appreciate any advice suggestions as to what steps to take and or tools to use in the future to protect myself Steps I have followed so far upon discovering my account had been compromised Immediately checked Task Manager for unfamiliar processes I have been in the habit of checking my running processes for years so that when something new appears it usually jumps out at me I noticed a process called wow exe running and immediately killed it the game was not running at the time Deleted the last two things I downloaded for WoW an addon called Jamba and a program called Octopus similar to Synergy Even though I had scanned these after downloading and found them both free of anything I deleted them out of precaution read panic Opened Malwarebytes and ran Full Scan infections Ran Avast full scan of all HDD s in thorough mode with scan archives ticked results Following a friend s suggestion I downloaded AVG disabled Avast then ran a full scan with AVG results Uninstalled AVG and ran a scan using ESET Online Scanner results Rebooted in Safe Mode and repeated steps and Also installed Spybot S amp D and ran full scan All three programs returned results At this point I was completely frazzled Finding nothing was times worse than if I had seen a bunch of trojans popping up I didn t know if there was something especially clever still hiding on my system or if it stole my information and self-deleted or what In desperation I resorted to old reliable re-install Windows fresh I booted from the CD Windows RC btw and deleted the partition on my C drive then proceeded through the process of installing Windows After reading through this site in hindsight I suppose it would have been better to submit my logs to this forum before wiping and reloading Windows but I was at a loss Since re-installing Windows I have done the following Installed ESET NOD Antivirus updated Installed Comodo Firewall This was suggested to me by a friend and seems like a great tool for security However I am finding the learning curve rather steep and hope that I am using it properly Installed Malwarebytes updated Quick and Full scans with Malwarebytes Result was found Registry Data Items Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoActiveDesktopChanges Hijack DisplayProperties - gt Bad Good - gt No action taken I Googled this and found a post on the Malwarebytes forum saying this was a false positive so I clicked Ignore Full ... Read more

A:WoW account hacked; probably keylogger; trying to ensure system is safe.

Update:

I ran HJT a few minutes ago and noticed something strange. At the top of the log (under "Running Processes") it shows the line "C:\Program Files (x86)\Mozilla Firefox\firefox.exe". The odd thing is Firefox was definitely NOT running at the time. I exited HJT and checked by Task Manager and Process Explorer to verify, then reran HJT just to double check. The entry is still there. Is this a bad indication?

PS) I didn't post the HJT log as I didn't want to break forum etiquette. Can do so if requested.

Thanks.

http://www.bleepingcomputer.com/forums/t/269093/wow-account-hacked;-probably-keylogger;-trying-to-ensure-system-is-safe/
Relevancy 49.88%

MOVING THIS POST OVER FROM INCORRECT FORUM apologies I followed the steps in the quot Preparation Guide for use before posting about your potential Malware problem quot I was unable to use 'RootRepeal' as it says it is not compatible with bit OS Windows RC I also do not see anywhere to attach a file to my post perhaps because I am new to the forum I can post the 'Attach txt' if needed Logs are at the bottom of post after my long-winded explanation Recently Saturday my World of Warcraft account was accessed by someone else and my characters devasted Since I absolutely without exception do not share my account information with anyone else I am left with the conclusion that this was most likely accomplished by a keylogger on my system However I am pretty zealous about computer security within the bounds of my knowledge and I am not sure how my system was compromised I run ensure trying is safe. probably system to hacked; account WoW keylogger; Avast AV in full active mode update and run Malwarebytes regularly browse Internet using Firefox w NoScript and Adblock Matters are further complicated by the fact that I have been unable to detect any malicious WoW account hacked; probably keylogger; trying to ensure system is safe. programs etc on my system since the hack The only evidence I have is that my WoW account is in shambles I was able to recover access to my account by using my laptop but the damage is already done However I would very much like to ensure that my system is truly clean and would very much appreciate any advice suggestions as to what steps to take and or tools to use in the future to protect myself Steps I have followed so far upon discovering WoW account hacked; probably keylogger; trying to ensure system is safe. my account had been compromised Immediately checked Task Manager for unfamiliar processes I have been in the habit of checking my running processes for years so that when WoW account hacked; probably keylogger; trying to ensure system is safe. something new appears it usually jumps out at me I noticed a process called 'wow exe' running and immediately killed it the game was not running at the time Deleted the last two things I downloaded for WoW an addon called 'Jamba' and a program called 'Octopus' similar to Synergy Even though I had scanned these after downloading and found them both free of anything I deleted them out of precaution read panic Opened Malwarebytes and ran Full Scan infections Ran Avast full scan of all HDD's in 'thorough mode' with 'scan archives' ticked results Following a friend's suggestion I downloaded AVG disabled Avast then ran a full scan with AVG results Uninstalled AVG and ran a scan using ESET Online Scanner results Rebooted in 'Safe Mode' and repeated steps and Also installed Spybot S amp D and ran full scan All three programs returned results At this point I was completely frazzled Finding nothing was times worse than if I had seen a bunch of trojans popping up I didn't know if there was something especially clever still hiding on my system or if it stole my information and self-deleted or what In desperation I resorted to 'old reliable' re-install Windows fresh I booted from the CD Windows RC btw and deleted the partition on my C drive then proceeded through the process of installing Windows After reading through this site in hindsight I suppose it would have been better to submit my logs to this forum before wiping and reloading Windows but I was at a loss Since re-installing Windows I have done the following Installed ESET NOD Antivirus updated Installed Comodo Firewall This was suggested to me by a friend and seems like a great tool for security However I am finding the learning curve rather steep and hope that I am using it properly Installed Malwarebytes updated Quick and Full scans with Malwarebytes Result was found Registry Data Items Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer NoActiveDesktopChanges Hijack DisplayPropert... Read more

A:WoW account hacked; probably keylogger; trying to ensure system is safe.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/269714/wow-account-hacked;-probably-keylogger;-trying-to-ensure-system-is-safe/
Relevancy 42.14%

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms, it is not necessary to run the SSA-KeyLogger Clean software:
Windows 95
Windows 98
Windows 98SE
Windows ME
Windows NT4

The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003.
 

A:Ssa-keylogger On Xp Windows 2000/2003 Only Theft Keylogger

wow, I had that keylogger, I ran the tool and PrevX popped up saying the sunbelt tool was trying to read/delete winldra.exe which is the keylogger and the tool deleted it.

However, it never showed up in a hijack this log and I hardly ever use IE, I am miffed aout how this got on to my machine?

Plus, I have being doing scans at Panda, kaspersky and Trend, and none found it!
 

https://forums.techguy.org/threads/ssa-keylogger-on-xp-windows-2000-2003-only-theft-keylogger.389804/
Relevancy 39.99%

I m unsure if this is the right area to post please forgive a newbie Let me start off by a small introduction before I start asking for help My name is Kyle Okay now that s done and over with For starters this problem started to occur a little while back I assume around - months ago I started to discover whenever I used right clicked on properties on the desktop it would lag Perfect and Keylogger Infected Keylogger Pro with a while and would not open When I opened Control panel add remove programs didn t work and afterward all icons in the control panel didn t work they just had the cursor with the hourglass thing sorry for my lack of appropriate terms and then the Perfect keylogger would show up It was in Infected with Perfect Keylogger and Keylogger Pro the form that it had already been installed I googled my problem many times at first my Rundll exe seemed to have an effect with perfect keylooger and I often just closed it under processes in my task manager but when I realised that I couldn t do many things because of it I decided to remove it stupid me for not removing it earlier Oh and for system restore points all points don t seem to effect so yeah I also have problems with windows installer so I couldn t use some of the solutions I had found online So I tried several things to remove it including Malwarebyte s Anti-Malware and S amp D Spybot which seemed to have the most effect On S amp D spybot the perfect keylogger and keylogger pro are removed everytime I should mention that after the first scan removal using S amp D perfect keylogger whenever it opened it would be in evaluation form telling me to purchase it and everytime i removed it with S amp D it would go back to day evaluation Forgot to mention that I do not know where my windows disk is located so I can t seem to reformat my harddrive either Nothing else is comprised besides the above listed problems or so I think This problem is really irritating me and I would hope for some help to be given as soon as possible Thanks looking for a reply soon -Kyle

A:Infected with Perfect Keylogger and Keylogger Pro

Hi Kyle,Welcome here. 1. Please do a new full scan with MalwareBytes' Anti-Malware, and post that logfile in your next reply.2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.

http://www.bleepingcomputer.com/forums/t/187276/infected-with-perfect-keylogger-and-keylogger-pro/
Relevancy 39.56%

Alright this is a family s laptop that is about or even more years old has windows xp on it w/networking, in safe safe mode or normal not HP Pavilion boot command will in safe, dont know the exact one - - alright My sister has been using it and says she has never done anything to it which i dont believe but anyways this computer will not boot up what so ever everytime you power it on it goes to the screen that says unexpected error software hardware problem yada yada yada and HP Pavilion will not boot in safe, safe w/networking, safe command or in normal mode then it gives you the options of boot in safe mode safe mode networking safe mode command prompt last known good configuration and none of those will work we do have the recovery disks to wipe it but are trying to find a better way if possible and when you try to load into any of the safe mode choices it stops at multi disk rdisk partition WINDOWS System Drivers Mup sys will stay at that for about - mins and then just turn off HP Pavilion will not boot in safe, safe w/networking, safe command or in normal mode if you try to just do normal mode or last known configuration it just acts like it loads with the windows and the little green loading bar then shuts off the more i type the more i think the harddrive is toast but im new and learning so i probably could be wrong Just looking for suggestions Oh and this pc will run very hot so if its a hardware issue i would not be surprised nbsp

A:HP Pavilion will not boot in safe, safe w/networking, safe command or in normal mode

I'm heading to work now ill be back later tonight so just post suggestions and i will try them. =)
 

http://www.techspot.com/community/topics/hp-pavilion-will-not-boot-in-safe-safe-w-networking-safe-command-or-in-normal-mode.157291/
Relevancy 33.54%

I was browsing the internet the other runs mode..no even virus' reboots found redirects in in in normal safe, safe, Only day when I clicked on a link and my computer shut down I immediately knew Only runs in safe, redirects even in safe, reboots in normal mode..no virus' found it Only runs in safe, redirects even in safe, reboots in normal mode..no virus' found was a bad link My computer rebooted and it wouldn't let me on IE after that at all I then did a restore to the previous day I was about to get online so I went and downloaded Kaspersky IS and scanned my computer My laptop messed up and rebooted itself Then got Anti-Malware Bytes in Safe mode and ran a scan still had issues Kaspersky not running right and my computer freezing after just a couple of minutes Went back and did a restore again to the same spot and this time said forget Kaspersky and jsut did AMWB It showed my computer is clean yet about minutes after booting my computer reboots and the safe mode option pops up I can run ok in safe mode but cannot get it to work in normal mode I did trend micros housecall and another online scanner and all say my computer is clean Yet when I start IE I am redirected on every link I click to scour or another site with links on it Any help is greatly appreciated as well as a recommendation for a better Anti-virus I jsut had McAfree that came with this laptop Thanks DDS Ver - - - NTFSx NETWORK Internet Explorer Run by Mom at on - - Microsoft Windows Home Premium GMT - SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C windows system wininit exe C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS C windows System svchost exe -k LocalServiceNetworkRestricted C windows system svchost exe -k netsvcs C windows system svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k LocalService C windows system svchost exe -k NetworkService C windows Explorer EXE C windows system svchost exe -k LocalServiceNoNetwork C windows system ctfmon exe C Program Files Internet Explorer iexplore exe C windows System svchost exe -k secsvcs C Program Files Internet Explorer iexplore exe C windows system ctfmon exe C Program Files Internet Explorer iexplore exe C windows system conhost exe C windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page hxxp www google com uStart Page hxxp www google com uDefault Page URL hxxp www google com ig redirectdomain brand TSNA amp bmod TSNA uSearch Bar hxxp www google com ie uDefault Search URL hxxp www google com ie mDefault Page URL hxxp www google com ig redirectdomain brand TSNA amp bmod TSNA mStart Page hxxp www google com ig redirectdomain brand TSNA amp bmod TSNA uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO C C A-E - b - D - CECB - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll TB D C F- A- -A AD- D - No File mRun lt NO NAME gt mPolicies-system ConsentPromptBehaviorAdmin x mPolicies-system ConsentPromptBehaviorUser x mPolicies-system EnableUIADesktopToggle x IE Add to Google Photos Screensa amp ver - c windows system GPhotos scr IE E amp xport to Microsoft Excel - c progra mif ba office EXCEL EXE IE Google Sidewiki - c program files google google toolbar component GoogleToolbarDynamic mui en D B AC dll cmsidewiki html IE C - CB - a-A C -D FCDDC D - F B - A - F - DB-E F AEC - c program files windows live writer WriterBrowserExtension dll Trusted Zone adobe com www DPF C FEAE- - - C - A A - hxxp www facebook com fbplugin win axfbootloader cab DPF D A- - C-BEE -AFECE D - hxxp upload facebook com controls ... Read more

A:Only runs in safe, redirects even in safe, reboots in normal mode..no virus' found

oh and Malwarebytes did block a 91-207-192-22 port 49179 svchost.exe

http://www.techsupportforum.com/forums/f100/only-runs-in-safe-redirects-even-in-safe-reboots-in-normal-mode-no-virus-found-581990.html
Relevancy 33.54%

Hi laptop , safe Start , safe mode hangs , Older w at networking windows normally Guys n Gals my name is Mark I have an old laptop I am trying to get going it has never been online so its not a virus and the cd rom does not work and no USB sticks have ever been plugged in all it was used for was playing bejewelled the old one and windows games not pad then kind of tasks once shut down moved to new place unpacked it would not start up by this I mean the screen that shows up usually after a improper shut-down Safe mode Safe mode with network Start windows normally that screen no Older laptop hangs at , Start windows normally , safe mode , safe w networking matter what selection I make it freezes there and I can no longer move or alt cntr del nothing works power button also Its so old i cant figure out how to boot from usb as the cd rom does not work I thought I figured it out but it kept bringing me to the start normally safe mode safe mode with networking screen after seconds of black screen witch is the reason I thought it was working because generally when I boot other computers the screen goes black with the small flashing thing in the corner for a few seconds then starts booting windows but this one brought me to that menu then froze here is a pic of the menu i speak of ACER TravelMate Series MODEL ZL Thank you very much for reading my post Mark

http://www.bleepingcomputer.com/forums/t/596306/older-laptop-hangs-at-start-windows-normally-safe-mode-safe-w-networking/
Relevancy 33.11%

Just recently started to get BSOD in normal mode, error was registry error. Systems run fine in safe and safe w/networking. I have run chkdsk, anti-malware, CCleaner to fix registry issues, and have not detected any virus. I am lost. Can you help me?
Thank you

http://www.sevenforums.com/bsod-help-support/379952-bsod-normal-mode-but-not-safe-safe-w-networking.html
Relevancy 32.25%

Is KIS 2016MR1(16.0.1.445(c)) Safe Money completely safe?
Because i notice some popup.Is it fixed in 2017 version or Kaspersky bring a patch for it?Or how do i enabled it?


 

A:Is KIS 2016MR1(16.0.1.445(c)) Safe Money completely safe?

Does your hardware support Virtualisation?

Hypervisor-powered protection against screenshots does not work in Kaspersky Internet Security 2016
 

https://malwaretips.com/threads/is-kis-2016mr1-16-0-1-445-c-safe-money-completely-safe.59806/
Relevancy 32.25%

Many, many years ago (when most people didn't even have regular anti-virus programs) I used to listen to web radio on live 365. I think I had to download a player.

I haven't listened to web radio for a >10 years and was wonder if their player and their site is safe and if so - which player at their site to use (I'd be doing for free not the VIP sites)?

If they're not a safe site or player (I noticed other sites I used I can't even access anymore due to my protection), can anyone suggest safe, free sites with opera, mariachi/tejano, jpop, bollywood, etc. music?

A:is live 365 safe? other safe free web radio?

Live 365 is safe. They've been around for years. The stations are user curated so it's OK for specific music genres. If you are looking for something with more variety, Pandora is the most popular streaming radio in the US. And you don't have to download anything. If you are outside the US as I am, I use AccuRadio and I have it set up so it will play almost anything at random. I use it to determine my blog song of the day. You can set up your own custom mix. And again there's no player to download. Just be sure to register so you save any changes. It's a free service.

http://www.accuradio.com/

http://www.bleepingcomputer.com/forums/t/480214/is-live-365-safe-other-safe-free-web-radio/
Relevancy 32.25%

I have been getting killed by some virus i have removed twice now. As with some virus' it deletes my restore points in sys restore. So what i want to do is create a new restore point save a safe copy of it somewhere else like on a different drive so that if this happens again i can drop the file into wherever sys restore saves them and run it. Is this possible and if so how? Or is there another way to do this to thwart any virus' attempts to leave me w/o a restore point?

A:How can i safe a safe copy of sys restore file?

This is 5 years old but think it should do what you want.
How To Backup System Restore Points

If you keep getting the same virus from the same place, don't go there.
Also, some viruses that are removed by some AV program may not get all its locations and reactivate.
Try a couple different on-demand scanners like spybot search and destroy, superantispyware,
malwarebytes, just to mention a few. Many times one pill will not cure everyone.
Good luck.

http://www.sevenforums.com/system-security/388198-how-can-i-safe-safe-copy-sys-restore-file.html
Relevancy 31.39%

Hi I've ran RogueKiller and found this I think i need to delete Powerliks but is the PUM Dns and PUM Desktopicons posisbly malware gueKiller V safe Safe/not question RogueKiller Oct by RogueKiller Safe/not safe question Adlice Software mail http www adlice com contact Feedback http forum adlice com Website http www adlice com softwares roguekiller Blog http www adlice com Operating System Windows Service Pack bits version Started in Normal mode User Joe Administrator Mode Scan -- Date Processes Registry PUM Dns X HKEY LOCAL MACHINE System CurrentControlSet Services Tcpip Parameters DhcpNameServer - gt Found PUM Dns X HKEY LOCAL MACHINE System ControlSet Services Tcpip Parameters DhcpNameServer - gt Found PUM Dns X HKEY LOCAL MACHINE System ControlSet Services Tcpip Parameters DhcpNameServer - gt Found PUM Dns X HKEY LOCAL MACHINE System CurrentControlSet Services Tcpip Parameters Interfaces E BF-EC - C- A C-E D DB CC DhcpNameServer - gt Found PUM Dns X HKEY LOCAL MACHINE System ControlSet Services Tcpip Parameters Interfaces E BF-EC - C- A C-E D DB CC DhcpNameServer - gt Found PUM Dns X HKEY LOCAL MACHINE System ControlSet Services Tcpip Parameters Interfaces E BF-EC - C- A C-E D DB CC DhcpNameServer - gt Found PUM DesktopIcons X HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Explorer HideDesktopIcons NewStartPanel D FE - AEA- -A D - B D - gt Found PUM DesktopIcons X HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Explorer HideDesktopIcons NewStartPanel a - f - a - c - fe b ee - gt Found PUM DesktopIcons X HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Explorer HideDesktopIcons NewStartPanel D FE - AEA- -A D - B D - gt Found PUM DesktopIcons X HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Explorer HideDesktopIcons NewStartPanel a - f - a - c - fe b ee - gt Found Tr Poweliks X HKEY USERS S- - - - - - - Software classes CLSID AB B - CA- bb -B D-A F A D LocalServer - gt Found Tasks Files Hosts File Antirootkit Driver Not loaded xc b Web browsers MBR Check PhysicalDrive --- User --- MBR b bf e b eb a a BSP a a cd afe fddc ec ad Windows Vista MBR Code Partition table - ACTIVE NTFS x VISIBLE Offset sectors Size MB - XXXXXX NTFS x VISIBLE Offset sectors Size MB User LL OK User LL OK

A:RogueKiller Safe/not safe question

Hello Joe109, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
======================================================
 Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
Ensure you are following this topic. Click  at the top of the page. 
 
======================================================
 
We can get to the RogueKiller results in due course. 
But first, I must ensure you are aware of the following. Please have a read, and let me know how you wish to proceed. 
 

BACKDOOR WARNING
 
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc).Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?
You have a choice between cleaning the infection(s) or reformatting your computer. Ultimately, the decision is personal, and up to you and whatever you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.

http://www.bleepingcomputer.com/forums/t/553201/roguekiller-safenot-safe-question/
Relevancy 31.39%

I am using Registry Mechanic and it is recommending to compact the registry. I am wanting to know if it is safe to do so? Thanks.

A:Compacting the Registry Safe or Not Safe?

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.And no, I would not compact the registry.

http://www.bleepingcomputer.com/forums/t/358925/compacting-the-registry-safe-or-not-safe/
Relevancy 31.39%

While in safe mode, the icons on the bottom right are not present. Does that mean that programs like NIS are not enabled in this mode? If that is the case, doesn't running an active scan, like Panda, also present a security risk?

I'd like to work on other things while Panda is running, but I am hesitant to open other programs or to browse if my computer is not protected while in this mode.

I couldn't decide whether this topic belongs in security or browsing, so I hope I chsoe the correct forum.

Thank you.

A:How Safe Is It To Browse While In Safe Mode?

I don't really have an antivirus...

Yeah, that means that your start up programs aren't running. You'll have to start your antivirus by yourself in safe mode. Safe mode is mostly for just getting into your computer when you're having problems starting it up, and fixing it from there...

http://www.bleepingcomputer.com/forums/t/108984/how-safe-is-it-to-browse-while-in-safe-mode/
Relevancy 30.96%

okay... so i was trying to get into safemode so i could run an antivirus scan, problem is whenever i tried going in safemode the blue screen would pop up and computer would restart. now for some dumb reason i thought maybe i could get in safemode if i used msconfig and selected safe mode from the boot menu. so the computer restarted and now it boots in safemode but the blue screen and restart happen everytime now. ive tried "start windows normally" but that boots in safemode.... ive tried "last known good config..." and that too boots in safemode. so now im stuck, i cant get on windows. any help please?

im willing to start over but i dont know how to do that from here
 

A:STUCK in safe mode boot, safe mode doesnt work and restarts, REPEAT

https://forums.techguy.org/threads/stuck-in-safe-mode-boot-safe-mode-doesnt-work-and-restarts-repeat.869731/
Relevancy 30.53%

i have windows home xp edtion on parkard bell.in safe mode it is fine,but when on normal bootup mode it will hang up after 2mins aprox(then restart saying crit error,check hardware etc and being to dump files kernel),on a blue screen.

i tried a different graphics card,but no joy.so i replaced the hdd drive and put a fresh copy of windows xp pro edtion on,but it loads all the files(i have not pressed f6)i just let it run its course on the disc,then it hangs up on the blue screen again with the words(crit error 0x0000007f)check hardware etc and if this is the first time you have seen it try starting windows again.

Thankyou for all your time.
 

A:Solved: xp safe in safe mode fine...mormal mode blue screen

Start in Safe Mode and look in C:\Windows\Minidump for crash log files with a dmp extension, like Mini071008-01.dmp. Zip 4-5 of the latest ones and post here as a ZIP or RAR attachment. The log file contains information useful to determine what caused the error, most likely hardware.
 

https://forums.techguy.org/threads/solved-xp-safe-in-safe-mode-fine-mormal-mode-blue-screen.729142/
Relevancy 30.53%

I'm new here and in hopes of getting this resolved. I just installed the new Norton Systemworks 2005 and rebooted after installation. When the boot screen got up to the blue screen with the Windows XP logo before displaying the login names where you put in your password, it just stops. I restarted a few times and waiting a few more times thinking it may need to 'finish' installing. But each time gave the same results. Finally, I went in with 'Safe Mode' and got in with no problems. Tried again in normal mode after looking around for any obvious problems (none found)... back to square one. Tried again in 'Safe Mode with Networking' and it failed like normal mode so I suspected a networking problem??? The last thing I tried which made me mad is that I tried to uninstall Norton Systemworks in 'Safe Mode' and that failed!! Anyone in these forums know the cure? :dead:
 

A:Unable to get to login screen, works in Safe Mode but in Safe Mode w/ Networking

Just a thought

Safe-Mode
Start \ Run \ msconfig \ diagnostic startup
disable any services attached to your most recent install and restart
should get warning next boot about using msconfig, its ok
One key service that needs to be available is the installer service
Try the uninstall, if doesn't complete
Try the uninstall string in the registry only if you know what you are doing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Under it you will see a list of installed programs. Some don?t show up as words but you can figure out what they are by looking at their values. What you are looking for is the uninstall string. Double click that key as if you were going to modify its value. Do a CTRL + C to copy and then exit the registry editor.

Go to START \ RUN and paste the uninstall sting and hit enter. This should launch the uninstall.

Just a thought though as I am not infront of a test system at the moment. You should research this a little further so you have a clear understanding of what you can and can't do with msconfig.

or simpler yet

Safe-Mode

Start \ Programs \ Access. \ System Tools \ System Restore

Select restore point prior to install of whats giving you the problem.

Again, Good Luck

PS If you try to install it again, turn of antivirus and other open programs etc..
 

http://www.techspot.com/community/topics/unable-to-get-to-login-screen-works-in-safe-mode-but-in-safe-mode-w-networking.17957/
Relevancy 30.1%

I recently attempted to clean my brother's computer after he aquired a virus from the torrent file program he uses. Regardless, I cleaned a trojan and a backdoor from his system from safe mode. I can not boot in normal mode. Everytime i try the system gets hung up at the windows loading screen then the screen turns black and sits there. I have to hard reboot. I ahve used a repar CD and i have come across an error 0x800700b7, i have also recived this when i tried to work around this problem "identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}"

OS= Win 7

A:System will only start in Safe mode, Clean virus in safe mode

You can spend a lot of time trying to fix the boot problem and clean the virus from the computer, or you can nuke it and reinstall Windows. I wouldn't bother trying to fix it, personally - I'd back up what I could and then I'd install Windows again.

http://www.sevenforums.com/general-discussion/214923-system-will-only-start-safe-mode-clean-virus-safe-mode.html
Relevancy 30.1%

I booted into safe mode to try an fix a issue I selected to boot with command prompt butb I have a all black screen an can't get out of safe mode now I restarted the laptop a few times still the same 'anyone know how to fix this?

https://social.technet.microsoft.com/Forums/en-US/12f2b79d-975d-48d3-8135-383a58969e96/booted-into-safe-mode-windows-81-have-a-black-screen-cant-get-out-of-safe-mode?forum=w8itprogeneral
Relevancy 30.1%

Hello,

Recently my dad's computer had a corrupted hive and boot.ini. Via this website, I was instructed to run a chkdsk /r while in the recovery console. Everytime I used his OS disk to get into the recovery console, it prompted me for a password and I didn't know it (nor could I leave it blank). I decided to use my OS disk from my computer and I could fix the problem. Now, though, everytime I startup the computer, it prompts me to start windows normally, in safe mode, in safe mode with networking... To give further information...on that same screen there is an option for Windows XP and Windows XP Home Edition. Don't know if that has something to do with it. They both work though when I press enter on either one. Could anyone help me stop the computer from prompting me??? Thank you for any help.

http://www.bleepingcomputer.com/forums/t/258208/prompting-to-start-normally-safe-mode-safe-mode-with-networking-upon-startup/
Relevancy 30.1%

This morning we had a power outage and when I turned my computer back on it would not boot I tried several times to hard boot computer [SOLVED] with mode or mode except in boot will not safe networking. safe with no luck Then I tried safe mode Ran an antivirus scan and it showed [SOLVED] computer will not boot except in safe mode or safe mode with networking. malware and several infections which it cleaned The computer still would not boot normally I then ran chkdsk still would not boot normally I have ran malware bytes registry repair and the [SOLVED] computer will not boot except in safe mode or safe mode with networking. registry defrag program as well as done a disk clean up It still will not boot in normal mode Since my last problems that you helped me with I have upgraded to a broadband internet connection and have a home network The other computers on the network are fine A week ago I had purchased Avast internet security and had problems immediately It would not allow me to connect to the internet That was uninstalled and I went back to the free Avast antivirus Zone alarm and Spyware blaster I was very unhappy with Avast customer service and support iYogi and decided I did not want Avast on my computer at all I have since downloaded PC tools free antivirus Once I have my computer operational again I am open to suggestions Fortunately I did not change anything on the other computers Just mine Running Windows XP Thank you

A:[SOLVED] computer will not boot except in safe mode or safe mode with networking.

what are you running
video card
cpu
m/board
ram
power supply
brand
model
wattage

check the listings in the bios for voltages and temperatures and post them

the outage may have damaged the psu

http://www.techsupportforum.com/forums/f10/solved-computer-will-not-boot-except-in-safe-mode-or-safe-mode-with-networking-605216.html
Relevancy 29.67%

I had my warcraft account keylogged i think last night Ive scanned wih hkaspersky is Possible Keylogger spybot malware bytes etc which found nothing Would be greatful if someone could look at my hijack this log ThanksLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x Nokia Nokia PC Suite PCSuite exeE Program Files x Steam Steam exeC Program Files x Possible Keylogger Creative SB X-Fi Possible Keylogger MB Volume Panel VolPanlu exeC Program Files x InstallShield Installation Information A E Possible Keylogger - C B- FE - DD- F BE AMBSPISyncService exeC Users Chris AppData Local Temp Sound Blaster X-Fi MB Cleanup C Program Files x Analog Devices Core smax pnp exeC Program Files Logitech SetPoint x SetPoint exeC Program Files x Internet Explorer IELowutil exeC Program Files x Mozilla Firefox firefox exeG Anti Virus amp Anti Spyware hijack HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exeO - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files x Kaspersky Lab Kaspersky Internet Security ievkbd dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dllO - BHO link filter bho - E CF -D - A- F - F A F - C Program Files x Kaspersky Lab Kaspersky Internet Security klwtbbho dllO - HKLM Run VolPanel quot C Program Files x Creative SB X-Fi MB Volume Panel VolPanlu exe quot rO - HKLM Run UpdReg C Windows UpdReg EXEO - HKLM Run CTSyncService quot C Program Files x InstallShield Installation Information A E - C B- FE - DD- F BE AMBSPISyncService exe quot StartRunKeyO - HKLM Run AVP quot C Program Files x Kaspersky Lab Kaspersky Internet Security avp exe quot O - HKLM Run StartCCC quot C Program Files x ATI Technologies ATI ACE Core-Static CLIStart exe quot MSRunO - HKLM Run SoundMAXPnP C Program Files x Analog Devices Core smax pnp exeO - HKLM RunOnce Malwarebytes Anti-Malware quot C Program Files x Malwarebytes Anti-Malware mbamgui exe quot install silentO - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRunO - HKCU Run ehTray exe C Windows ehome ehTray exeO - HKCU Run PC Suite Tray quot C Program Files x Nokia Nokia PC Suite PCSuite exe quot -onlytrayO - HKCU Run msnmsgr quot C Program Files x Windows Live Messenger msnmsgr exe quot backgroundO - HKCU Run Steam quot e program files x steam steam exe quot -silentO - HKCU Run WMPNSCFG C Program Files x Windows Media Player WMPNSCFG exeO - HKCU Run EA Core quot C Program Files x Electronic Arts EADM Core exe quot -silentO - Global Startup Logitech SetPoint lnk O - Extra context menu item Add to Anti-Ban... Read more

A:Possible Keylogger

Anyone?Just want to know if anything in the list looks potentially dodgy :S===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Elise - forum moderator

http://www.bleepingcomputer.com/forums/t/289875/possible-keylogger/
Relevancy 29.67%

I recently had my wow account hacked I've run as Norton security regularly since I built the computer Since the incident I've scanned with Malware bytes as well but with no luck If someone has the time I would appreciate if they could just check over the logs keylogger Possible and see if anything is amiss I realize that there may be nothing and am in fact hoping that's the case I would just feel better knowing that the hack was a brute force attack and not some type of keylogger I am fairly knowledgeable about computers and take as much precaution as I can Anyway any help Possible keylogger would be greatly appreciated Thanks in Advance Eric DDS Ver - - - NTFSX Run by Possible keylogger Eric Possible keylogger at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Home Premium GMT - AV Norton Internet Security On-access scanning enabled Updated E A - - -B - C C F SP Norton Internet Security enabled Updated CBB EE - - DAB- B -D C AA E A FW Norton Internet Security enabled C A C -F F- AC -B -A E C F Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Creative Shared Files CTAudSvc exe C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows system Dwm exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C ProgramData EPSON EPW SSRP E S RPB EXE C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Common Files LightScribe LSSrvc exe C Program Files x Norton Internet Security Engine ccSvcHst exe C Windows system svchost exe -k imgsvc C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files x Norton Internet Security Engine ccSvcHst exe C Program Files x Common Files Ahead Lib NMBgMonitor exe C Windows ehome ehmsas exe C Program Files x NCSoft Launcher NCLauncher exe C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows SysWOW Ctxfihlp exe C Program Files Logitech SetPoint SetPoint exe C Program Files x WindowManager WindowManager exe C Program Files Logitech GamePanel Software Applets LCDClock exe C Program Files Logitech GamePanel Software Applets LCDCountdown exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Razer DeathAdder razerhid exe C Program Files x Common Files Ahead Lib NMIndexingService exe C Program Files x WindowManager WindowManager exe C Program Files x Google Quick Search Box GoogleQuickSearchBox exe C Program Files x Common Files Ahead Lib NMIndexStoreSvr exe C Program Files x SteelSeries World of Warcraft MMO Gaming Mouse WoWMHID exe C Program Files x Creative Volume Panel VolPanlu exe C Program Files x Ideazon ZEngine Zboard exe C Program Files x Razer DeathAdder razerofa exe C Program Files x Java jre bin jusched exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Windows SysWOW CTXFISPI EXE C Program Files Logitech SetPoint x SetPoint exe C Program Files x SteelSeries World of Warcraft MMO Gaming Mouse WoWMTray exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Windows System svchost exe -k LocalServicePeerNet C Program Files Logitech GamePanel Software Applets LCDMedia exe C Program Files Logitech GamePanel Software Applets LCDPop exe C Program Files Logitech ... Read more

A:Possible keylogger

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I ... Read more

http://www.bleepingcomputer.com/forums/t/283138/possible-keylogger/
Relevancy 29.67%

Well Not Long Ago Someone sent me a file over msn it is only kb and it contained a exe file stupid me running it Oh well here is a hijack have keylogger Help.. i a i think this log is there anything wrong Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system spoolsv exe C WINDOWS arservice exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc Help.. i think i have a keylogger exe C Program Files MySQL Server bin mysqld-nt exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system Help.. i think i have a keylogger dllhost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS eHome ehmsas exe C WINDOWS RTHDCPL EXE C WINDOWS ARPWRMSG EXE C Program Files QuickTime qttask exe C Program Files Hp HP Software Update HPWuSchd exe C WINDOWS system RunDLL exe C PROGRA Grisoft AVG avgcc exe C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Abyss Web Server abyssws exe C Program Files Compaq Connections Program Compaq Connections exe C Program Files WiFiConnector NintendoWFCReg exe C Program Files Abyss Web Server abyssws exe C HP KBD KBD EXE c windows system hpsysdrv exe C Program Files Internet Download Manager IDMan exe C Program Files MSN Help.. i think i have a keylogger Messenger usnsvc exe C PROGRA Mozilla Firefox firefox exe C WINDOWS winlogon exe C WINDOWS system taskmgr exe C Program Files Spybot - Search amp Destroy SpybotSD exe C Program Files WinRAR WinRAR exe C DOCUME COMPAQ LOCALS Temp Rar EX HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN AU amp c amp bd PRESARIO amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN AU amp c amp bd PRESARIO amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN AU amp c amp bd PRESARIO amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN AU amp c amp bd PRESARIO amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN AU amp c amp bd PRESARIO amp pf desktop F - REG system ini Shell Explorer exe C WINDOWS winlogon exe O - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run ftutil rundll exe ftutil dll SetWriteCacheMode O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNC O - HKLM Run PH... Read more

Relevancy 29.67%

I was supposedly infected with a wow keylogger but none of the spyware programs i ve used has turned up anything DDS log below ark txt and attach txt attached DDS Ver - - - NTFSx Run by Dan at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG On-access scanning enabled Updated - - - Keylogger WoW B- E B FB FW ZoneAlarm Firewall enabled BDA - WoW Keylogger B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system BRMFRSMG EXEC WINDOWS Explorer EXEC Program Files ScanSoft PaperPort pptd nt exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files iTunes iTunesHelper exeC WINDOWS system RUNDLL EXEC Program Files Stardock ObjectDock ObjectDock exeC Program Files iPod bin iPodService exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Dan Desktop dds scr Pseudo HJT Report uStart Page hxxp www WoW Keylogger sfgate com uSearch Page hxxp www google comuDefault Search URL hxxp www google com ieuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchURL Default hxxp www google com search q smWinlogon UIHost c windows system logonuiX exeBHO SnagIt Toolbar Loader c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO DE BA- B - C- D - AAC D DD - No FileTB SnagIt ff e -abde- eb-b e-d aab cabe - c program files techsmith snagit SnagItIEAddin dlluRun Google Update quot c documents and settings dan local settings application data google update GoogleUpdate exe quot cuRun igndlm exe c program files download manager DLM exe windowsstart startifworkuRun MSMSGS quot c program files messenger msmsgs exe quot backgroundmRun PaperPort PTD c program files scansoft paperport pptd nt exemRun IndexSearch c program files scansoft paperport IndexSearch exemRun SetDefPrt c program files brother brmfl e BrStDvPt exemRun ControlCenter c program files brother controlcenter brctrcen exe autorunmRun ZoneAlarm Client quot c program files zone labs zonealarm zlclient exe quot mRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exemRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun nwiz nwiz exe installquietmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRunOnce Malwarebytes Anti-Malware c program files malwarebytes anti-malware mbamgui exe install silentdRun AVG Run c progra grisoft avg avgw exe RUNONCEStartupFolder c docume dan startm programs startup gmotes lnk - c program files gmoteserver GmoteServer exeStartupFolder c docume dan startm programs startup impuls lnk - c program files stardock impulse now ImpulseNow exeStartupFolder c docume dan startm programs startup stardo lnk - c program files stardock objec... Read more

A:WoW Keylogger

Bump. Any thoughts here?

http://www.bleepingcomputer.com/forums/t/290800/wow-keylogger/
Relevancy 29.67%

Logfile of HijackThis v Scan saved at PM might keylogger i a Think have on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system nvsvc exe C WINDOWS system Think i might have a keylogger dllhost exe C WINDOWS system wscntfy exe C WINDOWS ehome ehtray exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS System DLA DLACTRLW EXE C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS stsystra exe C WINDOWS eHome ehmsas exe C WINDOWS system RUNDLL EXE C Program Files Logitech G-series Software LGDCore exe C Program Files Logitech G-series Software LCDMon exe C Program Files Java jre bin jusched exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Logitech G-series Software Applets LCDCountdown LCDCountdown exe C Program Files Logitech G-series Software Applets LCDPop LCDPOP exe C Program Files Logitech G-series Software Applets LCDMedia exe C Program Files Logitech G-series Software Applets LCDClock exe C Program Files Logitech Desktop Messenger Program BackWeb- exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files AIM aim exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files AIM aolsoftware exe C Program Files Logitech SetPoint KEM exe C Program Files Logitech SetPoint KHALMNPR EXE C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system wuauclt exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Java jre bin jucheck exe C Documents and Settings Doug Massie Local Settings Temporary Internet Files Content IE VEXEZ HijackThis exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Internet Explorer Main Start Page http google bearflix com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll R - URLSearchHook no name - BB D -A - B -A -C A F EC - no file O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO XBTP - F - FD- - - CC AB FB - C PROGRA BEARSH BEARSH MediaBar dll ... Read more

Relevancy 29.67%

So here s the deal My WoW account got hacked I realize that there can be many causes of this but the only theory that makes any sense to me is the possibility that I may have a keylogger installed I ran scans with my anti-virus program Keylogger? SUPERAntiSpyware Malwarebytes Anti-Malware and Spybot Search and Destroy I scanned in Safe Mode then in Normal Mode then again with WoW running because key loggers can Keylogger? hide inside Keylogger? WoW add-ons All turned up nothing So I am at a loss to explain how this could have happened I created these logs without WoW running and wonder if anything looks suspicious Please advise Thanks ----DDS Ver - - - NTFSx Run by Kevin at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF SP AVG Anti-Virus Free enabled Updated DDD - FF- F- E B- D D BF SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C DADBE SP Lavasoft Ad-Watch Live disabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- Keylogger? F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows system atiesrxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system atieclxx exeC Windows system svchost exe -k NetworkServiceC Program Files Lavasoft Ad-Aware AAWService exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Windows system svchost exe -k hpdevmgmtC Program Files MagicTune Premium MagicTuneEngine exeC Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system PnkBstrA exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system WUDFHost exeC PROGRA AVG AVG avgrsx exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Windows system taskeng exeC Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files GIGABYTE GEST gest exeC Program Files Windows Defender MSASCui exeC Windows RtHDVCpl exeC Program Files AVG AVG avgtray exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Microsoft IntelliPoint ipoint exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Windows Sidebar sidebar exeC Windows ehome ehtray exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files MagicTune Premium GammaTray exeC Program Files HP Digital Imaging bin hpqtra exeC Windows ehome ehmsas exeC Program Files SEC Natural Color Pro NCProTray exeC Program Files Microsoft IntelliPoint dpupdchk exeC Program Files Windows Sidebar sidebar exeC Program Files AIM aim exeC Program Files AIM aolsoftware exeC Windows system wbem unsecapp exeC Program Files iPod bin iPodService exeC Windows system wbem wmiprvse exeC Program Files Windows Media Player wmpnscfg exeC Program Files Windows Media Player wmpnetwk exeC Program Files Mozilla Firefox firefox exeC Program Files GIGABYTE GEST GSvr exeC Program Files ATI Technologies ATI ACE Core-Static CCC exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files HP Digital Imaging bin hpqbam exeC Program Files HP Digital Imaging bin hpqgpc exeC Program Files Lavasoft Ad-Aware AAWTray exeC Windows servicing TrustedInstaller exeC Windows system wuauclt exeC Windows system SearchProtocolHost exeC Wi... Read more

A:Keylogger?

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/288561/keylogger/
Relevancy 29.67%

Every time I run malwarebytes it finds keylogger exe I remove and restart but it still shows up I also run sometimes another file pops up like this get Keylogger.exe need rid of to in todays scan Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Policies need to get rid of Keylogger.exe Explorer ForceClassicControlPanel Hijack ControlPanelStyle - gt Quarantined and deleted successfully yesterday there was a Vundo in a spybot scan and I removed it Iam scanning with Spybot right now to see if there is anything else to be found Thanks in advance any help is appreciated Hijack log Logfile need to get rid of Keylogger.exe of Trend Micro HijackThis v Scan saved at need to get rid of Keylogger.exe on -Oct- Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system cisvc exe C Program Files ComputerAssociates NTAgent Ntagent exe C WINDOWS system crypserv exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Kaseya Agent AgentMon exe C WINDOWS LogWatNT exe C Program Files McAfee VirusScan Enterprise EngineServer exe C Program Files McAfee Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system mfevtps exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS Explorer EXE C WINDOWS system rundll exe C WINDOWS system RunDLL exe C WINDOWS system WLTRAY exe C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe C Program Files Wave Systems Corp SecureUpgrade exe C WINDOWS stsystra exe C WINDOWS system KADxMain exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell QuickSet quickset exe C PROGRAM FILES EQUANT AUTOUPDT EACUPDT EXE C Program Files Java jre bin jusched exe C Program Files DellTPad Apoint exe C Program Files Kaseya Agent KaUsrTsk exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Program Files McAfee Common Framework udaterui exe C Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exe C Program Files McAfee Common Framework McTray exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Spark Spark exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Uniblue ProcessQuickLink ProcessQuickLink exe C Program Files Gadwin Systems PrintScreen PrintScreen exe C Program Files WinSplit Revolution WinSplit exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files SigmaTel C-Major Audio WDM StacSV exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C Program Files RealVNC VNC WinVNC exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files ComputerAssociates ARCserveITDS asdscsvc exe C Program Files ComputerAssociates ARCserveITDS Liccheck exe C WINDOWS system dllhost exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files Malwarebytes Anti-Malware mbam ex... Read more

Relevancy 29.67%

I am hoping perhaps for some assistance I have had a problem with the comput er Someone has accessed somehow a password from my computer im assuming and been able to get into a gaming area that i was in and as a result I lost an account and monies that I had spent in setting the account up Ive since closed down the account ran various scans and checks Im positive that Ive found a keylogger and a few other things that Ive removed But I really would appreciate if I could be assured that the computer is clean and safe so that I can get on with getting back to normal I had posted this about five days ago but i think it had perhaps gotten lost I apologize for reposting Ive Keylogger included a hijack log Regards Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Keylogger Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Keylogger Explorer EXE C Program Files AntiVir PersonalEdition Classic sched exe C Program Files AntiVir PersonalEdition Classic avguard exe C Program Files Comodo Firewall cmdagent exe C WINDOWS System svchost exe C windows system hpsysdrv exe C WINDOWS system hkcmd exe C HP KBD KBD EXE C WINDOWS system igfxtray exe C Program Files AntiVir PersonalEdition Classic avgnt exe C Program Files Comodo Firewall CPF exe C WINDOWS system ctfmon exe C Documents and Settings Owner My Documents Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - A E F- A- B -B -E C A F - no file O - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - Toolbar hp toolkit - B E - D D- DEB- B - D BCF F - C HP EXPLOREBAR HPTOOLKT DLL O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run KBD C HP KBD KBD EXE O - HKLM Run StorageGuard quot C Program Files VERITAS Software Update Manager sgtray exe quot r O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run avgnt quot C Program Files AntiVir PersonalEdition Classic avgnt exe quot min O - HKLM Run COMODO Firewall Pro quot C Program Files Comodo Firewall CPF exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Extra context menu item Customize Menu - file C Program Files Siber Systems AI RoboForm RoboFormComCustomizeIEMenu html O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Fill Forms - file C Program Files Siber Systems AI RoboForm RoboFormComFillFo... Read more

https://forums.techguy.org/threads/keylogger.564282/
Relevancy 29.67%

So back in december i had let multiple people use my computer just that won't Keylogger die. and one played a game called RF Online He was persuaded by a friend to download an injection program to cheat and it turns out he got just deserts for attempting to do so It opened as an installer a bar ran across the installer and it said that the RF Online game was not installed So he ignored it thinking it did not work Being the paranoid computer geek i am a have a program called Process Explorer and i regularly go through the list and google each process to ensure it's authenticity I found a process called quot DETLS exe quot that was listed as a fairly unknown virus I attempted to kill it but it revived itself and as it did that i could not delete as it gave me that error message as the program was in use so i traced another process that seemed to be feeding it as it's CPU usage jumped everytime i Keylogger that just won't die. closed the DETLS it would reopen it So closing that i was able to close DETLS properly but before doing so i tracked it down in my system folder and deleted it as well Thinking i was in the clear i ignored it for a while Recently upon attempting to install something i KNOW is safe as i have it running on two other machines The install screen was brought up Unfortunately the title read quot RF ONLINE quot so clearly it was bringing up an old one that failed So i have a feeling something is wrong with that installer So when this runs both are put back on my system the DETLS exe and the other process that supports it Can you guys PLEASE help me out with this as i checked my system restore date and the OLDEST one was February and this event happened mid december And i REALLY don't want to format my harddrives Thankfully yours Will Deckard's System Scanner v Run by Ron on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - Software Distribution Service -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system WLTRYSVC EXE C WINDOWS system BCMWLTRY EXE C WINDOWS system ati evxx exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files McAfee HackerWatch HWAPI exe C Program Files McAfee MSC mcmscsvc exe C Program Files Common Files McAfee MNA McNASvc exe C Program Files McAfee VirusScan mcods exe C Program Files McAfee MSC mcpromgr exe C Program Files Common Files McAfee RedirSvc RedirSvc exe C Program Files McAfee VirusScan Mcshield exe C Program Files McAfee VirusScan mcsysmon exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MpfSrv exe C WINDOWS explorer exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C WINDOWS system WLTRAY EXE C WINDOWS stsystra exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C WINDOWS system TaskSwitch exe C Program Files iTunes iTunesHelper exe C Program Files Dell Support Center bin sprtcmd exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files McAfee com Agent mcagent exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files iPod bin... Read more

Relevancy 29.67%

Help there is a possible keylogger Possible keylogger on my computer Everything seems to be legitimate to me but I have no experience of this HiJackThis Quote Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes D Vista Program Files x Steam Steam exe D Vista Program Files x Possible keylogger Dropbox dropbox exe C Users Mike AppData Local Google Update GoogleCrashHandler exe D Vista Program Files x RivaTuner v RivaTuner exe C Possible keylogger Windows SysWOW conime exe D Vista Program Files x Mozilla Firefox firefox exe D Vista Program Files x Pidgin pidgin exe C Program Files x Windows Media Player wmplayer exe D Vista Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Possible keylogger Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO D - A E C - - AE - FA- CBF F E - no file O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO SmartSelect - F EE -DAA - - - D EE A - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run Steam quot d vista program files x steam steam exe quot -silent O - HKCU Run Google Update quot C Users Mike AppData Local Google Update GoogleUpdate exe quot c O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOCAL SERVICE' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'NETWORK SERVICE' O - Startup Dropbox lnk D Vista Program Files x Dropbox dropbox exe O - Extra context menu item Append Link Target to Existing PDF - res C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll AcroIEAppendSelLinks html O - Extra context menu item Append to Existing PDF - res C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert Link Target to Adobe PDF - res C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll AcroIECaptureSelLinks html O - Extra context menu item Convert to Adobe PDF - res C Program Files x Common Files Adobe Acrobat ActiveX AcroIEFavClient dll AcroIECapture html... Read more

A:Possible keylogger

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-390507.html
Relevancy 29.67%

does a anti spyware and anti spamware get rid of a key logger?

A:keylogger

Hello and welcome to TSF.

There are various key loggers, some of which are installed legitimately. However, if you think that your system is being key logged as part of an infection, we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-398280.html
Relevancy 29.67%

On my family PC my wife was complaining when she tries to play MSN Zone Backgammon it would attempt to logon then the IE or Keylogger what? window immediately closed Same problem with Eudora email and Winword When I attempted to view Application errors in Event Viewer clicking the red errors did nothing except run drwtsn exe Rebooting the PC solved the above problems I was then able to view the errors all of which indicates a problem with quot riched dll quot The PC seems to be working ok now but CSRSS Keylogger or what? EXE is running from C Windows System It should not be there it should be in C Windows system When I view the file information it says Company J us Internal Name Faldon Click Macro Original Filename FaldonClickMacro exe And of course I can t end it Windows thinks it s the other one Ideas Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C WINDOWS system CTSvcCDA EXE C WINDOWS system drivers dcfssvc exe C WINDOWS Explorer EXE C Program Files Canon Memory Card Utility PIXMA iP D PDUiP DMemCrdMgr exe C WINDOWS System svchost exe C WINDOWS system MsPMSPSv exe C WINDOWS system svchost exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Zero Knowledge Freedom Freedom exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C WINDOWS SYSTEM CSRSS EXE C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files Timex Data Link USB DataLinkLauncher exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C WINDOWS system wuauclt exe C WINDOWS system msiexec exe C Program Files Common Files Command Software dvpapi exe D hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page file C HTML start htm O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO PopKill Class - C EA -E A - E -A -D B C A - C Program Files Zero Knowledge Freedom pkR dll O - BHO ZKBho Class - E D-C B- D -B C- E A - C Program Files Zero Knowledge Freedom FreeBHOR dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Freedom C Program Files Zero Knowledge Freedom Freedom exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CSRSS C WINDOWS SYSTEM CSRSS EXE O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Timex Data Link USB Launcher lnk O - Extra context menu item Easy-WebPrint Add To Print List - res C Program Files Canon Easy-WebPrint Resource dll RC AddToList html O - Extra context menu item Easy-WebPrint High Speed Print - res C Program Files Canon Easy-WebPrint Re... Read more

A:Keylogger or what?

You should also remove Boonty Games from add/remove programs.
 

https://forums.techguy.org/threads/keylogger-or-what.569951/
Relevancy 29.67%

I ve done Keylogger? a have Might most of the research on my logs already and can Might have a Keylogger? t find anything I am fairly convinced that I clicked on a link connected with a key logger though and wanted to make sure I m not certain as to what else I can do in terms of anti-virus spyware removal as nothing I ve tried has found anything Logfile of Trend Micro HijackThis v BETA Scan saved at AM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C Might have a Keylogger? WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C WINDOWS Explorer EXE C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C WINDOWS system PnkBstrA exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Common Files AOL ee aolsoftware exe C WINDOWS System svchost exe c program files common files aol ee aim exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files Windows Media Player wmplayer exe C WINDOWS system taskmgr exe C PROGRA MOZILL FIREFOX EXE C Documents and Settings adam Desktop HiJackThis v exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Aim quot C Program Files Common Files AOL Launch AOLLaunch exe quot d locale en-US ee aol imApp O - Extra context menu item amp Yahoo Search - file C Program Files Yahoo Common ycsrch htm O - Extra context menu item Yahoo amp Dictionary - file C Program Files Yahoo Common ycdict htm O - Extra context menu item Yahoo amp Maps - file C Program Files Yahoo Common ycmap htm O - Extra context menu item Yahoo amp SMS - file C Program Files Yahoo Common ycsms htm O - Extra button Web Anti-Virus statistics - F - A - D - CA -AA ACF ED E - C Program Files Kaspersky Lab Kaspersky Anti-Virus scieplugin dll O - Extra button Yahoo Services - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - Extra button Yahoo Messenger - E D C E- B F- D -B C - C C - C Program Files Yahoo Messenger YahooMessenger exe O - Extra Tools menuitem Yahoo Messenger - E D C E- B F- D -B C - C C - C Program Files Yahoo Messenger YahooMessenger exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF - f - bb - d -fa d f a ab YInstStarter Class - C Program Files Yahoo Common yinsthelper dll O - SharedTaskSched... Read more

Relevancy 29.67%

Keylogger or what Hey there guys im a bit of a noob when it comes to computers and my dad BTW im just not moved out yet has said he has a keylogger on my comp and I overheard him saying it too some So i have spybot S Keylogger Please help maybe?? amp D Keylogger maybe?? Please help and AVG free and have scanned them and found no keyloggers So im sitting here thinking WTF and I was wondering if theres a way hes hidden it As we use the Keylogger maybe?? Please help same wireless router for our internet so can he just access the history through the router is it a keylogger is it hidden I just dont know Also last thing is my dad is very good with comps he used to builf them and just moved from a massive security firm as CPO so I was wondering if theres any ways I could physically get rid of or at VERY LEAST detect this keylogger or anything Thanks guys This would mean so much for you too help nbsp

https://forums.techguy.org/threads/keylogger-maybe-please-help.771277/
Relevancy 29.67%

Hi Keylogger help there I play WoW and I found out that my acc got hacked Then I wrote to a supporter and he send me to Keylogger help a forum Keylogger help with a guide It guided me to do a lot of scan with differrent ad-ware and spyware scanners and in the end it told me to scan with HijackThis and post the log on this forum I don't know if this is the right place to post it but I'm doing it anyway I was told that I'd got a Keylogger don't really know what it is and they led me to U guys HijackThis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Programmer WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS system svchost exe C Programmer Intel WiFi bin S EvMon exe C Programmer Alwil Software Avast aswUpdSv exe C Programmer Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Programmer Intel WiFi bin EvtEng exe C Programmer Windows Live Family Safety fsssvc exe C Programmer Java jre bin jqs exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C Programmer F lles filer Intel WirelessCommon RegSrvc exe C Programmer Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS system svchost exe C WINDOWS System TUProgSt exe C Programmer Intel Intel Matrix Storage Manager IAANTMon exe C Programmer Alwil Software Avast ashMaiSv exe C Programmer Alwil Software Avast ashWebSv exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Programmer Compal Wireless Select Switch WLSS exe C Programmer Protector Suite QL psqltray exe C PROGRA ALWILS Avast ashDisp exe C Programmer Intel Intel Matrix Storage Manager iaanotif exe C Programmer F lles filer Intel WirelessCommon iFrmewrk exe C WINDOWS system RUNDLL EXE C WINDOWS RTHDCPL EXE C Programmer Adobe Acrobat Acrobat Acrotray exe C Programmer Windows Live Messenger msnmsgr exe C WINDOWS system wbem unsecapp exe C Programmer Innovative Solutions DriverMax devices exe C Programmer Curse CurseClient exe C Programmer Messenger msmsgs exe C Programmer Adobe Adobe Bridge CS Bridge exe C Programmer Logitech SetPoint SetPoint exe C Programmer Logitech SetPoint II SetpointII exe C Programmer F lles filer Logishrd KHAL KHALMNPR EXE C Programmer Mozilla Firefox firefox exe C Programmer Windows Live Contacts wlcomm exe C Programmer Lavasoft Ad-Aware AAWService exe C Programmer Lavasoft Ad-Aware AAWTray exe C Programmer uTorrent uTorrent exe C Programmer DAEMON Tools daemon exe C Programmer Windows Live Photo Gallery WLXPhotoGallery exe C Programmer VLC vlc exe C Programmer Malwarebytes' Anti-Malware mbam exe C WINDOWS system NOTEPAD EXE C Programmer Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www google dk R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www abook dk R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO ContributeBHO Class - C DC - - A A- D-C C - C Programmer Adobe Adobe Contribute CS contributeieplugin dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelperShim dll O - BH... Read more

A:Keylogger help

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/keylogger-help-422696.html
Relevancy 29.67%

hi can you check if thier are any malicious items in my log Logfile of Trend Micro HijackThis v Scan saved keylogger????? possible at possible keylogger????? on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exeC Program Files Java jre bin jusched exeC Program Files ESET ESET NOD Antivirus egui exeC Program Files Microsoft Office Office GrooveMonitor exeC WINDOWS system rundll exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger possible keylogger????? msnmsgr exeC Program Files Messenger msmsgs exeC Program Files uTorrent uTorrent exeC Program Files Panda USB Vaccine USBVaccine exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files ESET ESET NOD Antivirus ekrn exeC Program Files Java jre bin jqs exeC WINDOWS System alg exeC WINDOWS system wuauclt exeC Program Files Windows Live Contacts wlcomm exeC Program Files Enigma Software Group SpyHunter SpyHunter exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exec WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run VirtualCloneDrive quot C Program Files Elaborate Bytes VirtualCloneDrive VCDDaemon exe quot sO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitserviceO - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgentO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot backgroundO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Blog This - C -... Read more

A:possible keylogger?????

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/278861/possible-keylogger/
Relevancy 29.67%

hey ive been on my toshiba satellite a - x and i was playing a game online my passwords keep getting changed and im not doing it My laptop is locked to all family members they have also been on my emails accepting the password changes can anyone please help me check if i have a keylogger heres the report Logfile of Trend Micro HijackThis v Scan saved at on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes c PROGRA mcafee com agent mcagent exe C Program Files x TOSHIBA ConfigFree NDSTray exe C Program Files x Internet Explorer iexplore exe C Program Files x TOSHIBA Utilities KeNotify exe C Program Files x TOSHIBA TOSHIBA USB Sleep and Charge Utility TUSBSleepChargeSrv exe C Program Files x iTunes iTunesHelper exe C Program Files x DivX DivX Update DivXUpdate exe C Keylogger... i think... Program Files x Internet Explorer iexplore exe C Program Files x TOSHIBA ConfigFree CFSwMgr exe C Program Files TOSHIBA HDMICtrlMan HCMSoundChanger exe C Program Files x Internet Explorer iexplore exe C Windows SysWow Macromed Flash FlashUtil e exe C Program Files x Skype Phone Skype exe C Program Files x Skype Plugin Manager skypePM exe C Program Files x Skype Toolbars Shared SkypeNames exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http Keylogger... i think... go microsoft com Keylogger... i think... fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook UrlSearchHook Class - - E - FD - - F E FC - C Program Files x Ask com GenericAskToolbar dll F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files x Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files x McAfee VirusScan scriptsn dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - BHO Ask Toolbar BHO - D C F- A- -A AD- D - C Program Files x Ask com GenericAskToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar Ask Toolbar - D C F- A- -A AD- D - C Program Files x Ask com GenericAskToolbar dll O - HKLM Run SVPWUTIL C Program Files x TOSHIBA Utilities SVPWUTIL exe SVPwUTIL O - HKLM Run HWSetup quot C Program Files TOSHIBA Utilities HWSetup exe quot hwSetUP O - HKLM Run KeNotify C Program Files x TOSHIBA Utilities KeNotify exe O - HKLM Run TUSBSleepChargeSrv ProgramFiles x TOSHIBA TOSHIBA USB Sleep and Charge Utility TUSBSleepChargeSrv exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run TWebCamera quot Progr... Read more

https://forums.techguy.org/threads/keylogger-i-think.930650/
Relevancy 29.67%

Hi Recently my World of Warcraft account got hacked I followed the steps Do have keylogger? still a I in this thread to clean my computer from a possible keylogger http forums wow-europe com thread html topicId amp sid amp pageNo No one of the used cleaners found anything Do I still have a keylogger? suspicious only Ad-Aware removed some cookies I ll post the log from MBAM MalwareBytes Anti-Malware too sorry for the Danish version Do I still have a keylogger Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS Do I still have a keylogger? System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Programmer Windows Defender MsMpEng exe C WINDOWS System svchost exe C Programmer Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Programmer Avira AntiVir Desktop sched exe C WINDOWS Explorer EXE C Programmer Google Update GoogleCrashHandler exe C WINDOWS system RUNDLL EXE C WINDOWS system oodtray exe C Programmer Lavasoft Ad-Aware AAWTray exe C Programmer Windows Defender MSASCui exe C Programmer Microsoft Office Office GrooveMonitor exe C Programmer Avira AntiVir Desktop avgnt exe C WINDOWS system ctfmon exe C Programmer Windows Live Messenger msnmsgr exe C Programmer Skype Phone Skype exe C Programmer Avira AntiVir Desktop avguard exe C Programmer Canon IJPLM IJPLMSVC EXE C Programmer Java jre bin jqs exe C WINDOWS System nvsvc exe C WINDOWS system oodag exe C WINDOWS system PnkBstrA exe C WINDOWS System svchost exe C Programmer F lles filer Microsoft Shared Windows Live WLIDSVC EXE C Programmer F lles filer Microsoft Shared Windows Live WLIDSvcM exe C Programmer Skype Plugin Manager skypePM exe C Programmer Mozilla Firefox firefox exe C Programmer Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http dk msn com R - HKCU Software Microsoft Internet Explorer Main Start Page http dk msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Programmer Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Programmer Microsoft Office Office GrooveShellExtensions dll O - BHO Hj lp til tilmelding til Windows Live ID - D - C - ABF- ECC- C - C Programmer F lles filer Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Programmer Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Programmer Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Programmer Java jre lib deploy jqs ie jqs plugin dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Programmer DAEMON Tools Toolbar DTToolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInit O - HKLM Run OODefragTray C WINDOWS system oodtray exe O - HKLM Run Ad-Watch C Programmer Lavasoft Ad-Aware AAWTray exe O - HKLM Run Windows Defender quot C Programmer Windo... Read more

A:Do I still have a keylogger?

Bring Up My Post please !
 

https://forums.techguy.org/threads/do-i-still-have-a-keylogger.870638/
Relevancy 29.67%

Hello I've had a keylogger on my computer since about th november I got it by accessing a website with a cn url on the world of warcraft official forums and it has been targetting my WoW account I ran scans on that day and thought I got rid of it but it hacked my account again on th november I've used these programs as security measures since then Avast Malware bytes Ad-Aware ATF-Cleaner SpywareBlaster Spybot S amp D I'd very much like an analyst to check my logs and further help me with this issue please DDS txt DDS Version - NTFSx Run by Karl Wayne Connie at on Microsoft Windows XP Professional GMT Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS Explorer EXE C PROGRA ALWILS Avast ashDisp exe svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system spoolsv exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS system ctfmon exe C Program Files Uniblue SpeedUpMyPC SpeedUpMyPC exe C Program Files Mozilla Firefox firefox exe D Documents and Settings Karl Wayne Connie Desktop gmer exe D Documents and Settings Karl Wayne Connie Desktop dds scr Psuedo HJT Report uStart Page Keylogger hxxp www daemon-search com startpage uWindow Keylogger Title Packard Bell uSearch Bar hxxp format packardbell com cgi-bin redirect country UK amp range AD amp phase amp key SEARCH uInternet Settings ProxyOverride local BHO Keylogger E F-C D - D -B D- B D BE B - c program files adobe acrobat activex AcroIEHelper dll BHO B F - A - - E -C B BC E - c program files keyscrambler KeyScramblerIE dll BHO - F - D - - D F - c progra spybot SDHelper dll BHO BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO D - C - ABF- ECC- C - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AF DE - D - -B FA-CE B AD D - c program files google googletoolbarnotifier swg dll TB D - - -A B -AEFAF AB - c program files veoh networks veoh plugins reg VeohToolbar dll uRun ctfmon exe c windows system ctfmon exe uRun NVIDIA nTune quot c program files nvidia corporation ntune nTuneCmd exe quot clear uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe mRun IMJPMIG quot c windows ime imjp IMJPMIG EXE quot Spoil RemAdvDef Migration mRun PHIME ASync c windows system ime tintlgnt TINTSETP EXE SYNC mRun PHIME A c windows system ime tintlgnt TINTSETP EXE IMEName mRun ehTray c windows ehome ehtray exe mRun High Definition Audio Property Page Shortcut HDAShCut exe mRun AzMixerSel c program files realtek installshield AzMixerSel exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun Ulead AutoDetector v c program files common files ulead systems autodetector monitor exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun atwtusb atwtusb exe beta mRun avast c progra alwils avast ashDisp exe mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit dRun CTFMON EXE c windows system CTFMON EXE StartupFolder d docume alluse startm programs startup exifla lnk - c program files finepixviewers QuickDCF exe uPolicies-explorer NoActiveDesktopChanges x uPolicies-explorer NoWindowsUpdate x uPolicies-explorer NoDevMgrUpdate x uPolicies-system NoDispCpl x uPolicies-system DisableTaskMgr x uPolicies-system NoDispAppearancePage x uPolicies-system NoDispSettingsPage x mPolicies-explorer NoWindowsUpdate x mPolicies-system DisableTaskMgr x dPolicies-explorer NoActiveDesktopChanges x dPolicies-explorer NoWindowsUpdate x dPolicies-explorer NoDevMgrUpdate x dPolicies-system NoDispCpl x dPolicies-system DisableTaskMgr x dPolicies-system NoDispAppearancePage x dPolicies-system NoDispSettingsPage x IE E amp xport to Microsoft Excel - c pr... Read more

A:Keylogger

Hi, sorry for the delay in responding.

I deleted the two older threads that you created so we can work on the newest set of logs.

configure your computer to show hidden files. if you need help with that, you can take a look at this: http://www.bleepingcomputer.com/tuto...utorial62.html

Go here: http://www.bleepingcomputer.com/subm...php?channel=55
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

c:\windows\download1

Select it and click ok:
Then click the Send File button below.

do the same for this file: c:\windows\@@desktop.dat

let me know when you're done so I can take a look at them. If you have the log from the malwarebytes antimalware scan, please include it in your next reply.

http://www.techsupportforum.com/forums/f100/keylogger-315876.html
Relevancy 29.67%

I play a popular mmorpg and my account became compromised last night I ve since logged on to a different computer and changed the email and password associated with the account It s usually keyloggers think have may I a keylogger I that are associated with this kind of compromise I think I may have a keylogger lt b gt Once it was secure again I I think I may have a keylogger ran an AVG scan Malware bytes scan as well as a spybot search and destroy scan None of these were able to find anything lt b gt I am trying to make sure my system is clean before logging in again in order to avoid another compromise lt b gt Other precautions I take are with Secunia PSI Zonealarm and using only firefox which is running noscript Web of Trust and Ad blocker plus lt b gt I installed and ran HJT and here is the log file lt b gt Logfile of Trend Micro HijackThis v lt b gt Scan saved at AM on lt b gt Platform Unknown Windows WinNT lt b gt MSIE Internet Explorer v lt b gt Boot mode Normal lt b gt lt b gt Running processes lt b gt C Program Files x Common Files Nero Lib NMIndexStoreSvr exe lt b gt C Program Files x Spybot - Search amp Destroy TeaTimer exe lt b gt C Program Files x MagicTune Premium GammaTray exe lt b gt C Program Files x HP Digital Imaging bin hpqtra exe lt b gt C Program Files x AVG AVG avgtray exe lt b gt C Program Files x Zone Labs ZoneAlarm zlclient exe lt b gt C Program Files x HP Digital Imaging bin hpqSTE exe lt b gt C Program Files x HP Digital Imaging bin hpqbam exe lt b gt C Program Files x Secunia PSI psi exe lt b gt C Program Files x HP HP Software Update hpwuschd exe lt b gt C Program Files x HP Digital Imaging bin hpqgpc exe lt b gt C Program Files x Mozilla Firefox firefox exe lt b gt C Program Files x Mozilla Firefox plugin-container exe lt b gt C Program Files x Trend Micro HijackThis HijackThis exe lt b gt lt b gt lt b gt R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId lt b gt R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId lt b gt R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId lt b gt R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId lt b gt R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId lt b gt R - HKLM Software Microsoft Internet Explorer Search SearchAssistant lt b gt R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch lt b gt R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm lt b gt R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName lt b gt R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll lt b gt R - URLSearchHook ZoneAlarm Toolbar - f e d- da - c -a c -dd b acd - C Program Files x ZoneAlarm tbZone dll lt b gt F - REG system ini UserInit userinit exe lt b gt O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll lt b gt O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll lt b gt O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll lt b gt O - BHO no name - C C A-E - b - D - CECB - no file lt b gt O - BHO ZoneAlarm Toolbar - f e d- da - c -a c -dd b acd - C Program Files x ZoneAlarm tbZone dll lt b gt O - BHO ZoneAlarm Security Engine Registrar - A A C - - D C-BD D- CB EED E - C Program Files CheckPoint ZAForceField WOW TrustChecker bin TrustCheckerIEPlugin dll lt b gt O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll lt b gt O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll lt b gt O - BHO Java t... Read more

A:I think I may have a keylogger

I've installed keyscrambler and sophos in the mean time. sophos found 9 hidden items, none of which I recognize. I took a screenshot, should I upload that and link it as well?

Am I missing any crucial information? Should rescan with hjt?
 

https://forums.techguy.org/threads/i-think-i-may-have-a-keylogger.932080/
Relevancy 29.67%

I am led to belive i have a keylogger on my system that i cant find can anyone tell me if this looks suspicious keylogger? Possible Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista Possible keylogger? SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Windows Live Messenger msnmsgr exe C Program Files x Yahoo Messenger YahooMessenger exe C Program Files x Java jre bin jusched exe C Program Files x iTunes iTunesHelper exe C Program Files x Common Files Symantec Shared ccSvcHst exe C Program Files x iTunes iTunes exe C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C Program Files x Common Files Apple Mobile Device Support bin distnoted exe C Program Files x Windows Live Contacts Possible keylogger? wlcomm exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files x Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files x google googletoolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C PROGRA Yahoo Companion Installs cpn YTSingleInstance dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files x google googletoolbar dll O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files x Common Files Symantec Shared coShared Browser CoIEPlg dll O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run GrooveMonitor quot C Program Files x Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run ccApp quot C Progra... Read more

A:Possible keylogger?

Hello and welcome to TSF.

HijackThis is no longer employed as the initial scanning tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/possible-keylogger-342416.html
Relevancy 29.67%

Hi I'm trying to know if I have a keylogger still on my system or not It was around weeks ago I had got the keylogger after downloading a known AddOn for World of Warcraft AtlasLoot from curse c m The next day my e-mail and password for the WoW account had been reset I did virus scans using AVG and Ad-Aware both turning up nothing and I also deleted the AtlasLoot files Afterwords I had my account restored but it gets stolen immediately after changing passwords So in December I gave up trying to get it back and now I started up again I currently have access to the account but I haven't tried subscribing again or changing the default password Blizzard has set for me because I still feel like there could be the keylogger on my system Also the only program affected seems to be World of Warcraft none of my other accounts passwords have been reset or appear to be used although I have changed passwords I've downloaded various anti-virus programs such Possible keylogger as Anti Key-Logger and Spyware Doctor in addition to AVG and Ad-Aware Spyware Doctor turned out a large amount of random spyware files and I deleted them Now I've uninstalled the two What I'm trying to do is -know- if I have the keylogger or not and have turned to deciding whether or not to reformat my computer Here are the logs DDS Ver - - - NTFSx Run by L at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows Possible keylogger System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware aawservice exe C Windows system rundll exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Windows System CtHelper exe C Program Files Razer Tarantula razerhid exe C Program Files Razer Lachesis razerhid exe C Windows System rundll exe C Program Possible keylogger Files Java jre bin jusched exe C PROGRA AVG AVG avgwdsvc exe D Program Files Steam Steam exe C Program Files Windows Sidebar sidebar exe C Windows system PnkBstrA exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C PROGRA AVG AVG avgrsx exe C Windows system svchost exe -k imgsvc Possible keylogger C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Creative MediaSource RemoteControl RcMan exe C Program Files Razer Lachesis OSD exe D Program Files Xfire xfire exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files Windows Sidebar sidebar exe C Program Files Razer Lachesis razertra exe C Program Files Razer Lachesis razerofa exe C Program Files Common Files Steam SteamService exe C Program Files Razer Tarantula razertra exe D Program Files Xfire xfire exe C Windows system wuauclt exe C Windows System svchost exe -k swprv C Program Files Mozilla Firefox firefox exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users L Desktop dds com C Windows system wbem wmiprvse exe Pseudo HJT Report BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Java tm Plug-In SSV ... Read more

Relevancy 29.67%

Hello Someone was able to access an online account of mine I have never given the password I a I keylogger think have to anyone at all I noticed that things were being changed on my account so I changed the password Even with the new password I was still seeing changes I changed the password yet again using the onscreen keyboard and have only used the onscreen keyboard to log in from that point and the access has stopped I have run scans with avg Kaspersky and Spybot with no hits I am hoping that there is not one and would be elated to learn that my computer is clean Thank you in advance for any help that can be provided Here is my dds DDS Ver - - - NTFSx Run by jeremy at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free I think I have a keylogger On-access scanning enabled Updated FW COMODO Firewall Pro disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Lavasoft Ad-Aware aawservice exe C PROGRA AVG AVG avgwdsvc exe C Program Files Comodo Firewall cmdagent exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C WINDOWS system slserv exe C Program Files Viewpoint Common ViewpointService exe c WINDOWS system ZuneBusEnum exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS Explorer EXE C Program Files Multimedia Card Reader shwicon k exe C PROGRA PESTPA PPControl exe C PROGRA PESTPA PPMemCheck exe C PROGRA PESTPA CookiePatrol exe C WINDOWS system wuauclt exe C Program Files Comodo Firewall CPF exe C Program Files Zune ZuneLauncher exe C PROGRA AVG AVG avgtray exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system ctfmon exe C Documents and Settings jeremy Desktop dds scr Pseudo HJT Report uStart Page hxxp www bungie net uSearch Bar hxxp www google com ie mSearch Bar hxxp red clientapps yahoo com customize ie defaults sb ymsgr http www yahoo com ext search search html uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride uSearchURL Default hxxp www google com keyword s uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper ocx BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL TB CDD BF- FFB- - AD - DF B D - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - EB amp Yahoo Messenger bbe - e - d -ad - d ad - c progra yahoo common yhexbmesus dll EB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dll EB - a - b-a - c a a - No File uRun PeerGuardian c program files peerguardian pg exe uRun BitTorrent quot c program files bittorrent bittorrent exe quot --force start minimized uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun ctfmon exe c windows system ctfmon exe mRun Sunkist k c program files multimedia card reader shwicon k exe mRun PestPatrol Control Center c progra pestpa PPControl exe mRun PestPatrolCL mRun PPMemCheck c progra pestpa PPMemCheck exe mRun CookiePatrol c progra pestpa CookiePatrol exe mRun COMODO Firewall Pro quot c program files comodo firewall CPF exe quot background mRun Zune Launcher quot c program files zune ZuneLauncher exe quot mRun AVG TRAY c progra avg avg avgtray exe dRun ALUAlert c program files symantec liveupdate ALUNotify exe StartupFolder c docume allu... Read more

Relevancy 29.67%

I have had my World of Warcraft account stolen which is ridiculous i just started it to try it out but since the login was the Keylogger Possible same as my email address the hijacker stole my gmail account as well I know Possible Keylogger it was dumb but Possible Keylogger I had my gmail password set the same as my game account will never make that mistake again I told my friends who play WoW that somebody hacked my password from Blizzard and used it to take over my gmail account as well but they said there is no way somebody hacked blizzard and that I have a key logger I couldn't care less about my WoW account I really want my Gmail account back but that's not why I'm here I was wondering if I could get somebody to take a look at my logs here and let me know if I do in fact have a key logger I am using Win XP Pro AVG Anti-Virus Plus Firewall v paid version always up to date auto updated daily AVG virus vault has not had anything odd in it aside from the occasional tracking cookie and it scans nightly Here are the reports I'll post the DDS log and attach the DDS quot attach quot log as well as the Hijack This and RootRepeal log the RootRepeal log is taking a long time to finish I will attach that once its done Thanks for any help DaytonDDS Ver - - - NTFSx Run by Dayt at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus plus Firewall On-access scanning enabled Updated DDD - FF- F- E B- D D BF FW AVG Firewall enabled decf - - -b a-d d b Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system brsvc a exe C WINDOWS system spoolsv exe C WINDOWS system brss a exe C WINDOWS Explorer EXE C Program Files Razer Copperhead razerhid exe C WINDOWS RTHDCPL EXE C Program Files EVGA Precision EVGAPrecision exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C PROGRA AVG AVG avgtray exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files Keyspan Remote KDMRdmn exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files NVIDIA Corporation nTune nTuneService exe C Program Files Razer Copperhead razertra exe C Program Files Razer Copperhead razerofa exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C Program Files AVG AVG avgam exe C Program Files AVG AVG avgnsx exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files iPod bin iPodService exe C Program Files EVGA Precision Bundle OSDServer RTSS exe C Program Files AVG AVG avgcsrvx exe C Program Files Mozilla Firefox firefox exe C Program Files vghd VirtuaGirl downloader exe C Program Files Xfire Xfire exe C Program Files Ventrilo Ventrilo exe C Program Files HijackThis HijackThis exe C WINDOWS system NOTEPAD EXE C Documents and Settings Dayt Desktop HiJackThis exe C Documents and Settings Dayt Desktop dds scr Pseudo HJT Report BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun ctfmon exe c windows system ctfmon exe uRun ISUSPM c program files common files installshield updateservice ISUSPM exe -scheduler mRun NVIDIA nTune c program files nvidia corporation ntune nTuneCmd exe cl... Read more

A:Possible Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/284051/possible-keylogger/
Relevancy 29.67%

Trying to help my mother over the phone who thinks she has a keylogger so I got her to run HiJackThis I'm not sure if this is all the information needed I can talk to her again if anyone needs her system info or any other information Here's the log Logfile of Trend Micro HijackThis v Scan saved Keylogger Possible at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System Possible Keylogger svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS RTHDCPL EXE C Acer Empowering Technology eRecovery eRAgent exe C WINDOWS system igfxsrvc exe C Program Files Synaptics SynTP SynTPEnh exe C PROGRA LAUNCH QtZgAcer EXE C Program Files Google Google Desktop Search GoogleDesktop exe C PROGRA AVG AVG avgtray exe C Program Files AVG AVG avgwdsvc exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C WINDOWS system svchost exe C Program Files InterVideo Common Bin WinCinemaMgr exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgnsx exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system igfxext exe C DOCUME Carroll LOCALS Temp RtkBtMnt exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Carroll Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp s amp o xph amp d amp m aoa R - HKLM Software Microsoft Internet Explorer Main Default Page URL http global acer com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW amp l amp s amp o xph amp d amp m aoa O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Partner BHO Class - FF F - C - b -B BA-C DDD E C - C Documents and Settings All Users Application Data Partner partner dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B C AC BB E dll O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run LaunchApp Alaunch O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run AzMixerSel C Program Files Realtek Audio InstallShield AzMixerSel exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Adobe Reader Speed Launcher C Program Files Adobe Reader Read... Read more

A:Possible Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/282235/possible-keylogger/
Relevancy 29.67%

I believe I have a keylogger on my machine a Believe keylogger I have as some of Believe I have a keylogger my gaming accounts have been hacked I have not been able to identify it for removal DDS Ver - - - NTFSx Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C WINDOWS eHome ehRecvr exe C Program Files AVG AVG avgcsrvx exe C WINDOWS eHome ehSched Believe I have a keylogger exe C WINDOWS System svchost exe Believe I have a keylogger -k HTTPFilter C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system MsPMSPSv exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WMP Gv exe C WINDOWS system dllhost exe C WINDOWS system wbem wmiapsrv exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files Windows Media Player WMPNSCFG exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgtray exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Program Files Java jre bin jucheck exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Program Files TrendMicro HiJackThis HiJackThis exe C WINDOWS system NOTEPAD EXE C Documents and Settings Owner MIKO Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Owner MIKO My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp forums worldofwarcraft com board html forumId amp sid uInternet Connection Wizard ShellNext hxxp first usage amp s FIz aON Mb wpy R JXWB M uInternet Settings ProxyOverride local uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB F - - -AF E- A EA D - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - TB AA A- D - CBE-A - A D D - No File TB B B -DF B- AC-BBE -BCC A B B - No File uRun PlayNC Launcher uRun NCsoft Launcher c program files ncsoft launcher NCLauncher exe Minimized uRun Skype quot c program files skype phone Skype exe quot nosplash minimized uRun Google Update quot c documents and settings owner miko local settings application data google update GoogleUpdate exe quot c uRun ISUSPM quot c program files common files installshield updateservice ISU... Read more

A:Believe I have a keylogger

Hi mlucasva and welcome to Bleeping Computer.I apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please follow these instructions:Step 1Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Step 2Download OTL to your desktop.
if you have problems, try this download link:
OTLDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity Check..Now copy the lines in the codebox below.
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.In your next reply, please submit: MBAM scan reportand both reports from OTL.Thanks.

http://www.bleepingcomputer.com/forums/t/281192/believe-i-have-a-keylogger/
Relevancy 29.67%

Hi my name is Rob and I m running a Dell that I picked up in with Windows XP I probably know just enough to be dangerous to myself which is why I don t want to just go fixing things I don t understand Maybe I m paranoid Keylogger? but I m on Keylogger? hunt for a software keylogger This happens every so often--probably paraniod but just because I m paranoid doesn t mean they ain t out to get me lol I ran SpyBot and for some reason it can t fix issues found with a log but they were only highlighted in green not red if you re familiar with the program I also ran hijackthis as I m told some folks have success finding them with that program Could someone here help me interpret it Am I just being paranoid Thanks Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System Keylogger? smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS System CTsvcCDA EXE C WINDOWS system drivers KodakCCS exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS System MsPMSPSv exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C WINDOWS system devldr exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Dell Support Alert bin DAMon exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Melissa Holley Local Settings Temporary Internet Files Content IE UW CWEJ HiJackThis v exe C Program Files Messenger msmsgs exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page https secure vonage com vonage-web public login htm R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http rd yahoo com customize ymsgr defaults http my yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program F... Read more

Relevancy 29.67%

Hello I have been hacked on wow and I want to know whats the problem with my computer I have an Authenticator to the account and still the hacker can log in and steal things I have changed account information from different computers and still it doesn t work Possible keylogger Please I need help Heres my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Possible keylogger Normal Running processes C Program Files DigitalPersona Bin DpAgent exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE Possible keylogger C Program Files Synaptics SynTP SynTPStart exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Adobe Reader Reader reader sl exe C Program Files Hewlett-Packard HP Health Check HPHC Scheduler exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files AVG AVG avgtray exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Windows system wbem unsecapp exe C Program Files Hewlett-Packard Shared HpqToaster exe C Windows system taskeng exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Secunia PSI psi exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www wowhead com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale sv se amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale sv se amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO L nkhj lp till Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO Windows Live inloggningshj lpen - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO ... Read more

https://forums.techguy.org/threads/possible-keylogger.866770/
Relevancy 29.67%

Hi all ive ran scans with ad aware spybot and i have avg etc i installed the software a while back and the win spy software keeps appearing in the tray and i dont know how to get rid of it any advice would be great hers my log Logfile of Trend I Get To It! How Win Rid Keylogger Spy Of Micro HijackThis v BETA Scan saved at on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C Program Files Common Files AOL Win Spy Keylogger How To I Get Rid Of It! ACS AOLAcsd exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system slserv exe C WINDOWS System svchost exe C WINDOWS wanmpsvc exe C WINDOWS Explorer EXE C WINDOWS System igfxtray exe C WINDOWS System hkcmd exe C WINDOWS System igfxpers exe C Program Files QuickTime qttask exe C Program Files BT Voyager ADSL Modem dslstat exe C Program Files VoyagerTest fts exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files Logitech LComMgr Communications Helper exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C Program Files Java jre bin jusched exe C Program Files USB Disk Win Driver Res EXE C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Common Files Logitech LComMgr LVComSX exe C PROGRA Grisoft AVG avgcc exe C WINDOWS system ctfmon exe C Program Files MSN Messenger msnmsgr exe C Program Files AOL aoltray exe c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe C Program Files SpywareGuard sgmain exe c program files common files aol ee aolsoftware exe C Program Files SpywareGuard sgbhp exe C Program Files AOL waol exe C Program Files AOL shellmon exe C Program Files Common Files AOL aoltpspd exe C WINDOWS system OS check services exe C Program Files Mozilla Firefox firefox exe C Documents and Settings DARREN Desktop HiJackThis v exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKLM Software Microsoft Internet Explorer Main First Home Page C Program Files AOL Toolbar welcome html R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run Persistence C WINDOWS System igfxpers exe O - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run DSLSTATEXE C Program Files BT Voyager ADSL Modem dslstat exe icon O - HKLM Run FP Friendly fts exe quot C Program Files VoyagerTest fts exe quot O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files Logitech LComMgr Communications Helper exe quot O - HKLM Run High Definition Audio Property Page Shortcut HDA... Read more

https://forums.techguy.org/threads/win-spy-keylogger-how-to-i-get-rid-of-it.562403/
Relevancy 29.67%

Hi i ve recently had my World of warcraft account hacked and in an email sent by Blizzard they said they have reason to believe my account has been compromised by the use of a Keylogger or a Trojan I ve run countless scans using all different types of software such as AVG Spybot Ad-aware to just name a few All of which found nothing So following a guide that suggested using Hijackthis and posting the log on boards where a may keylogger. Think have I help! Please people know what they re doing - I was directed to here I haven t logged onto my account yet since i m still not sure whether there s something on my Think I may have a keylogger. Please help! computer or not Hopefully you guys can help out here Thanks for reading Here s the log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system PnkBstrA Think I may have a keylogger. Please help! exe C PROGRA AVG AVG avgrsx exe C WINDOWS system PnkBstrB exe C PROGRA AVG Think I may have a keylogger. Please help! AVG avgnsx exe C WINDOWS System tcpsvcs exe C WINDOWS System svchost exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C PROGRA AVG AVG avgtray exe C WINDOWS RTHDCPL EXE C Program Files Razer Diamondback G razerhid exe C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C Program Files UltraMon UltraMon exe C WINDOWS system ctfmon exe C program files steam steam exe C Program Files UltraMon UltraMonTaskbar exe C Program Files Skype Phone Skype exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Razer Diamondback G razertra exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C WINDOWS ALCFDRTM EXE C Program Files Razer Diamondback G razerofa exe C Program Files Skype Plugin Manager skypePM exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Java jre bin jqs exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib d... Read more

A:Think I may have a keylogger. Please help!

bump, please help!

apologies if this is a premature bump, just it's half way down page 2 - and i'm not sure if it'd get read or not.
 

https://forums.techguy.org/threads/think-i-may-have-a-keylogger-please-help.860765/
Relevancy 29.67%

So I play a certain game and my account got hacked Keylogger? Used Ad-Aware Spybot - S amp D and Malwarebytes Anti-Malware also scanned with ESET Smart Security While doing Keylogger? all this I removed one trojan called Trojan Win Generic BT which I think don t have anything to do with keylogger or does it Here s hijack log hope you can help me Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Unknown Windows WinNT MSIE Internet Explorer Keylogger? v Boot mode Keylogger? Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskhost exe D Programy Winamp winampa exe C Program Files Logitech SetPointP SetPoint exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe D Programy Adobe Reader Reader reader sl exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files Lexmark Series ezprint exe C Program Files ESET ESET Smart Security egui exe C Program Files Common Files Java Java Update jusched exe C Program Files Windows Live Messenger msnmsgr exe D Programy ALLPlayer ALLUpdate exe D Programy Gadu-Gadu gg exe C Program Files Windows Media Player WMPSideShowGadget exe C Program Files Windows Media Player wmplayer exe C Program Files Windows Live Contacts wlcomm exe C Program Files Lavasoft Ad-Aware AAWTray exe D Programy Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Pomocnik rejestracji us amp ugi Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run WinampAgent D Programy Winamp winampa exe O - HKLM Run EvtMgr C Program Files Logitech SetPointP SetPoint exe launchGaming O - HKLM Run Launch LgDeviceAgent quot C Program Files Logitech GamePanel Software LgDevAgt exe quot O - HKLM Run Launch LCDMon quot C Program Files Logitech GamePanel Software LCD Manager LCDMon exe quot O - HKLM Run Launch LGDCore quot C Program Files Logitech GamePanel Software G-series Software LGDCore exe quot SHOWHIDE O - HKLM Run Adobe Reader Speed Launcher quot D Programy Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run LXBTCATS rundll C Windows system spool DRIVERS W X LXBTtime dll email protected O - HKLM Run lxbtmon exe quot C Program Files Lexmark Series lxbtmon exe quot O - HKLM Run EzPrint quot C Program Files Lexmark Series ezprint exe quot O - HKLM Run egui quot C Program Files ESET ESET Smart Security egui exe quot hide waitservice O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech Logitech WebCam Software LWS exe quot hide O - HKLM Run SunJavaUpdateSched quot C Program Files Common Files Java Java Update jusched exe quot O - HKCU Run IPLA C Program Files ipla ipla exe autorun O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot ba... Read more

https://forums.techguy.org/threads/keylogger.939166/
Relevancy 29.67%

I downloaded something that could have been infected. Not so sure if I am, need some help.

If I do have a keylogger, it will be a FUD. Anyway I can send you logs to find out if I am?
 

https://forums.techguy.org/threads/i-think-i-have-a-keylogger.939826/
Relevancy 29.67%

Hello Two days ago I wanted to check whether my computer was a I Keylogger know have don't if I free of any virus malware or keyloggers I used AVG Free Edition for the virus scan and I used Malwarebytes free edition for the malware scan and both said no threats I don't know if I have a Keylogger were found Anyways that is just the intro my real problem is the detection of keyloggers I m not sure how to detect where a keylogger presents so I searched on google and found this guide I don't know if I have a Keylogger http www internetgeeks org tech hacking find-keylogger-computer Section I followed the instructions on the guide and noticed one of the startup in msconfig was checked after I disabled all and turned off my AVG So according to the guide I have a keylogger However I m not sure whether this guide is trustworthy or not so I did not take any actions I then ran the ESET Online Scanner and found threats which were all removed stated - a variant of Win Kryptik TFJ trojan cleaned by deleting - quarantined - a variant of Win Kryptik TFJ trojan cleaned by deleting - quarantined - a variant of Java Agent DZ trojan deleted - quarantined - a variant of Win KillProc A application cleaned by deleting - quarantined So I tried to use the guide I found from google again but I received the same result one startup checked Next I ran ESET for the second time in case there were any flaws But this time it said no threats were found If the guide is not a trick then it means that I still have a keylogger on my computer I m not sure whether it s true and how to remove the keylogger I don't know if I have a Keylogger if it is My OS Windows XP Scanners installed AVG Free Malwarebytes Free Sorry for the long read I tried to provide as many details as possible Thanks for any help

A:I don't know if I have a Keylogger

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, installing or getting ... Read more

http://www.bleepingcomputer.com/forums/t/436679/i-dont-know-if-i-have-a-keylogger/
Relevancy 29.67%

hi guys, i logged intoday to find adaware had blocked world of warcraft due to there beeing a keylogger in the software. i ran all the stuff, avg, spybot, ccleaner and adaware (which picked it up on 2 runs), would you guys take a look at the hijack this log to see if it is clear as i also do online banking with this pc.thanks

A:Is the keylogger still there

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/306158/is-the-keylogger-still-there/
Relevancy 29.67%

I I more keylogger have a than likely ve been hacked on World of Warcraft three times in the past day I have my account back now but my emails and stuff keep getting I more than likely have a keylogger hacked Here s the HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Windows Live Messenger msnmsgr exe C Program Files x iTunes iTunesHelper exe C Program Files x Java jre bin jusched exe C Program Files x AVG AVG avgtray exe C Program Files x Windows Live Contacts wlcomm exe C Users Edwid AppData Local Google Chrome Application chrome exe C Users Edwid AppData Local Google Chrome Application chrome exe C Users Edwid AppData Local Google Chrome Application chrome exe C Users Edwid AppData Local Google Chrome Application chrome exe C Program Files x Java jre bin jucheck exe C Users Edwid AppData Local Google Chrome Application chrome exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software I more than likely have a keylogger Microsoft Internet Explorer Main Search Page http go microsoft com fwlink I more than likely have a keylogger LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Veoh Web Player Video Finder - FBB -D D - f a-A E - B BFC - C Program Files x Veoh Networks VeohWebPlayer VeohIEToolbar dll O - Toolbar Veoh Video Compass - EB - A- B - A - F D DAE - C Program Files x Veoh Networks Veoh Video Compass SearchRecsPlugin dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files x AVG AVG Toolbar IEToolbar dll O - HKLM Run Turbine Download Manager Tray Icon quot C Program Files x Turbine Turbine Download Manager TurbineDownloadManagerIcon exe quot O - HKLM Run PWRISOVM EXE quot C Program Files x PowerISO PWRISOVM EXE quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run AdobeCS ServiceManager quot C Program Files x Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbylogin O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRun O - HKCU Run Google Update quot C Users Edwid AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run Skype quot C Program Files x Skype Phone Skype exe quot nosplash minimized O - ... Read more

https://forums.techguy.org/threads/i-more-than-likely-have-a-keylogger.858018/
Relevancy 29.67%

I believe I ve been infected with a keylogger I found a prcess called sysfrcx exe lurking in Keylogger Help!!!!! my Task Manager I need help Here is my Hijack this report Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Keylogger Help!!!!! WINDOWS system spoolsv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system LxrSII s exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus AdvTools NPROTECT EXE C WINDOWS System svchost exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C WINDOWS system sysfrcx exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Java jre bin jusched exe C WINDOWS System spool DRIVERS W X E S I H EXE C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files amp amp EasyLogin EasyLogin exe C Program Files iPod bin iPodService exe C Program Files Internet Explorer iexplore exe C Program Files Adobe Acrobat Reader AcroRd exe C Documents and Settings Owner Desktop stuff hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar up Graphix toolbar - e a -cb - c - c - a b aad - C Program Files up Graphix tb up dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run ccApp C Program Files Common Files Symantec Shared ccApp exe O - HKLM Run ccRegVfy C Program Files Common Files Symantec Shared ccRegVfy exe O - HKLM Run Advanced Tools Check C PROGRA NORTON AdvTools ADVCHK EXE O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe Consumer O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run EPSON Stylus Photo R Series C WINDOWS System spool DRIVERS W X E S I H EXE P quot EPSON Stylus Photo R Series quot O quot USB quot M quot Stylus Photo R quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run amp EasyLogin quot C Program Files amp amp EasyLogin EasyLogin exe quot HIDE O - HKCU Run C Program Files amp amp EasyLogin EasyLogin exe quot amp EasyLogin quot HIDE O - HKCU Run Aim quot C Program Files AIM aim exe quot d locale en-US ee aol imApp O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - Global S... Read more

Relevancy 29.67%

I am paranoid that i may have a keylogger and i do not want anyy of my personal informoation stolen please help Here is a scan i did with HijackThis Logfile of HijackThis v Scan saved at AM on Platform Unknown Windows WinNT SP MSIE Internet Explorer v Running processes C Program Files x Lavasoft Ad-Aware aawservice exe C Program Files x AIM aim exe think I i have Help! a keylogger! C Program Files x Registry Mechanic RMTray exe C Program Files x HP Digital Imaging bin hpqtra exe C Program Files x Stardock ObjectDock ObjectDock exe C Program Files x AVG AVG avgtray exe C Program Files x Search Settings SearchSettings exe C Program Files x Common Files LogiShrd LComMgr Communications Helper exe C Program Files x Common Files LogiShrd LComMgr LVComSX exe C Program Files x Spyware Doctor pctsTray exe C Program Files Help! I think i have a keylogger! x AIM aolsoftware Help! I think i have a keylogger! exe C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files x Bonjour mDNSResponder exe C Windows SysWOW svchost exe C Windows SysWOW PnkBstrB exe C Program Files x Spyware Doctor pctsAuxs exe C Program Files x Spyware Doctor pctsSvc exe c Program Files x Microsoft SQL Server Shared sqlbrowser exe C Program Files x Mozilla Firefox firefox exe C Program Help! I think i have a keylogger! Files x Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search conduit com SearchSource amp ctid CT R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - f - dc - -bc - e fefafe - no file R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - E E- - F - DAB-FCDD B E D - no file R - URLSearchHook no name - cb c - ea- af - e -a e b - no file R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll R - URLSearchHook SearchSettings Class - E E- - F - DAB-FCDD B E D - C Program Files x Search Settings kb SearchSettings dll O - Hosts localhost O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files x TechSmith Snagit SnagitBHO dll O - BHO Dealio Toolbar - B - AF- FFB- AB - A C FB A C - C Program Files x Dealio Toolbar DealioToolbarIE dll O - BHO ToggleEN Toolbar - cb c - ea- af - e -a e b - C Program Files x ToggleEN tbTogg dll O - BHO PopupBlockerBHO CPopupBlockerBHO - D -C - -B AC- EF F E - C Program Files x SmartPopupBlocker PopupBlockerBHO dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files x AskBarDis bar bin askBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files x Microsoft Office Office GrooveShellExtensions dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO AIM Toolbar Loader - b cda -b - eef-a - a ac dbf - C Program Files x AIM Toolbar aimtb dll O - BHO Java tm Plug-In SSV Helper - ... Read more

https://forums.techguy.org/threads/help-i-think-i-have-a-keylogger.857046/
Relevancy 29.67%

So when I started my computer today (I use Vista Home Premium 64-bit) I noticed that before it went to the welcome screen it said something in a line. It said something like, "264...registry...keystroke" or something like that. After that screen it then went to a screen which said "Configuring Updates Step 0 out of 3" but I didn't install any updates prior to starting my computer?

I also swear I saw a RuneScape cursor at the Welcome screen.

A:Keylogger?

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the report in your next reply.Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal i... Read more

http://www.bleepingcomputer.com/forums/t/262926/keylogger/
Relevancy 29.67%

I ran a scan on KL-Detector and this is what I got Below are some file operations that were done during the monitoring process Review them carefully and check for suspicious files C Documents and Settings Owner ntuser dat LOG was modified C Documents and Settings Owner ntuser dat LOG was modified C Documents and Settings Owner ntuser dat LOG was modified C Documents and Settings Owner Local Settings Temporary Internet Files Content IE OPQRSTUV was modified C WINDOWS system config software LOG was modified C WINDOWS system config software LOG was modified C Documents and Settings Owner ntuser dat LOG was modified C Documents and Settings Owner ntuser dat LOG was modified C Documents and Settings Owner ntuser dat LOG was modified have keylogger? Do i a C Documents and Settings Owner ntuser dat Do i have a keylogger? LOG was modified C WINDOWS system config software LOG was modified C WINDOWS system config software LOG was modified C WINDOWS system config software LOG was modified C WINDOWS system config software LOG was modified C WINDOWS Prefetch NOTEPAD EXE- A pf was modified C WINDOWS Prefetch NOTEPAD EXE- A pf was modified note I wrote the last two notepad ones while the scan was going does this look like a problem nbsp

A:Do i have a keylogger?

Sorry for the double post but here is my HJT log:

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Us... Read more

https://forums.techguy.org/threads/do-i-have-a-keylogger.855591/
Relevancy 29.67%

I was downloading new addons for Keylogger world of warcraft and I made the stupid mistake of running an exe without thinking I ran a virus scan with Ad-aware and I had hoped that it would delete it It didn t I got my account stole I Keylogger ve already gotten the account back from blizzard and they are waiting for me to send them new account info I followed a procedure on the forum for cleaning your computer and the last step was to post my logs here I m just trying to make sure that the Keylogger is gone Running processes C Windows PixArt Pac Monitor exe C Program Files x Steam steam Steam exe C Program Files x Kontiki KHost exe C Program Files x Curse CurseClient exe C Program Files x Windows Live Messenger msnmsgr exe C Program Files x Razer Habu razerhid exe C Program Files x Winamp winampa exe C Program Files x Java jre bin jusched exe C Program Files x Analog Devices Core smax pnp exe C Program Files x Analog Devices SoundMAX SoundTray exe C Program Files x Turbine Turbine Download Manager TurbineDownloadManagerIcon exe C Program Files x iTunes iTunesHelper exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe C Program Files x Razer Habu razerofa exe C Program Files x Windows Live Contacts wlcomm exe C Program Files x Java jre bin jucheck exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www ask com o amp l dis R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook free-downloads net Toolbar - ecdee - d - f-a ff-c a - C Program Files x free-downloads net tbfree dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - FD A - B - B- - F FAB A - no file O - BHO no name - C C A-E - b - D - CECB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll O - BHO FlashFXP Helper for Internet Explorer - E A B-D - -AD - B EE - C PROGRA FlashFXP IEFlash dll O - BHO free-downloads net Toolbar - ecdee - d - f-a ff-c a - C Program Files x free-downloads net tbfree dll O - Toolbar free-downloads net Toolbar - ecdee - d - f-a ff-c a - C Program Files x free-downloads net tbfree dll O - HKLM Run Habu quot C Program Files x Razer Habu razerhid exe quot O - HKLM Run WinampAgent quot C Program Files x Winamp winampa exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run SoundM... Read more

Relevancy 29.67%

Hi guys, I'm using the trial version of "All In One Keylogger 1.76" - I can't figure out how to get the logs emailed to me; it's asking for an SMTP server if I want to have the logs emailed to me....?? I have no idea what that is. If anyone has used it or can tell me what an SMTP server is that would be a lot of help. Thanks J

A:Keylogger 1.76?

J,I have not used the software before, sorry. However I do know what it's asking when it asks for an SMTP server. Click this link for an overview of how an SMTP server performs it's email function. In essence the software is asking you for the mail server ID. You'll have to get that from the service you use for email. hthBe (SMTP) SafeDa Bleeping Animal

http://www.bleepingcomputer.com/forums/t/34349/keylogger-176/
Relevancy 29.67%

Hey-I've run MBAM, Spybot S&D, Ad-aware, and Avast. I am now recently running Zone Alarm firewall per someone's advise. After doing so I've changed an online gaming password and have been hacked into for a second time. I'm thinking this must be some sort of keylogger issue. Not sure if it matters but I do currently have windows 7 running.Attached is my HJT log. Any help would be greatly appreciate. Thanks!

A:Possible keylogger

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/313912/possible-keylogger/
Relevancy 29.67%

Hi all -

First: I am not good with computers and will need very explicit directions, down to the level of "right-click here, then click this button." If that's not possible, I have someone who can guide me through broader instructions, so anything you can do will be very helpful.

My daughter's email account got hacked and sent me a spam link that I clicked without thinking. We now have reason to believe that it was a keylogger. I changed my email address from a different machine, but I'm worried about paying bills. My computer isn't showing any signs of trouble, so I don't know how to describe my problem beyond that.

Can I tell you anything else? Otherwise, what is my first step?

Thanks!

A:Keylogger?

Hello and welcome.. I will try to comply as best I can..I changed my email address Did you change your address or password?What is your antivirius?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default... Read more

http://www.bleepingcomputer.com/forums/t/456697/keylogger/
Relevancy 29.67%

hello,
first of all thank you for this website.

Ok so, I have had some strange things happen to my credit cards, and facebook account that lead me to believe I have a key logger. Facebook told me someone from china attempted to log into my account. And my CC and my wifes Debit card have been compromised. The facebook issue could have been done without a keylogger, but the creditcard and debit card have me worried.

Im at work so I don?t remember all of my pc?s specs but im using xp pro. it?s a dual core with like 1 gig of ram I believe. when I get home for lunch I will get more info.
Just let me know what you need.

I patiently await your instructions.

A:I believe i have a keylogger.

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/457082/i-believe-i-have-a-keylogger/
Relevancy 29.67%

Dunno This is my friends Keylogger Possible comp He wanted me to post this for him He thinks he removed it but you can never be too sure HJT Log Logfile Possible Keylogger of HijackThis v Scan saved at PM on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL Possible Keylogger C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM KB KB EXE C PROGRAM FILES GRISOFT AVG AVGFWSRV EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS SYSTEM QTTASK EXE C WINDOWS STARTER EXE C WINDOWS LOADQM EXE C PROGRAM FILES DRIVECLEANER FREE UDC EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE C WINDOWS SYSTEM WMIEXE EXE C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE C PROGRAM FILES GRISOFT AVG AVGEMC EXE C PROGRAM FILES GRISOFT AVG AVGAMSVR EXE C PROGRAM FILES MSN MESSENGER MSNMSGR EXE C PROGRAM FILES AIM AIM EXE C PROGRAM FILES LINKSYS WMP CONFIG UTILITY WMP CFG EXE C WINDOWS SYSTEM DDHELP EXE C WINDOWS SYSTEM STIMON EXE C WINDOWS SYSTEM SPOOL EXE C WINDOWS DESKTOP HIJACKTHIS HIJACKTHIS EXE R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - EA - - DB- F -D CA FB C D - no file O - BHO BHObj Class - - F D- C- E - A C E C - C WINDOWS NEM DLL file missing O - BHO BHObj Class - F E -F E- B E- D - EA C E - C WINDOWS WSEM DLL file missing O - BHO no name - D E B - CE- B-BE B-A B E - C PROGRA SEARCH SEARCH DLL file missing O - BHO MyHlpObjectLib MyHlpObject - B E - E - ED -BCAC- BA CF - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES PBBHO DLL O - BHO PopupBlockerBHO CPopupBlockerBHO - D -C - -B AC- EF F E - C PROGRAM FILES SMARTPOPUPBLOCKER POPUPBLOCKERBHO DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar amp Pop Up Blocker - D B B - B - A - -E AD D - C PROGRAM FILES WINCOGNITO POP UP BLOCKER FILES TOOLBAR DLL O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C PROGRAM FILES AOL AOL TOOLBAR AOLTB DLL O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottime O - HKLM Run EnsoniqMixer starter exe O - HKLM Run LoadQM loadqm exe O - HKLM Run DriveCleaner Free quot C Program Files DriveCleaner Free UDC exe quot min O - HKLM Run SDR Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCSDR EXE quot O - HKLM Run PAS Check quot C PROGRAM FILES COMMON FILES DRIVECLEANER FREE UDCPAS EXE quot O - HKLM Run UDC CW quot C PROGRAM FILES DRIVECLEANER FREE UDC CW EXE quot -c O - HKLM Run AVG CC C PROGRA GRISOFT AVG AVGCC EXE STARTUP O - HKLM Run AVG EMC C PROGRA GRISOFT AVG AVGEMC EXE O - HKLM Run AVG AMSVR C PROGRA GRISOFT AVG AVGAMSVR EXE O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent mstask exe O - HKLM RunServices StateMgr C WINDOWS System Restore StateMgr exe O - HKLM RunServices KB C WINDOWS SYSTEM KB KB EXE O - HKLM RunServices avgfwsrv C PROGRA GRISOFT AVG AVGFWSRV EXE srvfsys O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run AIM C PROGRAM FILES AIM aim exe -cnetwait odl O - Startup Wireless-B PCI Adapter Utility lnk C Program Files Linksys WMP Config Uti... Read more

Relevancy 29.67%

Hi all I m doing tech support for a user who has had her bank account and email account hacked I haven t been able to find any infections on her computer through Malwarebytes or through looking around I can usually only find the obvious things I want to be sure that whatever it is that got her passwords isn t on the computer though There may not be an infection at all but I want to have some experienced eyes take a look Before submitting this I ran ccleaner which removed about gb from the temp folders Computer Sony VAIOWindows Vista Home PremiumService pack Thanks in advance for any help you can give me DDS Keylogger Possible txt DDS Ver - - - NTFSx Run by Kisook at on - - Internet Possible Keylogger Explorer Microsoft Windows Vista Home Premium GMT - AV Symantec Endpoint Protection On-access scanning enabled Updated FB E- B - A- F -E D C SP Symantec Endpoint Protection enabled Updated C A -B D- D B-AF - A A SP Windows Defender disabled Outdated D DDC A- F- FAE- E -DA C ACF FW Symantec Endpoint Protection enabled BE FE -CD B- - A - DB DDB Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Program Files Symantec AntiVirus Smc exeC Windows system svchost exe -k NetworkServiceC Program Files Common Files Symantec Shared ccSvcHst exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC Users Public SoftRun NoPhishing NPNTService exeC Windows system nPStarterSVC exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system npnj Agent exeC Users Public SoftRun NoPhishing NPM exeC Program Files Microsoft SQL Server Shared sqlbrowser exeC Program Files Microsoft SQL Server Shared sqlwriter exeC Windows system svchost exe -k imgsvcC Program Files Symantec AntiVirus Rtvscan exeC Program Files Sony VAIO Event Service VESMgr exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system WUDFHost exeC Program Files Sony VAIO Event Service VESMgrSub exeC Windows system DRIVERS xaudio exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exeC Windows system igfxext exeC Windows system igfxsrvc exeC Windows system taskeng exeC Program Files Sony VAIO Power Management SPMgr exeC Windows system taskeng exeC Windows system Dwm exeC Program Files Symantec AntiVirus SmcGui exeC Program Files Windows Defender MSASCui exeC Program Files Sony Wireless Switch Setting Utility Switcher exeC Program Files Sony VAIO Update VAIOUpdt exeC Windows system igfxsrvc exeC Windows System igfxpers exeC Program Files Apoint Apoint exeC Program Files Sony VAIO Camera Utility VCUServe exeC Program Files Sony ISB Utility ISBMgr exeC Program Files Sony VAIO Center Access Bar VCAB exeC Program Files Adobe Acrobat Distillr acrotray exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Windows Sidebar sidebar exeC Windows ehome ehtray exeC Windows ehome ehmsas exeC Program Files Apoint ApMsgFwd exeC Program Files Apoint Apntex exeC Users Public SoftRun NoPhishing NoPhishing exeC Users Public System ctfmonnpe exeC Program Files Windows Media Player wmpnetwk exeC Windows system conime exeC Windows Explorer exeC Program Files Malw... Read more

A:Possible Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/308096/possible-keylogger/
Relevancy 29.67%

Hi All I am new to the forum and I am hoping someone out there might know how to answer my question regarding whether there is a keylogger on my desktop or not Background In a nut-shell after I accidentally uploaded my passwords to various internet sites onto my outlook calendar at work some very immature work colleagues IT professionals decided it would be fun to access those accounts and read my p.c.? on my a there keylogger is private emails what I had purchased on amazon etc and then drop it into conversation during a normal working day I know they have no lives of their own obviously I also had the is there a keylogger on my p.c.? WEP key to my home wireless network on the phone as if things were not bad enough and I strongly suspect that they hacked my wireless network is there a keylogger on my p.c.? due to other conversations that involved documents that were on my home P C When my partner accessed her hotmail account yesterday it was obvious that it was open in another location every time she selected the drop down list for changing the security question it would quickly be deselected this went on for a couple of minutes back and forth They had already hacked my hotmail account and I had to delete everything in it and close it The only way they could have accessed my partner s account without guessing the password was via keylogger on my home p c I have reverted back to an ethernet cable plugged into the phone jack downloaded malware bytes and I have Norton installed I have disabled wireless on the router IP address is dynamic I am currently using the on-screen keyboard to put in passwords but how do I know if there is a key logger or worse on my machine Also I had a blackberry and a Nokia hacked by these people and keyloggers installed on these too they are gone back to the factory to be flashed change SIM etc I figure they must have used a man-in-the-middle attack on my phone throught the partition at work crazy I know I am now also recieving silent calls to my home phone number which was on the cell phone via a skype account I don t think they like me very much Any advice regarding future security would be much appreciated checking if there is a keylogger installed etc Thanks MM

A:is there a keylogger on my p.c.?

Step 1:On your PC, Download Google Chrome (http://www.google.com/chrome) and Sandboxie (http://www.sandboxie.com/index.php?DownloadSandboxie). Set Chrome as your default browser (Start > Control Panel > Add or Remove Programs > Set program access and defaults > Custom > Google Chrome > Ok), right-click on the yellow diamond icon on the right side of your taskbar, highlight DefaultBox, click "Run web browser", right click on the yellow icon again, click "Show window". In the new window that pops-up, you should see, under DefaultBox, SandboxieRpcSs.exe, SandboxieDcomLaunch.exe, SandboxieCrypto.exe, and chrome.exe. If you see another Application, right click it and choose "Terminate Program".Step 2 (for Windows XP): Click on Start menu > Control Panel > Network Connections > Right-click on "Local Area Connection" > Properties > Select "Internet Protocol (TCP/IP)" > Properties > Use the following DNS server addresses > Preferred DNS Server : 8.8.8.8 > Alternate DNS Server: 8.8.4.4 > Ok (Or, to see official instructions, go to http://code.google.com/speed/public-dns/docs/using.html)Step 3: Go to your email and change your password to one no one would suspect it to be. Hope this solves your issue!

http://www.bleepingcomputer.com/forums/t/420753/is-there-a-keylogger-on-my-pc/
Relevancy 29.67%

Hi I have a keylogger on my computer and I downloaded a free ZoneAlarm Spyware Virus Blocker I only have days free trial left without paying for it The keylogger keeps trying to get into out computer as ZoneAlarm keeps informing me Any thing i can do to stop the keylogger attacking me Here is my HijackThis scripty thingy Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Help! Keylogger! WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system ZoneLabs isafe exe C PROGRA Iomega System AppServices exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan mcshield exe C Program Files Network Associates VirusScan vstskmgr exe C WINDOWS System svchost exe C WINDOWS Help! Keylogger! system ZoneLabs vsmon exe C Program Files Iomega AutoDisk ADService exe C WINDOWS Explorer EXE C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files Common Files Real Update OB realsched exe C Program Files MSN Apps Updater en-gb msnappau exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system atiptaxx exe C WINDOWS system ctfmon exe C Program Files MSN Messenger msnmsgr exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C PROGRA PANICW POP-UP PSFree exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Hewlett-Packard AiO hp officejet g series Bin hpoavn exe C Program Files Hewlett-Packard AiO hp officejet g series Bin hpoavn exe C Program Files Microsoft Office Office OLFSNT EXE C Program Files WinZip WZQKPICK EXE C WINDOWS system ntvdm exe C PROGRA HEWLET AiO Shared Bin hpoevm exe C Program Files Hewlett-Packard AiO Shared bin hpOSTS exe C Program Files Hewlett-Packard AiO Shared bin hpOSTS exe C Program Files iPod bin iPodService exe C PROGRA ZONELA ZONEAL MAILFR mantispm exe C WINDOWS system hpoipm exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings Roger Local Settings Temporary Internet Files Content IE TNJVLDKE HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn co uk SEENGB SAOS O - BHO BTGrabObj Class - VigLink vBulletin Plugin v http viglink com - C WINDOWS BTGrab dll file missing O - BHO AcroIEHlprObj Class - VigLink vBulletin Plugin v http viglink com - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SmartGenie - VigLink vBulletin Plugin v http viglink com - C WINDOWS DOWNLO geniebar dll O - BHO no name - VigLink vBulletin Plugin v http viglink com - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO ST - VigLink vBulletin Plugin v http viglink com - C Program Files MSN Apps ST en-xu stmain dll O - BHO Google Toolbar Helper - VigLink vBulletin Plugin v http viglink com - c program files google googletoolbar dll O - BHO MSNToolBandBHO - VigLink vBulletin Plugin v http viglink com - C Program Files MSN Apps MSN Toolbar en-gb msntb dll O - Toolbar SmartGenie - VigLink vBulletin Plugin v http viglink com - C WINDOWS DOWNLO geniebar dll O - Toolbar MSN - VigLink vBulletin Plugin v http viglink com - C Program Files MSN Apps MSN Toolbar en-gb msntb dll O - Toolbar amp Google - end VigLink - c program files google googletoolbar dll O - Toolbar Visual IP Trace - end VigLink - C Program Files Visual IP Trace VisualIPTraceIE dll O - HKLM Run iTunesHelper C Program Files iTunes iTunesHelper exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUN O - HKLM Run msnappau quot C Program Files MSN Apps Updater en-gb msnappau exe quot O... Read more

A:Help! Keylogger!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before we begin the fix, we need to unload Spybot's Teatimer. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".

Please download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. Run the scan and fix everything that it finds.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Blazing Tools Perfect Keylogger (or)
Perfect Keylogger

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

Check all but the very first O18 entry:

O18 - Protocol: bw+0s - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {371AB4D0-4B94-4FE4-9FD7-94BFD4AFEA9C} - C:\Program Files\Logitech\Desktop M... Read more

http://www.techsupportforum.com/forums/f100/help-keylogger-63397.html
Relevancy 29.67%

hi this is my first post.i have recently had money stole from my bank and i think it was done by a key logger.We have formatted the pc and reinstalled windows xp.i have followed the instructions on this website and will attach the logs as instructed.thanks for any help you can give me.

A:Possible keylogger need to know.

has anyone had a chance to look at the logs.thankyou===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/290283/possible-keylogger-need-to-know/
Relevancy 29.67%

I received those quot Log Q. with and Keylogger my Help phising quot citibank email and I would usually just delete it Help with my Log and Keylogger Q. But I accidentally clicked on a link and a pop-up with error page came up I then search and found out that sometimes clicking a link will also caused an auto download of keylogger So I proceed to download spybot found a few cookie tracker amp deleted a found nothing ran panda virus scan amp trendmicro both clean The only problem I have is Adaware It kept stopping at c system volume information restore when I do a quot perform full system scan quot But it rans fine if I use the quot perform smart system scan quot deleted some cookie tracker coolsavings etc I also ran webroot's online audit and found a adware called quot spy ed quot and quot sidestep quot I just downloaded sidestep a few Help with my Log and Keylogger Q. days ago Also when I'm not surfing and just keep Network connection box open there would still be packets sent received activity Is that normal How else can I find out if I have a keylogger on my computer Anyway here is my HJT log if anyone can help Thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS System DRIVERS CDANTSRV EXE C WINDOWS System DVDRAMSV exe C PROGRA mcafee com PERSON MPFSERVICE exe C WINDOWS System THotkey exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System igfxtray exe C WINDOWS System hkcmd exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files Analog Devices SoundMAX PmProxy exe C Program Files Apoint K Apoint exe C Program Files TOSHIBA TouchED TouchED Exe C WINDOWS system TFNF exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system TPWRTRAY EXE C WINDOWS System ezSP Px exe C toshiba ivp ism pinger exe C Program Files Analog Devices SoundMAX SMAgent exe C Program Files Sony ImageStation USB Direct Connect SonyC W exe C WINDOWS System spool drivers w x hpztsb exe C WINDOWS System spool DRIVERS W X E S I G EXE C WINDOWS system dla tfswctrl exe C PROGRA mcafee com PERSON MpfTray exe C WINDOWS System svchost exe C Program Files Common Files AOL ACS AOLDial exe C Program Files QuickTime qttask exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C Program Files America Online a aoltray exe C WINDOWS system RAMASST exe C PROGRA COMMON FOTONA EvLstnr exe C Verizon Dialer Client ventc exe C WINDOWS wanmpsvc exe C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C WINDOWS System MsPMSPSv exe C PROGRA mcafee com PERSON MpfAgent exe C Program Files Apoint K Apntex exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system wscntfy exe C Program Files Internet Explorer iexplore exe C Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files Messenger msmsgs exe C Program Files AOL Companion companion exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust ch search html R - HKCU Software Microsoft Internet Explorer Main Start Page http www toshiba com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshiba com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust ch search html R - HKLM Software Microsoft Internet Explorer Main Start Page http red clientapps yahoo com cust my yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com cust www yahoo com R - HKLM Software Microsoft Internet Explorer Main Local Page c windows syspem blank htm O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO AcroIEHlp... Read more

http://www.techsupportforum.com/forums/f100/help-with-my-log-and-keylogger-q-19871.html
Relevancy 29.67%

Hello I recently installed KL-Detector from dewasoft com privacy kldetector htm I ran and it says KL-Detector has found a suspicious file C Windows System config SOFTWARE Here is my HiJack Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe Keylogger C Windows system Dwm exe C Windows Explorer EXE C Windows System hkcmd exe C Windows System igfxpers exe C hp support hpsysdrv exe C Windows RtHDVCpl exe C Program Files Keylogger HP HP Software Update hpwuSchd Keylogger exe C Windows ehome ehtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Program Files Common Files Symantec Shared ccSvcHst exe C Windows system igfxsrvc exe C Windows ehome ehmsas exe C hp kbd kbd exe C Windows system taskeng exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C Users Derrick Documents HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www runescape com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd Pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd Pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run hpsysdrv c hp support hpsysdrv exe O - HKLM Run KBD C HP KBD KbdStub EXE O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run Adobe Reader Speed Launcher C Program Files Adobe Reader Reader Reader sl exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM RunOnce Launcher WINDIR SMINST launcher exe O - HKCU Run Weather C Program Files AWS WeatherBug Weather exe O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU RunOnce ypagerps cmd exe C del quot C Program Files Yahoo Messenger ypagerps dll quot O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User LOCAL SERVICE O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User LOCAL SERVICE O - HKUS S- - - Run Sidebar Progra... Read more

Relevancy 29.67%

I m pretty sure I have a keylogger since my world of warcraft I a Think keylogger have account got compromised I followed the standard advice Think I have a keylogger on the Blizzard forums Ran ATF-Cleaner Ad-aware SpybotSD mbam and also avast mbam found a trojan called swizzor but that doesn t seem to be a keylogger so I m worried its still there and I don t want to set new passwords til I m sure its gone Here is the HijackThis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C hp support hpsysdrv exe C Program Files Hewlett-Packard On-Screen OSD Indicator OSD exe C Windows RtHDVCpl exe C Windows system schtasks exe C Program Files HP HP Software Update hpwuSchd exe C Windows system jusched exe C Windows System rundll exe C Windows System rundll exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Alwil Software Avast ashDisp exe C Program Files O bin sprtcmd exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Steam steam exe C Windows ehome ehmsas exe C Program Files Electronic Arts EADM Core exe C Program Files Curse CurseClient exe C Users Sedrhat AppData Roaming Google Google Talk googletalk exe C Program Files Logitech SetPoint SetPoint exe C Program Files Panasonic PHOTOfunSTUDIO PhAutoRun exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files MagicDisc MagicDisc exe C Program Files Windows Media Player wmpnscfg exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C Program Files Malwarebytes Anti-Malware mbam exe C Windows system NOTEPAD EXE C hp kbd kbd exe C Windows system wuauclt exe C Windows system SearchFilterHost exe C Windows explorer exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run hpsysdrv c hp support hpsysdrv exe O - HKLM Run KBD C HP KBD KbdStub EXE O - HKLM Run OsdMaestro quot C Program Files Hewlett-Packard On-Screen OSD Indicato... Read more

A:Think I have a keylogger

Bumping. There have been no further problems and I'm copy-pasting all passwords but I'm still kinda curious to know whether theres still something lurking on my computer.
 

https://forums.techguy.org/threads/think-i-have-a-keylogger.864450/
Relevancy 29.67%

Hello I was playing a game and they had a chat group Might Keylogger.. have a open for a community hunt where others help each other find things in the game Someone in the chat suggested a website with locations of these items The Might have a Keylogger.. locations listed were correct and I thought that was that Later in this chat someone of high ranking Might have a Keylogger.. asked me what site I used for the locations and I told him world pengs com He said that the site was not owned by the chat and that other users have said they have contracted viruses from the site Usually any malware used against a player in this game is a keylogger to take their items and sell it off somewhere illegally Anyways if I do have a virus on my machine I'm sure it would be a keylogger The site had a Might have a Keylogger.. light green WOT trust rating which is probably why it made me think the site was safe it still could be a safe site but I'm not sure All help is appreciated

A:Might have a Keylogger..

 Alex
 
Give this a try:
 
 Install and run MBAM
Information about MBAM: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
If this scan has been done, please post the the log into your next reply.
 

  Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================
 
 ESET Online Scanner
==================
Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.
 
I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the  button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
Click the Back button.
Click the Finish button.
===================================================

http://www.bleepingcomputer.com/forums/t/502808/might-have-a-keylogger/
Relevancy 29.67%

Hey guys i think i may have a keylogger tailored to email password keylogger Possible stealing i recently booted up my computer after a month hibernation of not using it this was about hours ago i go gmail today and get a suscpicious login from some city in russia from google today now yesterday after turning my computer on fiddling around with it i did send off an email Possible keylogger to a couple people so Possible keylogger if a key logger is installed on here at some point it detected me logging into google which i did have to put the password in and tried logging in with it today from russia so how can i get rid of this many thanks edit is there a program that will check my drives and show me any changes to the data lets say for example i have upwards of tb of data in various forms and would like to routinely check it compare hashes or whatever and display any dertimental changes to the data to make it more obvious if it's been corrupted deleted moved etc etc if this doesnt exist Possible keylogger that'd be cool if it did

A:Possible keylogger

Your email has probably been hacked. Changing your password should fix it.

http://www.bleepingcomputer.com/forums/t/553233/possible-keylogger/
Relevancy 29.67%

A few days ago my virus scan went ballistic and have Keylogger. I a Think Help! I basically got a few trojans into my temp files I removed them hopefully I use ESET NOD My problem is that within the last days my credit Think I have a Keylogger. Help! cards and debit cards have been compromised and someone used my debit card in quite a few countries for a total of around I tried a few programs to check but my knowledge is limited Any help would be greatly appreciated I downloaded Hijackthis and DDS Here are the log files If I can t find a defintive answer I will have no choice but to wipe my drive and do a clean windows install I really don t want to do that Thank you in advance DDS Ver - - - NTFSX Run by Daniel at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT - AV ESET NOD Antivirus On-access scanning enabled Updated E E D - - F - FB -D ACA F Think I have a Keylogger. Help! C SP ESET NOD Antivirus enabled Updated E E D - - B -A D -D D C Think I have a Keylogger. Help! BB SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system nvvsvc exeC Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files x Bonjour mDNSResponder exeC Windows system svchost exe -k bthsvcsC Program Files x HP QuickPlay Kernel TV CLCapSvc exeC Windows system taskeng exeC Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files ESET ESET NOD Antivirus x ekrn exeC Program Files x Intel Intel Matrix Storage Manager IAANTMon exeC Program Files x Common Files LightScribe LSSrvc exeC Program Files x Nero Nero Nero BackItUp NBService exeC Program Files x NVIDIA Corporation nTune nTuneService exeC Windows SysWOW IoctlSvc exeC Windows SysWOW PnkBstrA exeC Program Files Windows Defender MSASCui exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files Motorola SMSERIAL sm hlpr exeC Windows system svchost exe -k imgsvcC Program Files Synaptics SynTP SynTPEnh exeC Windows System svchost exe -k WerSvcGroupC WINDOWS RAVCpl exeC Program Files x Intel Intel Matrix Storage Manager IAAnotif exeC Windows system SearchIndexer exeC Program Files x Hewlett-Packard Shared hpqwmiex exeC Program Files ESET ESET NOD Antivirus egui exeC Program Files Windows Sidebar sidebar exeC Program Files x DNA btdna exeC Program Files x Steam Steam exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files x Razer Lachesis razertra exeC Program Files x HP QuickPlay QPService exeC Program Files x Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files x HP QuickPlay Kernel TV CLSched exeC Program Files x Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files WIDCOMM Bluetooth Software BtStackServer exeC Program Files Windows Sidebar sidebar exeC Windows system wbem wmiprvse exeC Program Files x Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files x Razer Lachesis razerhid exeC Program Files x HP HP Software Update hpwuschd exeC Program Files x Java jre bin jusched exeC Program Files x Razer Lachesis OSD exeC Program Files WIDCOMM Bluetooth Software BluetoothHeadsetProxy exeC Program Files x Hewlett-Packard Shared HpqToaster exeC Program Files x Razer Lachesis razerofa exeC Program Files Synaptics SynTP SynTPHelper exeC Program Files Windows Media Player wmpnscfg exeC Progr... Read more

A:Think I have a Keylogger. Help!

Any help?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/291095/think-i-have-a-keylogger-help/
Relevancy 29.67%

I got hacked on World of Warcraft some days ago just got the account back and I m pretty sure I still have the keylogger on my comp I run on windows xp bit if this can help at all Also I ran multiple scan with various antivirus such as Antimalwarebytes Ad-Aware AVG free have I keylogger might think a I Avast and Spybot - Search and Destroy Here s my HJT log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Program Files x Lavasoft Ad-Aware AAWService exe I think I might have a keylogger C PROGRA AVG AVG avgwdsvc exe C Program Files I think I might have a keylogger x Java jre bin jqs exe C WINDOWS SysWOW PnkBstrA exe C WINDOWS SysWOW PnkBstrB exe C Program Files x CyberLink Shared Files RichVideo exe C I think I might have a keylogger PROGRA AVG AVG avgemc exe C Program Files x AVG AVG avgcsrvx exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files x Lavasoft Ad-Aware AAWTray exe C WINDOWS RTHDCPL EXE C Documents and Settings Administrator Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe C WINDOWS SysWOW ctfmon exe C Program Files x Belkin Nostromo nost LM exe C Program Files ASUS Ai Suite AiNap AiNap exe C Program Files ASUS Ai Suite AiGear CpuPowerMonitor exe C Program Files x CyberLink PowerDVD PDVDServ exe C PROGRA ALWILS Avast ashDisp exe C Program Files x Java jre bin jusched exe C WINDOWS system RUNDLL EXE C PROGRA AVG AVG avgtray exe C Program Files x Pidgin pidgin exe C Program Files x Mozilla Firefox firefox exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http fr msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files x Java jre lib deploy jqs ie jqs plugin dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files x AVG AVG Toolbar IEToolbar dll O - HKLM Run Ai Nap quot C Program Files ASUS Ai Suite AiNap AiNap exe quot O - HKLM Run CPU Power Monitor quot C Program Files ASUS Ai Suite AiGear CpuPowerMonitor exe quot O - HKLM Run Cpu Level Up help C Program Files ASUS Ai Suite CpuLevelUpHelp exe O - HKLM Run RemoteControl quot C Program Files x CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LanguageShortcut quot C Program Files x CyberLink PowerDVD Language Language exe quot O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run NiwradSoft Welcome C WINDOWS NiwradSoft Shell Pack Tools NS Welcome exe O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run xml RUNDLL EXE C WINDOWS system xml inc dll i O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Malwarebytes An... Read more

https://forums.techguy.org/threads/i-think-i-might-have-a-keylogger.865699/
Relevancy 29.67%

I Possible keylogger!! m pretty sure I have a keylogger since my world of warcraft account got compromised I followed the standard advice on the Blizzard forums Ran ATF-Cleaner Ad-aware SpybotSD mbam and AVG I don t want to set new passwords til I m sure its gone Here is the HijackThis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files x Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe C Program Files x Bonjour mDNSResponder exe C Windows SysWOW svchost exe C Program Files x iolo common lib ioloServiceManager exe C Program Files x Common Files Microsoft Shared VS DEBUG MDM EXE C PROGRA AVG AVG Possible keylogger!! avgam exe C Program Files x CyberLink Shared Files RichVideo exe C Program Files x Microsoft SQL Server Shared sqlbrowser exe C PROGRA AVG AVG avgemc exe C Program Files x iZ D Driver Win S DCService exe C Program Files x AVG AVG avgcsrvx exe C Program Files x Spybot - Search amp Destroy SDWinSec exe C Program Files x iolo System Mechanic Professional SMTrayNotify exe C Program Files x Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Alienware Command Center AlienwareAlienFXController exe C Program Files x HP Digital Imaging bin hpqtra exe C Program Files x AVG AVG avgtray exe C Program Files x iTunes iTunesHelper exe C Program Files Alienware Command Center AlienFXHook Mngr exe C Program Files x HP Digital Imaging bin hpqSTE exe C Program Files x HP Digital Imaging bin hpqbam exe C Program Files x HP Digital Imaging bin hpqgpc exe C Program Files Alienware Command Center AlienFusionController exe C Program Files x Internet Explorer IELowutil exe C Program Files x Mozilla Firefox firefox exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www alienware co uk Mothersh E D F D R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Alienware R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - Hosts localhost O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files x HP Digital Imaging Smart ... Read more

Relevancy 29.67%

Hello I logged into my email today and was greeted by two emails One from facebook saying my account was used for third party spamming and the other from WoW Blizzard saying my account had abused chat rules I just got have a keylogger?! Do I a new computer so I don t know how Do I have a keylogger?! I got Do I have a keylogger?! it It might of been from my other computer I was using So I m not sure it s just a little scary knowing thinking you have a keylogger I m running windows by Do I have a keylogger?! the way Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x Windows Live Messenger msnmsgr exeC Program Files Alwil Software Avast AvastUI exeC Program Files x Mozilla Firefox firefox exeC Program Files x Windows Live Contacts wlcomm exeC Program Files x Internet Explorer IELowutil exeC Users Owner Downloads HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http search orbitdownloader comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exeO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - HKLM Run avast quot C Program Files Alwil Software Avast avastUI exe quot noguiO - HKLM RunOnce Malwarebytes Anti-Malware C Program Files x Malwarebytes Anti-Malware mbamgui exe install silentO - HKCU Run msnmsgr quot C Program Files x Windows Live Messenger msnmsgr exe quot backgroundO - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Startup CurseClientStartup ccipO - Extra button Blog This - C - CB - a-A C -D FCDDC D - C Program Files x Windows Live Writer WriterBrowserExtension dllO - Extra Tools menuitem amp Blog This in Windows Live Writer - C - CB - a-A C -D FCDDC D - C Program Files x Windows Live Writer WriterBrowserExtension dllO - Gopher Prefix O - DPF F AD- - F E- - D CD F System Requirements Lab Class - http srtest-cdn systemrequirementslab co eqlabdetect cabO - Service SystemRoot system Alg exe - ALG - Unknown owner - C Windows System alg exe file missing O - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast AvastSvc exeO - Service avast Mail Scanner - ALWIL Software - C Program Files Alwil Software Avast AvastSvc exeO - Service avast Web Scanner - ALWIL Software - C Program Files Alwil Software Avast AvastSvc exeO - Service SystemRoot system efssvc dll - EFS - Unknown owner - C Windows System lsass exe file missing O - Service systemroot system fxsresm dll - Fax - Unknown owner - C Windows system fxssvc exe file missing O - Service keyiso dll - KeyIso - Unknown owner - C Windows system lsass exe file missing O - Service comres dll - MSDTC - Unknown owner - C Windows System msdtc exe file missing O - Service SystemRoot Syst... Read more

A:Do I have a keylogger?!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/293064/do-i-have-a-keylogger/
Relevancy 29.67%

How do I beat a keylogger who has hacked my world of warcraft account I know the computer I m posting on Keylogger is clean but I m unsure of how to prevent this kind of thing from happening again to me My buddies told Keylogger me to download Ad-Aware and Comodo s Firewall I m a little unsure Keylogger how to Keylogger set up a firewall and how high I should set my sercruity on it I m throughly pissed off and I ve heard that reformatting the computer that has the keylogger on is the best way to destroy the keylogger but alas I don t have the CD to do so That computer that might still have the infection on it runs Windows XP Home Edition but other then that I don t know much about it When I get more information on that computer I will post it so to better help the people who are trying to solve this problem and help me Thank you for your time and suggestions Bigfah nbsp

A:Keylogger

Here are the specs for the computer that I am still concerned about.

Windows XP Professional
AMD Athlon 64x2 Dual Core Processors 4200 +, MX, 3DNOW(2CPUs)
1024 MB RAM
NIVIDIA GeForce 7300 GS 512 MB graphics card
Nividia nForce Audio Card.

Currently that computer is running Ad-Aware and Comodo's Firewall and Anti Virus programs. If there is anything else I can do to assist in helping you please let me know. Again thank you for you time and suggestions.

Bigfah
 

https://forums.techguy.org/threads/keylogger.772322/
Relevancy 29.67%

can someone install an undetectable keylogger....if they had physical access to a computer....all while having Avast and Anti-Malware bytes already installed ?

If so, how to detect and remove?

Certain friends seem to vaguely mention specific sites and references I make when posting places....that are very unique, and that only I would know.

Gotta love this age of the internet, where you can't trust anyone...and everyones a little 007 weirdo.

A:keylogger still possible ?

With physical access to a computer, almost anything is possible.

To check for possible malware, etc. and remove any that might be found...

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help Forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/keylogger-still-possible-831121.html
Relevancy 29.67%

Hi,

I was wondering if i can find out what my son's password is by using a keylogger, which i download on to my computer.

I know that keyloggers are illegal, but not if you use them on yourself???

Is there any other way to check my son's e-mail without him knowing??? He has a hotmail account, and I want to know who is sending him e-mails
 

A:keylogger?

we don't encourage or condone the use of such tools here and in view of the photo in the profile You look a bit young to be having a child that you need to monitor

I am closing this thread but feel free to send a pm to me or one of the other mods if you disagree
 

https://forums.techguy.org/threads/keylogger.543707/
Relevancy 29.67%

I know how you feel about keylogger programs and that it is a control issue however with teenagers and preteens it is sometimes a matter of protecting them What are your thoughts on this issue I have grandchildren who are at my house - days a week and have found some of their online activities to be of concern I have their password Keylogger to the account that I know they use but it Keylogger s easy enough for them to have multiple identities and I think it is better to be able to monitor their online activities than to be constantly at their side when they are online Besides whatever they do on my computer they will also be doing on their computer at home It s not practical to keep them off the computer because I think they need some experience on them to be successful in the future But I want to be able to keep them from harm as well

A:Keylogger

I've got 2 teenagers and came very, very close to putting keyloggers on their systems. But my convictions won out and I didn't do it. A keylogger isn't a substitute for parental supervision.

You can protect your kids without using a keylogger. It takes involvement and trust. Being involved can let you see things that a keylogger won't.

Do you tape record their phone calls? Do you follow them around listening to what they say to their friends? That's the equivalent of what a keylogger does. That's not protection - it's control.

It also sends a message to the kids that they don't have any privacy, nor any right to it. Without that, they can't develop a solid concept of "self". Face it, kids are going to hide things from adults. But the adults are more experienced, observant, and alert to these behaviors. Using a keylogger tells the kids it's OK to spy on them - so they'll think it's OK to use it themselves. Where does it end? Kids don't think that they need protecting - so it's the parents job to do it anyway despite their objections.

If you can't trust them, lock them in a closet until they turn 18.

Some things that I think are important:
1) Put the computer where you can see the screen whenever you want (not in their room with a closed door).
2) Put surfing protection on it.
3) Ask them what they're doing - that will let them know you're involved.
4) Limit computer use - and stick to it. Use passwords to control access.
5) Realize that the kids are going to try and find ways around your rules - be flexible and observant.

http://www.bleepingcomputer.com/forums/t/87379/keylogger/
Relevancy 29.67%

Heres my log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system acs exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files NETGEAR Wireless Smart Configuration Utility NetgearAG exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files Common Files AOL ee AOLHostManager exe C Program Files Messenger msmsgs exe C PROGRA MOZILL FIREFOX EXE C Documents and Settings Zach My Documents i-hate-keyloggers exe C Program Files Common Files AOL ee AOLServiceHost exe C Program Files Belkin PCI F D Wireless Utility Belkinwcui exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Documents and Settings Zach Desktop - c exe C PROGRA Mozilla Firefox firefox exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Think keylogger got a I ;( Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - URLSearchHook AOLTBSearch Class - Think I got a keylogger ;( EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll Think I got a keylogger ;( R - Think I got a keylogger ;( URLSearchHook no name - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AOL Toolbar aoltb dll O - HKLM Run LXCFCATS rundll C WINDOWS System spool DRIVERS W X LXCFtime dll email protected O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run HostManager C Program Files Common Files AOL ee AOLHostManager exe O - HKLM Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe O - HKLM Run Starter C WINDOWS system STARTER EXE O - HKLM Run AS Netgear C Program Files NETGEAR Wireless Smart Configuration Utility NetgearAG exe -hide O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run EnsoniqMixer C WINDOWS System Starter Exe O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Steam quot c program files steam steam exe quot -silent O - HKCU Run AIM C Program Files AIM aim exe -cnetwait odl O - HKCU Run I-Hate-Keyloggers C Documents and Settings Zach My Documents i-hate-keyloggers exe O - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quiet O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Belkin Wireless Utility lnk C Program Files Belkin PCI F D Wireless Utility Belkinwcui exe O - Global Startup HPAiODevice hp officejet g series - lnk C Program Files Hewlett-Packard AiO hp officejet g series Bin hpoavn exe O - Extra context menu item amp AOL Toolbar Search - c program files aol aol toolbar resources en-... Read more

A:Think I got a keylogger ;(

Anyone gonna help me ?
 

https://forums.techguy.org/threads/think-i-got-a-keylogger.561455/
Relevancy 29.67%

Sup guys my world of warcraft account got hacked yesterday and have keylogger. a think I I I ran Spybot Ad-Aware Kaspersky all full I think I have a keylogger. scans but nothing found anything Just wanting to post my log here to make sure I'm clean Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Java jre bin jqs exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files TVersity Media Server MediaServer exeC Program Files UPHClean uphclean exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system taskswitch exeC WINDOWS system RUNDLL EXEC WINDOWS SOUNDMAN EXEC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Atomic Alarm Clock AtomicAlarmClock exeC WINDOWS System svchost exeC Program Files AIM aolsoftware exeC Program Files Windows Media Player wmplayer exeC Program Files Mozilla Firefox firefox exeC WINDOWS Explorer EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - Hosts O - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Internet Security ievkbd dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run CoolSwitch C WINDOWS system taskswitch exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Internet Security avp exe quot O - HKLM Run AdobeCS ServiceManager quot C Program Files Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbyloginO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Ad-Watch C Program Files Lavasoft Ad-Aware AAWTray exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run Aim quot C Program Files AIM aim exe quot d locale en-US ee aol imAppO - HKCU Run SkinClock C Program Files Atomic Alarm Clock AtomicAlarmClock exeO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite i... Read more

A:I think I have a keylogger.

Hello deadandbrok3n and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/245764/i-think-i-have-a-keylogger/
Relevancy 29.67%

Could you guys take a look at this I was I log: a HJT have keylogger. Think playing WoW and my account got hacked almost instantly HJT log: Think I have a keylogger. Even with using an onscreen keyboard Thanks MBAM Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer mbam-log- - - - - txt Scan type Full scan C D Objects scanned Time HJT log: Think I have a keylogger. elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry HJT log: Think I have a keylogger. Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected C Users AppData Roaming Hotbar Adware Hotbar - gt Quarantined and deleted successfully Files Infected C Program Files NetMeeting secedit exe Trojan Keylogger - gt Delete on reboot HJT Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C hp support hpsysdrv exe C Windows System nvraidservice exe C Windows system wbem unsecapp exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Lexmark Series lxdjamon exe C Windows PixArt Pac Monitor exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Java Java Update jusched exe C Program Files AVG AVG avgtray exe C Windows System rundll exe C Program Files Pando Networks Media Booster PMB exe C Windows System rundll exe C Program Files philips Philips SNU Wireless USB Adapter Utility PHUSBBGMonitor exe C Program Files TortoiseSVN bin TSVNCache exe C Windows system wuauclt exe C Program Files Common Files Adobe ARM AdobeARM exe C Program Files TortoiseSVN bin TSVNCache exe C Program Files Lavasoft Ad-Aware AAWTray exe C Windows System mobsync exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Presario amp pf cndt R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Presario amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Presario amp pf cndt R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en gb amp c amp bd Presario amp pf cndt R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - CB BF -BBAE- A - F - FF D - C PROGRA Inbox ctbr dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO AOL Toolbar BHO - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - BHO Adparatus - B C C D- D- e e- -B C A B ED - C Program Files Adparatus Adparatus dll O - BHO Windows Live Sign-in Helper - D - C -... Read more

https://forums.techguy.org/threads/hjt-log-think-i-have-a-keylogger.919446/
Relevancy 29.67%

My Wow Battle net acccount has been hacked twice now and ive been asked keylogger Possible by blizzard support to get Possible keylogger my log file checked for keyloggers ive ran AVG Adaware CCcleaner Possible keylogger and Spybot and a few others to check for anything and so far nothing has turned up on them Not sure what im looking at on this log dont suppose anything obvious is showing Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Possible keylogger SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS SOUNDMAN EXE C WINDOWS system rundll exe C Program Files PowerISO PWRISOVM EXE C WINDOWS system RUNDLL EXE C WINDOWS system RUNDLL EXE C Program Files WIDCOMM Bluetooth Software BTTray exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C Program Files Ventrilo Ventrilo exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run nwiz C Program Files NVIDIA Corporation nView nwiz exe install O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run xml RUNDLL EXE C WINDOWS system xml inc dll i O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - Global Startup BTTray lnk O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Unknown file in Winsock LSP c windows system nwprovau dll O - DPF B F -A - C A-A - A E D F F-Secure Health Check - http support f-secure com enu home onlineservices fshc fscax cab O - DPF FD B - - A -AA A-B AE DC AC Performance Viewer Activex Control - https secure logmein com activex RACtrl cab O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service MSCSPTISRV - Sony Corporation - C Program Files Common Files Sony Shared AVLib MSCSPTISRV exe O - Service NVIDIA Display Driver Service nvsvc - NVIDIA Corporation - C WINDOWS system nvsvc exe O - Service PACSPTISVR - Unknown owner - C Program Files Common Files Sony Shared AVLib PACSPTISVR exe O - Service ServiceLayer - Nokia - C Program Files PC Connectivity Solution ServiceLayer exe... Read more

https://forums.techguy.org/threads/possible-keylogger.873320/