Windows Support Forum

Possible Keylogger/tracker

Q: Possible Keylogger/tracker

Hello Hope You guys can help I have ran Malwarebyte Spybot McAfee and still having passwords changed Also made the Attach and the DDS files but could not run RootRepeal keeps locking up the computer Its a Alienware Keylogger/tracker Possible computer running Possible Keylogger/tracker windows XP Any help would be greatly appericated Thanks John TendaDDS Ver - - - NTFSx Run by Owner at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exesvchost exeC Program Files Possible Keylogger/tracker Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Bigfoot Networks Killer Driver PortManager exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee MPF MPFSrv exeC WINDOWS Explorer EXEc PROGRA mcafee com agent mcagent exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exec Program Files Microsoft SQL Server Shared sqlwriter exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS system RUNDLL EXEC WINDOWS system ctfmon exeC Program Files Bigfoot Networks Killer Driver KillerTray exeC Program Files Logitech SetPoint SetPoint exeC Program Files Logitech SetPoint II SetpointII exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS system dllhost exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS eHome ehmsas exeC Program Files Lavasoft Ad-Aware AAWTray exeC PROGRA McAfee VIRUSS mcsysmon exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MBK McAfeeDataBackup exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner My Documents Downloads dds scr Pseudo HJT Report mSearchAssistant hxxp www google com iemURLSearchHooks H - No FileBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Windows Live Toolbar Helper bdbd dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllBHO x - No FileTB CCC A -B CA- -B A - F DD - No FileTB Windows Live Toolbar bdad dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllTB A A -BACC- D - - A E E - No FileTB D C F- A- -A AD- D - No FileuRun NVIDIA nTune quot c program files nvidia corporation ntune nTuneCmd exe quot clearuRun ctfmon exe c windows system ctfmon exemRun ehTray c windows ehome ehtray exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun Kernel and Hardware Abstraction Layer KHALMNPR EXEmRun mcagent exe quot c program files mcafee com agent mcagent exe quot runkeymRun McAfee Backup quot c program files mcafee mbk McAfeeDataBackup exe quot mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscriptStartupFolder c docume alluse startm programs startup launch lnk - c program files bigfoot networks killer driver KillerTray exeStartupFolder c docume alluse startm programs startup logite lnk - c program files logitech setpoint SetPoint exeStartupFolder c docume alluse startm programs startup setpoi lnk - c program files logitech setpoint ii SetpointII exeIE amp Windows Live Search - c program files windows live toolbar msntb dll search htmIE Add to Windows amp Live Favorites - http favorites live com quickadd aspxIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dllIE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLLIE DFB A - F - C -A - CAB FD A - - F - D - - D F - c program files spybot - search amp destroy SDHelper dllLSP SYSTEMROOT system BfLLR dllTrusted Zone avsystemcare comDPF ED - B- DA -BF -BE C EC - hxxp cdn scan onecare live com resource download scanner wlscbase cabDPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current ultrashim cabDPF CF ACC -E BB- AFF-AC - C F BCA Handler cetihpz - CF AD -CDCB- -A F - E D - c program files hp hpcoretech comp hpuiprot dllNotify LBTWlgn - c program files common files logitech bluetooth LBTWlgn dllNotify WB - c program files alienguise fastload dllAppInit DLLs wbsys dllLSA Authentication Packages msv c windows system pmkhh dllHosts www spywareinfo com FIREFOX FF - ProfilePath - c docume owner applic mozilla firefox profiles zx qh hl default FF - prefs js browser search selectedEngine - Yahoo SearchFF - prefs js browser startup homepage - www yahoo comFF - prefs js keyword URL - hxxp us yhs search yahoo com avg search fr yhs-avg amp type yahoo avg hs -tb-web us amp p FF - plugin c documents and settings owner application data move networks plugins npqmp dllFF - plugin c program files mozilla firefox plugins npPandoWebInst dllFF - HiddenExtension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation dotnetassistantextension ---- FIREFOX POLICIES ----c program files mozilla firefox greprefs security-prefs js - pref quot security ssl rsa seed sha quot true SERVICES DRIVERS R Lbd Lbd c windows system drivers Lbd sys - - R mfehidk McAfee Inc mfehidk c windows system drivers mfehidk sys - - R Killer Port Manager Killer Port Manager c program files bigfoot networks killer driver PortManager exe - - R Lavasoft Ad-Aware Service Lavasoft Ad-Aware Service c program files lavasoft ad-aware AAWService exe - - R McProxy McAfee Proxy Service c progra common mcafee mcproxy mcproxy exe - - R McrdSvc Media Center Extender Service c windows ehome mcrdsvc exe - - R McShield McAfee Real-time Scanner c progra mcafee viruss mcshield exe - - R McSysmon McAfee SystemGuards c progra mcafee viruss mcsysmon exe - - R mfeavfk McAfee Inc mfeavfk c windows system drivers mfeavfk sys - - R mfebopk McAfee Inc mfebopk c windows system drivers mfebopk sys - - R mfesmfk McAfee Inc mfesmfk c windows system drivers mfesmfk sys - - R NetB x Killer NIC Gaming Adapter Service c windows system drivers NetB x sys - - R NetbEdge Killer NIC NDIS-Edge Service c windows system drivers NetBEdge sys - - S mferkdk McAfee Inc mferkdk c windows system drivers mferkdk sys - - S npggsvc nProtect GameGuard Service c windows system gamemon des -service -- c windows system GameMon des -service File Associations inifile gdrwetfgfd exe txtfile windir NOTEPAD EXE Created Last - - ----a-w- c windows system Config MPF - - ----a-w- c windows system drivers mfeavfk sys - - ----a-w- c windows system drivers mfesmfk sys - - ----a-w- c windows system drivers mfebopk sys - - ----a-w- c windows system drivers Mpfp sys - - d-----w- c program files common files McAfee - - d-----w- c program files McAfee com - - d-----w- c program files McAfee - - ----a-w- c windows system drivers mferkdk sys - - d-----w- c docume owner applic Malwarebytes - - ----a-w- c windows system drivers mbamswissarmy sys - - d-----w- c docume alluse applic Malwarebytes - - ----a-w- c windows system drivers mbam sys - - d-----w- c program files Malwarebytes' Anti-Malware - - -c----w- c windows system dllcache aclayers dll - - ----a-w- c windows system nvconrm dll - - ----a-w- c windows system bdco ins dll - - ----a-w- c windows system drivers nvnetbus sys - - ----a-w- c windows system drivers nvnrm sys - - ----a-w- c windows system bdco dll - - d-sh--w- c documents and settings owner IECompatCache - - ----a-w- c windows win Logo ico - - ------w- c windows SDUnInst exe - - ----a-w- c windows system drivers cpuz x sys - - d-----w- c program files CPUID Find M - - ----a-w- c windows system drivers SBREDrv sys - - ----a-w- c windows system lsdelete exe - - ----a-w- c windows system drivers mfehidk sys - - ----a-w- c windows system wininet dll - - ----a-w- c windows system strmfilt dll - - ----a-w- c windows system httpapi dll - - ----a-w- c windows system oakley dll - - ---ha-w- c windows system mlfcache dat - - ----a-w- c windows system rastls dll - - ----a-w- c windows system raschap dll - - ----a-w- c program files temp - - ----a-w- c program files common files labu - - --sha-w- c windows system config systemprofile local settings history history ie mshist index dat FINISH nbsp Attach zip nbsp nbsp KB nbsp nbsp downloads

Relevancy 100%
Preferred Solution: Possible Keylogger/tracker

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Possible Keylogger/tracker

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280790/possible-keyloggertracker/
Relevancy 41.28%

I've used Excite.com for years but with in the last few days I have noticed that a feature of theirs Stock Tracked is missing! Anyone happen to know if this is permanent?
 

http://www.techspot.com/community/topics/excite-com-stock-tracker-missing.147085/
Relevancy 41.28%

Need help! I have a advantage database program called Manheim tracker 3.097..been working fine until restart on 1/27. Program wouldn"t start up . A ( COMPANY ADT) file error.What is this?Where did it go? Any one fimiliar with this program.?
 

A:Manheim tracker data problem

Does this link help?
Recovery Toolbox
 

http://www.techspot.com/community/topics/manheim-tracker-data-problem.142147/
Relevancy 28.81%

Hi, I'm looking for legitimate keylogger or keyboard recording software (preferably freeware) for a desktop PC running Windows XP that my mom and brother use exclusively. I did a Google search and found pages and pages of information, but my initial thought was, how do I know any of this software won't report back to momma if I download and install it?? I need something that's easy and safe. My mom's 82 and getting forgetful, my brother's schizoaffective and has his own issues; additionally, I often have to clean up crap and weird things that happen (like regularly used icons disappearing off the desktop). It would be beneficial if I could just open a log between visits and see what happened to make things go wrong. Any ideas?

Thanks! Karan
 

http://www.techspot.com/community/topics/legitimate-keylogger-program.164313/
Relevancy 28.81%

i'm not stingy, i'm just a bit worried whenever i lend my laptop to my sister for her projects. is there a program out there that is safe and won't get deleted by norton?
 

A:A safe Keylogger for my laptop

thank you very much!
 

http://www.techspot.com/community/topics/a-safe-keylogger-for-my-laptop.125291/
Relevancy 29.24%

Can keyloggers record keys typed using the on-screen keyboard?

Also, how would I go about finding a keylogger on my pc?
 

A:Keylogger Question

Can keyloggers record keys typed using the on-screen keyboard?Click to expand...

Maybe.. i don't know..




Also, how would I go about finding a keylogger on my pc?Click to expand...

For those obvious ones, look through installed program files, task manager etc.
For those coming from spyware/trojans and the likes, AV software and a few other specialized apps like HiJackThis can pick things up... If you suspect some on your PC, have a look at this
 

http://www.techspot.com/community/topics/keylogger-question.63290/
Relevancy 29.67%

can someone install an undetectable keylogger....if they had physical access to a computer....all while having Avast and Anti-Malware bytes already installed ?

If so, how to detect and remove?

Certain friends seem to vaguely mention specific sites and references I make when posting places....that are very unique, and that only I would know.

Gotta love this age of the internet, where you can't trust anyone...and everyones a little 007 weirdo.

A:keylogger still possible ?

With physical access to a computer, almost anything is possible.

To check for possible malware, etc. and remove any that might be found...

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help Forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/keylogger-still-possible-831121.html
Relevancy 27.52%

The Path: Users/PC/AppData/Local/Microsoft/Windows/WebCache has several files, including text files that are somewhat readable. It appears that upon viewing, they show every file you visited on your computer, and most likely, every keystroke. An example is this:.....

V i s i t e d : P C @ f i l e : / / / C : / G a m e s / W o r l d _ o f _ T a n k s / r e s _ m o d s / R T A N . x m l y u 1SPS F             @ .0 S O 1SPS F

I just pasted a minute fraction of one of the logs. Why does windows need to keep a file that shows everything I visit on my computer? Is this not a security risk if someone were to steal my laptop?

How do I stop windows from generating these?

Thanks ​
 

A:Users/Appdata/Local/Microsoft/Windows/Webcache KeyLogger..

switch to linux.
 

https://forums.techguy.org/threads/users-appdata-local-microsoft-windows-webcache-keylogger.1148558/
Relevancy 29.24%

As noted by Quietman FYI Just received an email from Derek Knight MVP with this link Windows Technical Preview Has A Keylogger to Watch Your Every Move PERMISSION TO KEYLOG If you are unaware of Microsofts privacy policy so now you should pay attention to what the policy says Microsoft is watching your every move on the latest Windows Technical Preview Thanks to portions of Microsoft's keylogger Windows 10's privacy policy which indicates that the technology giant is using keylogger to collect and use users data in a variety of astounding ways without the user being aware There is a keylogger built into the tech preview which was stated in the Terms and agreement Windows 10's keylogger when installing the tech preview rockysosua managed Windows 10's keylogger to find a folder that contained logged keystrokes from IE in c users user's name appdata local microsoft windows inetcache low ie ZPBXU LL I don't know which process is doing it but everything I write in Internet Explorer is logged in a folder called ZPBXU LL c users user's name appdata local microsoft windows inetcache low ie ZPBXU LL

A:Windows 10's keylogger

I don't know how invisible the process might be, but I'm in the process of setting up a new Win 8 laptop to compare the processes to those that run in 10.
Just glancing through the Services, the most suspicious looking one is called "Diagnostics Tracking Service".
It states that it enables data collection about functional issues in Windows components.

http://www.bleepingcomputer.com/forums/t/550808/windows-10s-keylogger/
Relevancy 28.38%

Hello I've been having consistent problems with some malware program s since late April when I accidentally clicked on a shady-looking link posted to Reddit I've installed antivirus program after antivirus program to some avail mostly nailing registry keys and toolbars but all were ultimately unable to root out whatever's generating the symptoms suspicious tasks constantly respawning in the task scheduler generic Windows processes doing things they're not supposed to very high disk usage etc and were even unable to erase some the stuff they detected I first suspected a keylogger when after some incompetent messing around with my Windows security settings the function key started malfunctioning and sometimes ceased to work altogether In addition the audio on my computer and Keylogger, Other Backdoor Trojan, Multiple Viruses Possible would also randomly cut out I kept trying to update and or rollback the keyboard and audio drivers with no lasting results In addition some of the antivirus programs had discovered a backdoor trojan in their scans which may or may not have been completely removed However I soon discovered that not only were both functions tied together in the Local System Network Possible Backdoor Trojan, Keylogger, and Multiple Other Viruses Restricted process but the audio and Stickykeys would restart after I terminated audiodg exe in the Task Manager Webroot had completely deleted the audiodg exe file from my computer once before which resulted in a frustrating evening of using resources from the Microsoft website to fix the ensuing damage so I suspect that file might have gotten reinfected I certainly hope this isn't the case but I can imagine pulling out malware that infects system files is a very difficult task So here's the FRST log Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Christina administrator on CHRISTINA-PC on - - Running from C Users Christina Downloads Loaded Profiles Christina Available Profiles Christina Platform Windows X OS Language English United States Internet Explorer Version Default browser FF Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Avast Software s r o C Program Files AVAST Software Avast AvastSvc exe Avast Software C Program Files AVAST Software Avast ng vbox AvastVBoxSVC exe AVAST Software C Program Files AVAST Software Avast ng ngservice exe Avast Software s r o C Program Files AVAST Software Avast avastui exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components LMS LMS exe Microsoft Corporation C Windows Microsoft NET Framework v ngentask exe Microsoft Corporation C Program Files Microsoft Office ClientX officeclicktorun exe Microsoft Corporation C Windows System dasHost exe Microsoft Corporation C Windows System dasHost exe Microsoft Corporation C Windows Microsoft NET Framework v WPF PresentationFontCache exe Apple Inc C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Microsoft Corporation C Windows System dllhost exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run gt X HKLM Run TecoResident gt C Program Files TOSHIBA Teco TecoResident exe - - TOSHIBA Corporation HKLM Run TCrdMain gt C Program Files TOSHIBA Hotkey TCrdMain Win exe - - TOSHIBA Corporation HKLM Run TSSSrv gt C Program Files x TOSHIBA System Setting TSSSrv exe - - TOSHIBA Corporation HKLM Run SynTPEnh gt C Program Files Synaptics SynTP SynTPEnh exe - - Synaptics Incorporated HKLM Run iTunesHelper gt C Program Files iTunes iTunesHelper exe - - Apple Inc HKLM-x Run TSVU gt c Program Files TOSHIBA TOSHIBA Smart View Utility TosSmartViewLauncher exe - - TOSHIBA HKLM-x Run ISUSPM gt C ProgramData FLEXnet Connect isuspm exe... Read more

A:Possible Backdoor Trojan, Keylogger, and Multiple Other Viruses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581226 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.FRST Download LinkWhen you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.Double click on the FRST icon and allow it to run. Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button. Notepad will open with the results. Post the new logs as explained in the prep guide. Close the program window, and delete the program from your desktop.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/581226/possible-backdoor-trojan-keylogger-and-multiple-other-viruses/
Relevancy 28.38%

Hi guys I read file help, have a Log Think URGENT Hijackthis :( I - keylogger installed the sticky at the top of the page and it said logs should be posted 'in this forum' I couldn't see a link to any particular thread so I assumed it was talking about this section I'm in desperate need of some help as I work from home and have a lot of sensitive info I'm been a little ignorant with security as it's something I treated pretty Hijackthis Log file help, URGENT - Think I have a keylogger installed :( lightly looking at is as a 'needle in a haystack' sort Hijackthis Log file help, URGENT - Think I have a keylogger installed :( of of outlook Hence I recently opened up an RDP to my computer through my router without a password I noticed my computer sitting on the welcome screen with my user account 'logged on' a couple of times now as if someone had RDP'd my PC I didn't think too much of it at first but days ago my PayPal account was skimmed I saw it again this morning and started joining dots I checked the windows security logs for RDP going all the way back to the start of it's service to see if this IP address I receiving was just an anomaly as I use RDP for work and in house a lot However this address only started on the th of May not long after I got a new router and opened up unsecured RDP to my PC and only comes through at the early hours of the morning for example AM I geolocated the IP to France Given that my PayPal password isn't saved on my PC I can only assume there is a keylogger on here I'm currently running virus removal by Trend Micro although I don't expect that to find it I've run Hijackthis but can't identify if there is one on here Please note as my computer is a work PC there are a lot of processes running I use a VOIP soft client and virtual VPN for work etc so these are to be expected when sifting through Any help would be GREATLY appreciated Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x CounterPath Bria Bria exeC Program Files x Securepoint SSL VPN Spvpncl exeC Program Files x Elaborate Bytes VirtualCloneDrive VCDDaemon exeC Users Johnnus AppData Local Temp chrome exeD Games Origin Origin exeC Windows SysWOW svchost exeC Program Files x Microsoft Office Office OUTLOOK EXEC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Program Files x Google Chrome Application chrome exeC Users Johnnus Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL about blankR - HKCU Software Microsoft Internet Explorer Main Search Bar PreserveR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page https au search yahoo com type amp fr spigot-yhp-ieR - HKLM Software Microsoft Internet Explorer Main Default Page URL about blankR - HKLM Software Microsoft Internet Explorer Main Default Search URL http www istartsurf com web type ds amp ts amp from smt amp uid KINGMAXXSSDX GB amp q searchTerms R - HKLM Software Microsoft Internet Explorer Main Search Page http www istartsurf com web type ... Read more

A:Hijackthis Log file help, URGENT - Think I have a keylogger installed :(

Update - I had a hunch and searched my windows folder for any files that were added or modified on the same date and time of the first attack on the 10th at 12.40AM, it looks like they were on for 25 minutes logging off at 1.05AM in that time 4 files were modified or added with a 5th being added at 3.06 with their next logon.
 
See details.
 
Any advice on how to proceed would be greatly appreciated, do I just delete them? There is a rundll32 that I'd be less then inclined to delete unless I know for sure it's a dummy but two files (after a google) are definitely malicious 'webbrowserpass' and 'mailpv'.
 
See attached screenshot.
 

http://www.bleepingcomputer.com/forums/t/576211/hijackthis-log-file-help-urgent-think-i-have-a-keylogger-installed/
Relevancy 29.67%

Hello I'm not Possible Keylogger? too famiiar with all the processes I may or may not have a keylogger Possible Keylogger? of some sort I'm to knowledgeable with malware or viruses so hopefully someone can help me out I also seem to have some missing files and that may be the problem to some of my internet itunes vlc sound not working if possible help would be appreciated Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v FIREFOX x en-US Boot mode Normal Running processes C Windows System TiltWheelMouse exe C Users Victor Barrera AppData Local Akamai netsession win exe C Users Victor Barrera AppData Local Possible Keylogger? Akamai netsession win exe C Program Files x Razer Synapse RzSynapse exe C Program Files AVAST Software Avast avastui exe C Users Victor Barrera AppData Local FilesFrog Update Checker update checker exe C PROGRA Raptr raptr exe C PROGRA Raptr raptr im exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Users Victor Barrera Desktop HijackThis exe C Windows SysWOW DllHost exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http nmd msn com R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http start mysearchdial com f amp a ir ff amp cd XzuyEtN Y L QzuyDtD EyDyEzy CtDzztCtD FyB DtCtCtN D Tzu SzzyDyDtN L XzutBtFtBtDtFyCtFtDtN L CzutCyEtDtAtDyD V RtN L G B V N Y L Qzu StBtD C FyDtBtDtCtGyE C CtBtGyC ByDyDtG F ByD EtGtCtA BzztCzy FyB ByByC F QtN M F B Z V N Y L Qzu SyCzy BtB FyBtB DtGtD A C DtG Azz E BtGzyzzyE EtGyE C D F E C DtAtDtByEtB Q amp cr amp ir R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http start mysearchdial com f amp a ir ff amp cd XzuyEtN Y L QzuyDtD EyDyEzy CtDzztCtD FyB DtCtCtN D Tzu SzzyDyDtN L XzutBtFtBtDtFyCtFtDtN L CzutCyEtDtAtDyD V RtN L G B V N Y L Qzu StBtD C FyDtBtDtCtGyE C CtBtGyC ByDyDtG F ByD EtGtCtA BzztCzy FyB ByByC F QtN M F B Z V N Y L Qzu SyCzy BtB FyBtB DtGtD A C DtG Azz E BtGzyzzyE EtGyE C D F E C DtAtDtByEtB Q amp cr amp ir R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local lt local gt R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - b - - a a- e - ee e - no file R - URLSearchHook no name - b bd- - -a b- eb d b - no file F - REG system ini UserInit userinit exe O - BHO MSS Identifier - E A AD- D - EB- D D- EF A - C Program Files McAfee Security Scan McAfeeMSS IE dll O - BHO WsSVRIEHelper - DEE A- E - cae- F -B E DCEE BF - C Program Files x Wondershare Video Converter Ultimate SVRIEPlugin dll O - BHO AMD SteadyVideo BHO - C BAE- C- E D- FC -E A C D - C Program Files x amd SteadyVideo SteadyVideo dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GROOVEEX DLL O - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO avast Online Security - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F ... Read more

A:Possible Keylogger?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.POST THE LOG FOR MY REVIEW.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===How is the computer running?Wait for further instructions.p.s.HijackThis is not ready for Windows 7 and above.I suggest you remove it using the Add/Remove Programs applet.From now on use the Farbar Recovery Scan Tool..

http://www.bleepingcomputer.com/forums/t/574711/possible-keylogger/
Relevancy 28.38%

He is a sysadmin and very high level so I know he microphone, I listens to keylogger, etc. a think installed ex-boyfriend my is capable of this He has mentioned conversations I had while near my laptop and TV shows I watch I'm positive he has done something its super obvious The resource monitor shows a bunch of processes running that are associated with malware spyware but all of my scans show nothing The CPU usage jumps around like crazy Remote desktop keeps gettin re-enabled after I enable it I stopped all non essential windows processes at startup and the webcam and audio sfotware keeps getting re-enables plus a I think my ex-boyfriend installed a keylogger, listens to microphone, etc. bunch of wacky stuff is running and hogging the memory I think my ex-boyfriend installed a keylogger, listens to microphone, etc. and maxing out the CPU Hijackthis I think my ex-boyfriend installed a keylogger, listens to microphone, etc. does show some missing files but I am stuck there and have not deleted them because I read that bit can cause false positives So I left it and hope you guys can help me I know some stuff about all of this but not enough Please help

A:I think my ex-boyfriend installed a keylogger, listens to microphone, etc.

What is your operating system? Most keyloggers stop working when "user account control" is set to max in win 7, so propably vista and 8 too.
What scanners were you using?

http://www.bleepingcomputer.com/forums/t/572514/i-think-my-ex-boyfriend-installed-a-keylogger-listens-to-microphone-etc/
Relevancy 28.81%

Hallo,
 
my emploeyer is running true divorce and his wife is possibly spying on his computer. An IT guy is helping her to do this, and we think, that he might have installed some keylogger or backdoor tool on my bosses computer.
 
Please can you help me to analyze the HijackThis log, and check if you find something "fishy"?
 
Thank you

A:Possible keylogger or backdoor software

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own actions! Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

http://www.bleepingcomputer.com/forums/t/571798/possible-keylogger-or-backdoor-software/
Relevancy 29.67%

This is a follow-up to my original post here : http://www.bleepingcomputer.com/forums/t/570651/possible-keylogger/
 
To reiterate, I have a computer on which I've almost finished cleaning up the usual slew of adware and other rubbish but there's one item remaining that I can't figure out. I've run rkill, sc_cleaner, JRT, roguekiller, adwcleaner, malwarebytes, an avast boot-time scan and the boot CD scans with both avast and kaspersky antivirus and while they've removed quite a bit of rubbish I can't remove, or figure out, this last entry. I can's see anything using Autoruns that leaps out at me either.
 
Roguekiller is reporting, on the "rootkit" tab, in red, the following entry :
 
Detection                                       Name                                                                  Module
Filter : (Root.Keylogger)                \Driver\kbdclass @ \Device\0000007b               \Driver\eabfiltr @ Unknown
 
Can anybody tell me how to figure out if this is genuine malware or if it's simply misidentified by Roguekiller?

A:Possible keylogger

Additional info : the Avast! free antivirus on this computer occasionally pops up and says it's detected a rootkit (SVC : swcustcfg > ??? - rootkit hidden service)

http://www.bleepingcomputer.com/forums/t/570685/possible-keylogger/
Relevancy 28.38%

I was referred on this forum by buddy as he has found keyloggers and a lot more on my computer including some that are capable of controlling my computer He referred me here as he mentioned that there may be more than what has been found and removed I checked my IP on project honeypot and it listed some of the things that it committed such as spamming other and controller Keylogger computer on remote were found people Please help Scan result of Farbar Recovery Scan Tool FRST txt x Version - - Ran by Demo administrator Keylogger and remote controller were found on computer on DEMO-PC on - - Running from C Users Demo Desktop Loaded Profiles Demo Available profiles Demo amp Test amp Guest Platform Windows Ultimate X OS Language English United States Internet Explorer Version Default browser Chrome Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved AVAST Software C Program Files AVAST Software Avast AvastSvc exe Apple Inc C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe BlueStack Systems Inc C Program Files x BlueStacks HD-LogRotatorService exe C ProgramData DatacardService HWDeviceService exe Intel reg Corporation C Program Files Intel iCLS Client HeciServer exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components DAL Jhi service exe Malwarebytes Corporation C Program Files x Malwarebytes Anti-Malware mbamscheduler exe C Windows SysWOW PnkBstrA exe Razer Inc C Program Files x Razer Razer Cortex RzKLService exe VIA Technologies Inc C Windows System ViakaraokeSrv exe Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSVCM EXE Huawei Technologies Co Ltd C ProgramData DatacardService DCSHelper exe Microsoft Corporation C Windows WindowsMobile wmdc exe CANON INC C Program Files Canon MyPrinter BJMYPRT EXE Intel Corporation C Windows System igfxtray exe Intel Corporation C Windows System hkcmd exe Intel Corporation C Windows System igfxpers exe Intel Corporation C Program Files x Intel Intel reg Integrated Clock Controller Service ICCProxy exe C Program Files x WordWeb wweb exe Facebook Inc C Users Demo AppData Local Facebook Update FacebookUpdate exe VIA C Program Files x VIA VIAudioi VDeck VDeck exe Power Software Ltd C Program Files x PowerISO PWRISOVM EXE Hewlett-Packard C Program Files x HP HP Software Update hpwuschd exe Adobe Systems Incorporated C Program Files x Common Files Adobe ARM AdobeARM exe AVAST Software C Program Files AVAST Software Avast avastui exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Microsoft Corporation C Windows System dllhost exe Google Inc C Program Files x Google Chrome Application chrome exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components LMS LMS exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components UNS UNS exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc C Program Files x Google Chrome Application chrome exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM Run Windows Mobile Device Center gt C Windows WindowsMobile wmdc exe - - Microsoft Corporation HKLM Run CanonMyPrinter gt C Program Files Canon MyPrinter BJMyPrt exe - - CANON INC HKLM Run AdobeAAMUpdater- gt C Program Files x Common Files Adobe OOBE PDApp UWA UpdaterStartupUtility exe - - Adobe Systems Incorporated HKLM-x Run HDAudDeck gt C Program Files x VIA VIAudioi VDeck VDeck exe - - VIA HKLM-x Run PWRISOVM EXE gt C Pr... Read more

A:Keylogger and remote controller were found on computer

Hello yeltsyn,
 
I'm Stan and I will be helping you with this problem.
 
First of all I want to clear some things about the malware removal process:
Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
Share with me any problems/changes you experience while working with the current system.
Please, do not use any quotes or code boxes when you post logs.
I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.
 
I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.
 
********************
 
Thank you for the provided logs. I will review them as fast as I can and I will be back with further instructions. Meanwhile, please, try to work with the system as little as you can. If possible, disconnect the system from the Internet and connect only when you need to post or read instructions for additional steps.

http://www.bleepingcomputer.com/forums/t/565376/keylogger-and-remote-controller-were-found-on-computer/
Relevancy 29.67%

I tried scanning our computer with a program called KL-detector. It reported a long list of possible keyloggers.
 
Is this a good program to use for this?

A:keylogger?

Hi there,I tested KL-Detector on my own system. Looks like it only monitors for file operations done during the time that you set it to monitor the system.The list of files that it created during the monitoring period can be hard to tell if there is a keylogger on the system, especially if you do something that involves a lot of file operations (i.e. surfing). I don't recommend surfing during this test since it asked you to shut down your AV.So your PC may or may not be infected. If you still suspected an infection then it's best to request elevated help since a keylogger is a serious thing.Regards,Alex

http://www.bleepingcomputer.com/forums/t/585605/keylogger/
Relevancy 27.95%

So...I purchased the KeyGrabber Wi-Fi Premium is a USB wireless keylogger from computersecurity.org and it works too good, I got it for testing but no Anti-Virus or protection software can seem to detect it....any suggestions? This is a nasty little tool that e-mails all your information to the controller....help?

http://www.bleepingcomputer.com/forums/t/580345/anti-virus-wont-detect-usb-wireless-keyloggerany-suggestions/
Relevancy 28.81%

My first keylogger Steam .scr on file pc? hidden question is if the keylogger is some how hidden in this drive and i buy a new hard drive and want to move some pictures videos data from that drive to this new drive by a hard drive to usb adapter is there a possibility of the keylogger can go on the new hard drive I'm not sure how is or if it's even here anymore Steam .scr file hidden keylogger on pc? i use new emails besides my original steam account and nothing has changed after months But besides all that this is what my original post was gonna be I got this message from a friend who added me about wanting to trade he sent me some link and out of my ignorant stupidity i clicked it and it downloaded i opened it thinking it was some screenshot since it had the whole scr thing at the end and it Steam .scr file hidden keylogger on pc? basically exited me out of steam and brought out the Login screen the steam log in screen looked slightly differant by this time i figured it was some kind of key logger so i immediately uninstalled steam logged on my other PC changed my passwords for everything about a minute after i think my internet went off for secs and wondered why my antivirus or anti malware didn't picked it up till avast finally said it blocked a threat as soon as it was quarantined i just deleted it But i'm still not sure if some kind of keylogger is hidden on this pc i've ran malwarebytes avast spybot super antispyware none of them detected anything related i've followed discussions on this and tried using google on what the file name was not sure if it's the same thing though it seems sohttps malwr com analysis NmEzZmYzZDI NTIwNDU ZTg ZDRl http www reddit com r pcmasterrace comments m a st i've read some comments saying it isn't a keylogger saying it directly controls your steam exe program as it's running and trades the items from your account in an instant I just reinstalled steam on the same pc and risked using the account again no items were traded and no it hasn't loged me out of steam while i leave it on I don't want to have to reinstall windows and everything all over again but if it's the only way to be sure i will what do you guys think

A:Steam .scr file hidden keylogger on pc?

If you buy a new drive and want to move pictures/videos/data from the old one to the new one, I suppose it's possible malware could spread to the new one, though it's a bit unlikely, I'd say.
 
Here's a way I believe is safe to do what you want:
 
1. Copy all the photos and stuff you want to a flash drive.
 
2. Type "folder options" in your start menu, select the "view" tab, and select the "Show hidden files, folders and drives" option, then press "apply", just like this picture shows you:

 
3. Search the flash drive for extensions like .dll, .exe and .scr. If you find something you don't know what it is, delete it! Keep in mind that if you're transferring apps, there may be a lot of .dll and .exe files, so maybe keep applications in separate folders from videos, pictures, etc.
 
------------
 
On the other topic, you don't have to reinstall Windows. You said Malwarebytes didn't detect anything, so please try Hitman Pro:
 
1. Download Hitman Pro 32 bits if your OS is 32 bits or Hitman Pro 64 bits if your OS is 64 bits.
2. Run it. You should see this screen. Press next:

 
3. Select "no, I want to perform a one time scan to check this computer" and press "next":

 
4. After the scan completes (could take a while, since some suspicious files in your PC can get uploaded to the cloud for scanning), DON'T REMOVE ANYTHING YET! In the bottom left of the screen, click "Save log":

 
5. Close HitmanPro and please copy the log and post it here.

http://www.bleepingcomputer.com/forums/t/577154/steam-scr-file-hidden-keylogger-on-pc/
Relevancy 29.24%

Hello,
 
I am having a problem with my computer. When i type a letter types different letters for the keys. The letter changes every time i type to different letters.This makes it hard for me to type a readable word.
 
note i did not type this with the infected pc for the above reason.

A:Am I infected i my have a keylogger

Try to install Zemana anti Keylogger free or 15 days trial if you want to be sure you can download for free Zemana Anti Malware for 30 days trial very effective anti-malware from this site www.zemana.com

http://www.bleepingcomputer.com/forums/t/530754/am-i-infected-i-my-have-a-keylogger/
Relevancy 28.81%

I got this message from a friend pc? on hidden keylogger Steam .scr file who added me about wanting to trade Steam .scr file hidden keylogger on pc? he sent me some link and out of my ignorant stupidity i clicked it and Steam .scr file hidden keylogger on pc? it downloaded i opened it thinking it was some screenshot since it had the whole scr thing at the end and it basically exited me out of steam and brought out the Login screen the steam log in screen looked slightly differant by this time i figured it was some kind of key Steam .scr file hidden keylogger on pc? logger so i immediately uninstalled steam logged on my other PC changed my passwords for everything about a minute after i think my internet went off for secs and wondered why my antivirus or anti malware didn't picked it up till avast finally said it blocked a threat as soon as it was quarantined i just deleted it But i'm still not sure if some kind of keylogger is hidden on this pc i've ran malwarebytes avast spybot super antispyware none of them detected anything related i've followed discussions on this and tried using google on what the file name was not sure if it's the same thing though it seems sohttps malwr com analysis NmEzZmYzZDI NTIwNDU ZTg ZDRl http www reddit com r pcmasterrace comments m a st i've read some comments saying it isn't a keylogger saying it directly controls your steam exe program as it's running and trades the items from your account in an instant I just reinstalled steam on the same pc and risked using the account again no items were traded and no it hasn't loged me out of steam while i leave it on I don't want to have to reinstall windows and everything all over again but if it's the only way to be sure i will what do you guys think

A:Steam .scr file hidden keylogger on pc?

Well, lets make sure you are not infected.
 
 
Download and run wipe  and system ninja,
 
https://privacyroot.com/software/www/en/wipe.php
https://singularlabs.com/software/system-ninja/
 
Then.....
 
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
https://www.piriform.com/ccleaner/download
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
 
Reboot your machine and then follow the  instructions below.
 
Step 1: eScanAV.
 
Disable your antivirus prior to this scan.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
 
Source
http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
Once you have updated the program, make sure the settings are the same as the picture below.
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.
 
Step 2: Zemana
 
Run a full scan with Zemana antimalware.
http://www.zemana.us/product/zemana-antimalware/default.aspx
Install and select deep scan.

Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply.
 
 
Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.
Source
http://thisisudax.org/
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

http://www.bleepingcomputer.com/forums/t/575508/steam-scr-file-hidden-keylogger-on-pc/
Relevancy 29.67%

I have a computer on which I've almost finished cleaning up the usual slew of adware and other rubbish but there's one item remaining that I can't figure out. I've run rkill, sc_cleaner, JRT, roguekiller, adwcleaner, malwarebytes, an avast boot-time scan and the boot CD scans with both avast and kaspersky antivirus and while they've removed quite a bit of rubbish I can't remove, or figure out, this last entry. I can's see anything using Autoruns that leaps out at me either.
 
Roguekiller is reporting, on the "rootkit" tab, in red, the following entry :
 
Detection                                       Name                                                                  Module
Filter : (Root.Keylogger)                \Driver\kbdclass @ \Device\0000007b               \Driver\eabfiltr @ Unknown
 
Can anybody tell me how to figure out if this is genuine malware or if it's simply misidentified by Roguekiller?
 
Many thanks

A:Possible keylogger

Welcome aboard  RogueKiller is not allowed in this forum so... Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/570651/possible-keylogger/
Relevancy 29.24%

Symptoms
after about 30 min the computer slows down and when typing letters get skipped, unless i type slowly. then after a while it clears up and then slows down again.
when i try running comodo cleaning essentials cce closes after two seconds, when i try running comodos autoruns same thing.
when comodos killswitch is running i noticed that a new process starts, autoruns dies and the process goes away. it starts with an f but i cant catch more than that.
AVG and malawarebytesa run fine, just dont find anything.
 
i plugged the drive into another system and scanned with avg, Emsisoft Emergency Kit, and malawarebytes. all come up clean. autoruns from sysinternal is also clean as is comodo autoruns.
 
what now?
 
thx
jo

A:might be hidden keylogger

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting prompt.MBAR will st... Read more

http://www.bleepingcomputer.com/forums/t/548368/might-be-hidden-keylogger/
Relevancy 27.95%

Does anyone know of any? So far I have found SpyScreen 3.5 which doesnt work, and a couple others from Cnet, Tucows, which also dont work (and want to install toolbars etc.). I know free is free, but if anyone can recommend a good one that would be great!

A:Good free keylogger/screen capture program?

Hi,
I don`t think anybody here would like Discussing about keyloggers.......
This forum is infact helps people identify such software so that they can remove it from the PC not install it......
 
Curious but why do you need a Keylogger ?(Other than Stealing info.)

http://www.bleepingcomputer.com/forums/t/486425/good-free-keyloggerscreen-capture-program/
Relevancy 27.95%

Hi trying to determine whether this is the case have posted the HJT log below I cant see anything dodgy but hope that someone who has knowledge in this area could advise Many thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Google Chrome Application chrome exe C Program Files x NovaStor NovaStor NovaBACKUP Buffalo Suite nsCtrl exe C Program Files x BUFFALO NASNAVI NasNavi exe C Program Files x Friends pc has infection/programme thinks keylogger/monitoring Samsung Kies KiesTrayAgent exe C Program Files x BUFFALO NASNAVI nassche exe C Program Files x Google Chrome Application chrome exe C Program Files x CyberLink Power Go CLMLSvc P G exe C Program Files x Dell Update DellUpTray exe C Program Files x Spybot - Search amp Destroy SDWelcome exe C Program Files x Spybot - Search amp Destroy SDUpdate exe C Program Files x Google Chrome Application chrome exe C Program Friends thinks pc has keylogger/monitoring infection/programme Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Users LeanneandRobert Friends thinks pc has keylogger/monitoring infection/programme Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http dell msn com pc DCJB R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http dell msn com pc DCJB R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - Friends thinks pc has keylogger/monitoring infection/programme Hosts mssplus mcafee com O - BHO ExplorerBHO Class - D D E- - E -B F- CB CD E - C Program Files Classic Shell ClassicExplorer dll O - BHO Norton Family BHO - B E - - f -B - B E - C Program Files x Norton Family Engine coIEPlg dll O - BHO ClassicIEBHO Class - EA -E AD- BD - F - BE A - C Program Files Classic Shell ClassicIEDLL dll O - Toolbar Classic Explorer Bar - B -A D - -BE -D CE D - C Program Files Classic Shell ClassicExplorer dll O - HKLM Run KiesTrayAgent C Program Files x Samsung Kies KiesTrayAgent exe O - HKLM Run SDTray C Program Files x Spybot - Search amp Destroy SDTray exe O - HKCU Run GoogleChromeAutoLaunch B F C DF AFE FCFBD C Program Files x Google Chrome Application chrome exe --no-startup-window O - HKLM Policies Explorer Run BtvStack C Program Files x Dell Wireless Bluetooth Suite BtvStack exe O - Startup BUFFALO NAS Navigator lnk C Program Files x BUFFALO NASNAVI NasNavi exe O - Startup NAS Scheduler lnk C Program Files x BUFFALO NASNAVI nassche exe O - Global Startup McAfee Security Scan Plus lnk C Program Files McAfee Security Scan SSScheduler exe O - Global Startup NovaBACKUP Buffalo Suite Tray Control lnk C Program Files x NovaStor NovaStor NovaBACKUP Buffalo Suite nsCtrl exe O - Extra button no name - E -AF D- FBA- E - ADA - C Program Files Classic Shell ClassicIE exe O - Extra 'Tools' menuitem Classic IE Settings - E -AF D- FBA- E - ADA - C Program Files Classic Shell ClassicIE exe O - Options group ACCELERATED GRAPHICS Accelerated graphics O - Trusted Zone http novastor cleverreach com O - Trusted Zone http google-analytics com O - Trusted Zone http novastor com O - Protocol dssre... Read more

A:Friends thinks pc has keylogger/monitoring infection/programme

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.POST THE LOG FOR MY REVIEW.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===How is the computer running now?Wait for further instructions.

http://www.bleepingcomputer.com/forums/t/588917/friends-thinks-pc-has-keyloggermonitoring-infectionprogramme/
Relevancy 28.81%

I just found this article in PC World Spector was extremely Win10 Lincoln Spector keylogger on approachable to all of us in PC World forum until it closed two years ago So when he says something and you dispute him he reconsiders Lincoln Spector on Win10 keylogger And unlike many can Lincoln Spector on Win10 keylogger admit or change his position So he's worth reading This topic shouldn't be too much of a surprise because at installation you're told about Cortana At the same time many of the Win fanboys like Ed Bott deny what 'Cortana' has to mean keylogging Else it cannot work and the installation's quite clear about that So now Spector is too And what he says is pretty familiar with one big exception he calls a spade a spade What Bott denies Spector admits YES built-in keylogger And since you really can't stop Cortana turn her Lincoln Spector on Win10 keylogger services off and in seconds you'll see the process restart you can't afford any confidential data on a Win machine So if not then why Win at all As it stands the machine's only good for a public library where that kind of recordkeeping is important Or in Enterprise where they can CONFIGURE what to turn off and on But consumers and Pro users can't do this My position on all this is too well known so I'll say no more What's yours How does the article affect you and what danger do you see

A:Lincoln Spector on Win10 keylogger

I already turned it off in the Privacy settings, as described in the article.  I'm not terribly worried.  Google has my browsing history too, which is probably more of a worry (do they still track you in "Incognito" mode?   ).  If they really want to know what I'm typing so much that even when disabled in the Privacy settings, it still sends keystrokes to MS then yes I'd be annoyed. Is that is what you're saying happens?
 
But ultimately I don't type anything that interesting anyway 

http://www.bleepingcomputer.com/forums/t/589215/lincoln-spector-on-win10-keylogger/
Relevancy 27.52%

The Path: Users/PC/AppData/Local/Microsoft/Windows/WebCache has several files, including text files that are somewhat readable. It appears that upon viewing, they show every file you visited on your computer, and most likely, every keystroke. An example is this:.....

V i s i t e d : P C @ f i l e : / / / C : / G a m e s / W o r l d _ o f _ T a n k s / r e s _ m o d s / R T A N . x m l y u 1SPS? ? F             @ ???.0?? S O 1SPS? ? F

I just pasted a minute fraction of one of the logs. Why does windows need to keep a file that shows everything I visit on my computer? Is this not a security risk if someone were to steal my laptop?

How do I stop windows from generating these?

Thanks

A:Users/Appdata/Local/Microsoft/Windows/Webcache KeyLogger..

Welcome to the forum. I think you have had most answers on your other post but you can goto setting in IE internet options and clear all history on exit so its not saved

http://www.pchelpforum.com/antivirus-firewalls-and-system-security/124475-users-appdata-local-microsoft-windows-webcache-keylogger.html
Relevancy 28.81%

If a keylogger is already present on one's OS, can Sandboxie, installed after-the-fact, quarantine the browser to where that when you close the sandboxed browser that Sandboxie quarantines and deletes what is logged before the keystrokes are sent to the host malware program??
 

A:Sandboxie vs. Pre-Existing Keylogger

Will Sandboxie protect me from malicious key-loggers?

Yes, to some extent. First of all, your system (outside the sandbox) must not have been already compromised by an installed key-logger. Sandboxie can not protect against key-loggers that are already running outside the sandbox.

You may want to consider always browsing sandboxed, so you don't accidentally get any key-loggers into your system.

It is very difficult to reliably detect a key-logger. For a lengthy explanation, see Detecting Key Loggers . So the most important tool Sandboxie offers you for protection against key-loggers, is to delete the sandbox.

When you stop all sandboxed activity (in all sandboxes), then proceed to delete the sandbox you're about to use, you can be fairly certain that all key-loggers are dead.Click to expand...


From FAQ

Detecting Keyloggers
 

https://malwaretips.com/threads/sandboxie-vs-pre-existing-keylogger.16339/
Relevancy 40.85%

Hello everyone here at MalwareTips We are working on our web filter which will can help Filter block collect Let's Web ad/tracker - servers MHT to you to keep the trackers away and block ads Also it will stop malware from communicating with the C amp C server s if the domain name is already in our database We won t release technical details for now later hopefully within - weeks in an other thread So we want to make the ad tracker servers list completely community based We will include everything what you report after checking if it s appropriate So feel free to report as MHT Web Filter - Let's collect ad/tracker servers to block much domains as you want and we will check and add all appropriate ones How a report should look like Example Domain google-analytics com Domain googletagservices com Click to expand Example If you can please use this method this makes verifying easier Link google-analytics com analytics js Link googletagservices com tag MHT Web Filter - Let's collect ad/tracker servers to block js gpt js Click to expand If you want to reply just to ask about the software or the system behind it don t do it as we won t tell anything now Thank you for understanding Thanks for everyone who will help us Moderator note The only replies to this thread should be those reporting a domain using the provided examples amp above Use the CODE tags for long lists All other replies will be deleted including questions nbsp

A:MHT Web Filter - Let's collect ad/tracker servers to block

Code:

Domain:0638.info
Domain:2mdn.net
Domain:2o7.net
Domain:8digits.com
Domain:aadserving.com
Domain:adadvisor.net
Domain:adasist.com
Domain:adcash.com
Domain:adcater.com
Domain:adform.net
Domain:adfox.ru
Domain:adhood.com
Domain:adlure.net
Domain:admost.com
Domain:adnexio.com
Domain:adnxs.com
Domain:adobedtm.com
Domain:adocean.pl
Domain:adplxmd.com
Domain:adpozitif.com
Domain:adprotected.com
Domain:adrazzi.com
Domain:adroll.com
Domain:adrttt.com
Domain:ads1-adnow.com
Domain:ads2-adnow.com
Domain:adscale.de
Domain:adslidango.com
Domain:adsniper.ru
Domain:adtech.com
Domain:adtech.de
Domain:adzerk.net
Domain:affsnetwork.com
Domain:ajansreklam.net
Domain:alephd.com
Domain:amazon-adsystem.com
Domain:amplifinder.biz
Domain:amung.us
Domain:atemda.com
Domain:bambar.net
Domain:bbelements.com
Domain:beelert.com
Domain:betburdaaffiliates.com
Domain:bizographics.com
Domain:bkrtx.com
Domain:bluekai.com
Domain:bounceexchange.com
Domain:chango.com
Domain:chartbeat.com
Domain:clicktale.net
Domain:cmcore.com
Domain:connextra.com
Domain:contextweb.com
Domain:coremetrics.com
Domain:cpatrendreklam.com
Domain:crazyegg.com
Domain:creativecdn.com
Domain:criteo.com
Domain:criteo.net
Domain:crwdcntrl.net
Domain:cxense.com
Domain:da-ads.com
Domain:demdex.net
Domain:dimml.io
Domain:directrev.com
Domain:doubleclick.net
Domain:dtscout.com
Domain:effectivemeasure.net
Domain:en25.com
Domain:engageya.com
Domain:ero-advertising.com
Domain:escinteractive.com
Domain:etracker.com
Domain:exelator.com
Domain:faggrim.com
Domain:flashtalking.com
Domain:flix360.com
Domain:flixcar.com
Domain:flixfacts.com
Domain:hit.gemius.pl
Domain:getshar.es
Domain:gigya.com
Domain:go-mpulse.net
Domain:google-analytics.com
Domain:googleadservices.com
Domain:googlesyndication.com
Domain:gravityrd-services.com
Domain:happilyswitching.net
Domain:histats.com
Domain:hitgelsin.com
Domain:hotjar.com
Domain:ibillboard.com
Domain:ilividnewtab.com
Domain:indexww.com
Domain:infolinks.com
Domain:junbi-tracker.com
Domain:kiosked.com
Domain:kissmetrics.com
Domain:krxd.net
Domain:leetmedia.com
Domain:liftdna.com
Domain:ligatus.com
Domain:likebtn.com
Domain:linkz.net
Domain:liverail.com
Domain:m6r.eu
Domain:mads.com
Domain:madsone.com
Domain:marinsm.com
Domain:marketo.net
Domain:med4ad.com
Domain:mediaplex.com
Domain:medyanetads.com
Domain:metaffiliation.com
Domain:metrics34.com
Domain:mgid.com
Domain:mlstat.com
Domain:mobisla.com
Domain:mobytrks.com
Domain:msads.net
Domain:myswitchads.com
Domain:netaffiliation.com
Domain:netbookmedia.com
Domain:netmng.com
Domain:newrelic.com
Domain:nexage.com
Domain:nr-data.net
Domain:nuggad.net
Domain:oclaserver.com
Domain:oclasrv.com
Domain:omtrdc.net
Domain:onclasrv.com
Domain:onclickads.net
Domain:onlinewebstat.com
Domain:onlinewebstats.com
Domain:openx.net
Domain:optimizely.com
Domain:oringmedia.com
Domain:oroll.com
Domain:oxcdn.com
Domain:parsely.com
Domain:perfectaudience.com
Domain:petametrics.com
Domain:pingdom.net
Domain:pixenka.com
Domain:pmelon.com
Domain:popads.net
Domain:popmarker.com
Domain:pradma.com
Domain:prfct.co
Domain:promoviral.com
Domain:pub2srv.com
Domain:pubmatic.com
Domain:pxlad.io
Domain:qservz.com
Domain:quantserve.com
Domain:regadsgx.com
Domain:reklamaction.com
Domain:reklamalan.com
Domain:reklampazar.com
Domain:reklamport.com
Domain:reklamstore.com
Domain:reklamz.com
Domain:reviveservers.com
Domain:revsci.net
Domain:rubiconproject.com
Domain:sail-horizon.com
Domain:say.ac
Domain:sayyac.com
Domain:scarabresearch.com
Domain:scorecardresearch.com
Domain:segmentify.com
Domain:serve-sys.com
Domain:serving-sys.com
Domain:skinected.com
Domain:smaclick.com
Domain:smartadserver.com
Domain:sociomantic.com
Domain:sonobi.com
Domain:statcounter.com
Domain:strands.com
Domain:stroeerdigitalmedia.de
Domain:studads.com
Domain:struq.com
Domain:supert.ag
Domain:swbdds.com
Domain:tapfiliate.com
Domain:triggit.com
Domain:tynt.com
Domain:uzmanreklam.com
Domain:uzreklam.com
Domain:veeseo.com
Domain:virgul.com
Domain:visilabs.com
Domain:visilabs.net
Doma... Read more

https://malwaretips.com/threads/mht-web-filter-lets-collect-ad-tracker-servers-to-block.46693/
Relevancy 27.52%

SpyShelter is a big step towards better privacy protection SpyShelter Free Anti-Keylogger is now working with bit platforms and it includes a limited Keystroke Encryption driver SpyShelter Premium and SpyShelter Firewall also received a new advanced feature user defined protected files list SpyShelter Free was released on June and it was dedicated for bit operating systems only Since then it s anti-keylogging capabilities were evolving together with SpyShelter Premium and SpyShelter Firewall Today we lift the bit embargo From now on SpyShelter Free Anti-Keylogger yes the name has also changed supports Microsoft Windows XP Vista amp bit On top of that it is equipped with a limited keystroke encryption driver While SpyShelter Premium Anti-Keylogger SpyShelter with The new 64-bit for Free support version of Windows and SpyShelter Firewall encrypt keystrokes of all applications SpyShelter Free Anti-Keylogger keystroke encryption driver is limited to major browsers only Google Chrome Mozilla Firefox Internet Explorer Opera Browser SpyShelter Free Anti-Keylogger also became available for commercial use NOTE Microsoft Edge is not officially supported by our keystroke encryption driver It might work on some machines but we do not guarantee it at the moment This applies only to keystroke encryption module keep in mind that your Edge is still protected by standard Anti Keylogger modules and System Protection HIPS as you probably already The new version of SpyShelter Free Anti-Keylogger with support for 64-bit Windows know SpyShelter offers two layers of protection against monitoring malware The new version of SpyShelter Free Anti-Keylogger with support for 64-bit Windows You can read more about differences between SpyShelter Free Anti-Keylogger and paid versions here We have also added a new feature for advanced users It is now possible to create a list of files that will require additional permission when a process tries to access the file Read more here SpyShelter Changelog SpyShelter Free Anti-Keylogger now supports bit systems Free version offers now limited keystroke encryption feature Fixed a crash that occured in Network List Fixed a freeze problem in Windows Added early support for Windows build Other small improvements and fixes SOURCE https www spyshelter com blog spyshelter- - -released nbsp

A:The new version of SpyShelter Free Anti-Keylogger with support for 64-bit Windows

Compare SpyShelter Free with paid versions

Differences between SpyShelter Free Anti-Keylogger and paid versions

* Scope of the driver encryption key presses in SpyShelter Free Anti-Keylogger is limited only by the major browsers (Google Chrome, Mozilla Firefox, Internet Explorer, Opera Browser), and customization functions are restricted. Encrypt keystrokes SpyShelter Premium SpyShelter Firewall and supports all applications and is fully customizable.
** Security module system monitors a smaller number of processes than SpyShelter Premium and SpyShelter Firewall.
Protection mode off low-level keyloggers;
Screen protection is disabled;
Protection against logging and Mute;
Protection against unauthorized access to the web camera is turned off;
Module Internet Security is inactive;
Protecting user list file is not available;
Protecting the list of trusted signatures available;
Option in the pop-up completion notification is not available;
Mode sandbox (sandbox) available to users SpyShelter Free Anti-Keylogger;
Technical support for the free version is not available;
The free version is available for only one topic of interface design;
The free version is not possible to disable the monitoring of individual actions.
SOURCE: ????????? SpyShelter Free ? ???????? ???????? - ?????? Comss.?????????
 

https://malwaretips.com/threads/the-new-version-of-spyshelter-free-anti-keylogger-with-support-for-64-bit-windows.50385/
Relevancy 28.81%

SpyShelter Free Anti-keylogger is a comprehensive and effective security program designed to protect your computer against malicious agents from the online environment when it comes to rootkits, Trojans, keyloggers, and other types of malware.

New in SpyShelter Free Anti-keylogger 10.3:

Firewall network activity monitor now include UDP traffic
Fixed bug with multiple instances on different accounts
Fixed issue with account switching on Windows 10
Decreased number of false alerts on Windows 10
More programs by Datpol - Softpedia
SpyShelter Free Anti-keylogger Download
 

A:SpyShelter Free Anti-keylogger 10.3

Official Homepage - SpyShelter Anti Keylogger | World's Best AntiKeylogger Software

Changelog - SpyShelter 10.3 update

Download free version - SpyShelter Free Anti Keylogger | SpyShelter

Edit: Fixed post.
 

https://malwaretips.com/threads/spyshelter-free-anti-keylogger-10-3.51367/
Relevancy 29.24%

I was reading an old thread about Webroot Webroot questions, and people questioned its efficacy against R.A.Ts and keyloggers.

For someone who's a little paranoid about R.A.Ts/Keyloggers, does a mainstream AV provide adequate protection, or other software should be added (SpyShelter, Zemana, etc.)?

I use Avast free as my real-time AV, and may switch to Avira free or Panda free. How do these three AVs fare in terms of protection against R.A.Ts/Keyloggers?
 

A:Best R.A.T/Keylogger protection?

Lots of free anti-keyloggers,just goggle,also virtual keyboard is available in free Comodo Internet Security, really a excellent program ,good luck, Spyshelter and Zemana are highly rated but kind of expensive
 

https://malwaretips.com/threads/best-r-a-t-keylogger-protection.52582/
Relevancy 28.81%

Which is best free Anti-keylogger software?
 

A:Which is best free Anti-keylogger software?

For a good free version try this.
Zemana AntiLogger Free
 

https://malwaretips.com/threads/which-is-best-free-anti-keylogger-software.54735/
Relevancy 28.81%

Windows x Possible virus keylogger spyware Symptom Wave file created during computer startup- login wave file is empty nbsp nbsp Possible startup Keylogger - during Virus nbsp nbsp STREAM wav nbsp nbsp quot STREAM yearmonthday hourminuteseconds wav quot Have tried nbsp Microsoft Security Essentials nbsp nbsp nbsp nbsp No Viruses Detected nbsp Autorun nbsp nbsp nbsp nbsp detected the reg keys nbsp nbsp nbsp nbsp but I was unable to find or delete of them nbsp nbsp nbsp nbsp Listed reg keys at possible time able to research at MS nbsp nbsp nbsp nbsp were not found nbsp HKCU SOFTWARE Microsoft Windows CurrentVersion Explorer ShellServiceObjects nbsp nbsp nbsp nbsp PM nbsp HKLM System CurrentControlSet Control ServiceControlManagerExtension nbsp nbsp nbsp nbsp PM nbsp nbsp Windows Malicious Removal Tool nbsp nbsp nbsp Initial Scan nbsp nbsp nbsp nbsp detected infections during scan nbsp nbsp nbsp Possible Virus - Keylogger during startup nbsp but did not list them after scan was finished nbsp nbsp nbsp nbsp no malicious software deteced nbsp nbsp Secondary scan nbsp nbsp nbsp nbsp detected no infections nbsp nbsp nbsp nbsp no malicious software detected nbsp Malware Bytes Anti Rootkit nbsp nbsp nbsp nbsp nbsp found no problems

https://social.technet.microsoft.com/Forums/en-US/e66ba4c3-5764-4a97-88ea-b3a9554bff4a/possible-virus-keylogger-during-startup?forum=w8itprosecurity
Relevancy 28.81%

Hello, i tried keyloggers recently to see how they works, and i wonder how it can do that : it can (optionally) be hidden from running processes, but also having it's folder totally disappear when running in hidden mode, which means it does not appear even when hidden/system files are showing. How can i do that with an usual folder in which i want to hide files?

A:Question about keylogger special behavior..

Sorry but keylogger discussion is against forum rules.

http://www.sevenforums.com/general-discussion/393216-question-about-keylogger-special-behavior.html
Relevancy 28.81%

Ps I was not able to do laptop? my on Keylogger/virus the sysinfo check because I am using my phone So my younger cousin was at my house yesterday and wanted to use my laptop so I let her She was on club penguin and decided she wanted a free membership so she googled it and downloaded something which was an exe I don t know what the name of it was because I was letting her do her own thing at the time I didn t know she was going to install a virus So anyway after a few hours she went home and I went back to playing games and using the Internet when suddenly out of nowhere a chat box came up with no quot X quot button to close out of it quot Admin quot typed something like this quot thanks for your account quot I was really confused so I typed back quot what account quot And Admin replied quot your club penguin account quot I was immediately like quot oh crap quot At this time I knew my cousins account must ve been hacked There must be a key logger on my system But suddenly the admin typed again He said quot watch Keylogger/virus on my laptop? this quot And suddenly my mouse was moving on its own After doing a little bit of research with the little knowledge I have of computers I think it s a quot rat quot But I m too worried to turn on my computer again in case my computer gets controlled again After panicking and asking my friends they suggested to take out the battery from the laptop and not use it for a few days then take it to a professional But I don t want the chat opening to said professional because Well it would be weird Also my mum is going to be pissed at me for ruining my Christmas present I would love to get rid of this quot rat quot myself preferably I am using a Windows laptop and my cousin downloaded the virus yesterday I have to do school work on this laptop so please any help is appreciated Any at all Please bear in mind I m a noob with computers so if you can explain it in the easiest terms possible it will help a lot Also malware bytes found nothing on my system when I did a scan Thanks nbsp

https://forums.techguy.org/threads/keylogger-virus-on-my-laptop.1170354/
Relevancy 28.81%

Are you running anti-keylogger? Please mention your software & experience.

I checked out Zemana, Spyshelter & KeyScrambler free/paid.

Zemana & Spyshelter seems kinda bloated. I mean HIPS & all included.
KeyScrambler seems good & no bloats.

Recommendation & Suggestion are welcome.
 

A:Anti-Keylogger Software

The ones you listed are the only ones I know of. I don't honestly feel this ZAM-AL bloat, unless the paid version is a little heavier which I haven't used. I can't speak for SpyShelter, strangely enough, I've heard it runs quite light. KeyScrambler I've only heard good things about, and of course, it's free. I can't think of any other antiloggers that aren't apart of some security suite.
 

https://malwaretips.com/threads/anti-keylogger-software.59403/
Relevancy 28.81%

I installed qihoo 360 on windows 10 and i didnt come with "keylogger protection" in the privacy protection section, but on windows 7 it did. Does qihoo 360 still come with keylogger protection??
 

A:Qihoo 360 anti-keylogger windows 10

I believe it is only in the 'Security' policy, but I haven't used Qihoo for a while so I could be wrong...
 

https://malwaretips.com/threads/qihoo-360-anti-keylogger-windows-10.59499/
Relevancy 28.81%

I was on a MMORPG help site Keylogger Removal Problems Trojan when I was notified of a Trojan Keylogger virus I tried to Trojan Keylogger Removal Problems run a scan but it wouldn't let me open any programs and crashed all Trojan Keylogger Removal Problems programs I was running That being Mozilla Firefox I opened my task manager and found that my account had a process running quot edx exe quot and after a quick search I was able to discontinue the process and use the Eraser program to get rid of the downloaded file that said it was only bytes The program was on my computer for no more than minutes What I found after deleting the quot edx exe quot was that the registry on my computer had been corrupted All media type files open up fine in their respective programs but programs themselves cannot open When clicking on a program such as Firefox the quot Open with quot window pops up asking me what program that I want to use Trojan Keylogger Removal Problems to open the program I'm already trying to open The programs will open if I click on it again in the quot Open with quot window but not right out of the icon Having no idea what to do now help would greatly be appreciated

A:Trojan Keylogger Removal Problems

You are still infected. We cannot help you with malware removal here, please head over to Virus/Trojan/Spyware Help and post there for more help.
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

http://www.techsupportforum.com/forums/f10/trojan-keylogger-removal-problems-582007.html
Relevancy 41.71%

Hey Team I am not to sure if this would be the right place to seek help for my issue neways GUYS i am time Idle tracker having a hard time in my organization there is a new application installed on every employees system which is Idle time tracker known as the quot time tracker quot NOw the concern is that if you do not touch the keyboard or the mouse for min it counters a idle time and then adds up to my break time i do not have admin rights to research on it and also my tried effort went in vain I created autorefresh java html script it did not work it refreshed but did not help in idle time Tried website redirect again disappointment it redirects but again did not help in idle time i would be GLAD can you guys can help me find a solution to over come the idle time OS- winxp sp i have restrictions as i am on domain group policy

A:Idle time tracker

Hi and welcome to TSF

I guess, in this day in age, be thankful you have job. I guess the "boss" expects you work since he/they are paying you.

What you are asking we can't help. You basically asking for a work around a
restriction that has been placed on you PC or a requirment of the employer.

Please take the time to review our rules again, they can be found here in case you missed it:

http://www.techsupportforum.com/rules.php

Closing this post.

BG

http://www.techsupportforum.com/forums/f10/idle-time-tracker-471292.html
Relevancy 28.38%

Hello, as the topic title says i think i've got a key logger on my main computer, my Yahoo! email account and World of Warcraft account have both been compromised. I changed the information on a safe computer, but i wish to remove the key logger. Now i know that reformatting is also an option, but i cannot because when i boot from my windows XP CD there is no option to reformat, only repair. Any help on both subjects would be great. I should also add that i'm not using vista 64 bit anymore, I am on Windows XP 32 bit.

A:I think i've got a keylogger on my main system/I can't reformat my computer

Hello and Welcome to TSF,

Use a hard drive utility first to erase it, before installing windows on it.

How to successfully start a fresh install of windows:

1. Enter bios, by pressing F1, F2, F10, delete upon booting up, depending on pc you have,

Go to boot devices
floppy
cd/drive rom
harddrive
other deices (optional) varies on different pc`s.

2. Get a harddrive utility for the HD.
http://www.tacktech.com/display.cfm?ttid=287
Try seatools - works for other harddrives also.

If there isnt one for your harddrive then get one of these to use:

dban - http://www.dban.org/download
killdisc - http://www.killdisk.com/downloadfree.htm

3. Run a harddrive test.
4. Run a full erase.
5. Remove cd disc utility
6. turn off pc
7. turn on pc and let it boot you should get a disc error (this is good)or missing OS.
8. Put your cd disc of windows in and reboot pc and press enter to boot from your windows
disc.
9. Install drivers
10. Install protection
11. Update windows


The reason for erasing harddrive with a HD utility program first is that it will erase
everything on HD, as formatting only prepares drive for installation of windows, doesnt
necessarily wipe out harddrive from information.

Note: Its always good to perform the harddrive test, saves alot of time in future and
takes the guess work out of the problems you may incur in installing windows.

Please mark post solved under thread tools if this fixes your problem, ty.

http://www.techsupportforum.com/forums/f10/i-think-ive-got-a-keylogger-on-my-main-system-i-cant-reformat-my-computer-378258.html
Relevancy 28.81%

I tried this software called anti-keylogger to try and detect if anyone was messing around with my computer.
So after finding out it is not what I want, I uninstalled it using the application's uninstaller but it is still active on my machine.
I tried add/remove from my control panel, nothing.
I tried to delete the folder and it says that it is being used by another application explore.exe.
How do I get rid of this thing?
Any help would be appreciated.
Oh yeah and the company offers no links for help. They might be out of business.

A:[SOLVED] Anti-Keylogger issue

Once it's gone from the CP, just delete the other folders as they may just be the setting folders, temporary folders, etc.

http://www.techsupportforum.com/forums/f10/solved-anti-keylogger-issue-368951.html
Relevancy 28.81%

Hello All I'm hoping for a little assistance with one of my users User called to report that his G hd is running low on disk space I connected and found that the o s is showing on G remaining His disk utilization according to what we can see should be at about G I had him run a couple of apps including http www foldersizes com and there are a few Possible KeyLogger, disk space Running of out items that I don't recognize I have attached the screenshots that he provided I also had him run hijackthis and log file is below Specifically O - HKLM Run nwiz nwiz exe installquiet keeploaded nodetect makes me nervous and I haven't been able to find any definitive information on this Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ibmpmsvc exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C WINDOWS system spoolsv exe C Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exe C WINDOWS system cisvc exe C Program Files Possible KeyLogger, Running out of disk space Cisco Systems VPN Client cvpnd exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Intel Wireless Bin EvtEng exe C WINDOWS system inetsrv inetinfo exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C Program Files iWin Games iWinTrusted exe C Program Files Java jre bin jqs exe C Program Files lotus notes ntmulti exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Symantec AntiVirus Rtvscan exe C Program Files Common Files Lenovo tvt reg monitor svc exe C WINDOWS System TPHDEXLG exe C Program Files Lenovo Rescue and Recovery rrpservice exe C Program Files Lenovo Rescue and Recovery rrservice exe C Program Files Common Files Lenovo Scheduler tvtsched exe C Program Files Lenovo Rescue and Recovery UpdateMonitor exe C Program Files VMware VMware Server vmware-authd exe C Program Files Common Files VMware VMware Virtual Image Editing vmount exe C WINDOWS system vmnat exe C Program Files ThinkPad Utilities PWMDBSVC EXE c program files lenovo system update suservice exe C WINDOWS system vmnetdhcp exe C Program Files ThinkPad ConnectUtilities AcSvc exe C Program Files ThinkPad Bluetooth Software bin btwdins exe C Program Files ThinkPad ConnectUtilities SvcGuiHlpr exe C WINDOWS Explorer EXE C Program Files TortoiseSVN bin TSVNCache exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system TpShocks exe C Program Files Analog Devices Core smax pnp exe C Program Files Windows Defender MSASCui exe C Program Files Lenovo HOTKEY TPOSDSVC exe C Program Files VMware VMware Server vmserverdWin exe C PROGRA Lenovo NPDIRECT TPFNF SP exe C WINDOWS system rundll exe C Program Files Lenovo HOTKEY TPONSCR exe C Program Files Lenovo Zoom TpScrex exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C WINDOWS System DLA DLACTRLW EXE C program files Perficient IT Collect collect exe C Program Files Common Files Lenovo Scheduler scheduler proxy exe C WINDOWS system rundll exe C PROGRA ThinkPad UTILIT EzEjMnAp Exe C PROGRA THINKV PrdCtr LPMGR exe C PROGRA THINKV PrdCtr LPMLCHK exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files The Weather Channel FW Desktop DesktopWeather exe C Program Files Messenger msmsgs exe C Program Files ThinkPad Bluetooth Software BTTray exe C Program Files Common Files Lenovo Logger lo... Read more

A:Possible KeyLogger, Running out of disk space

Hi,

You need to follow the directions from this. Then post a new thread in the Virus/Trojan/Spyware forum.

I will close this thread so that others can't try and help you.
Cheers!

http://www.techsupportforum.com/forums/f10/possible-keylogger-running-out-of-disk-space-334349.html
Relevancy 29.24%

Hi guys,
I need the name of best keylogger available out there.It can be even above 200$ JUST TELL THE NAME. Also tell me that is it safe to download and use keylogger for home pc?

A:advice on keylogger

We don't assist with such requests here, I suggest a reading of the Tech Support Forum Rules & Conduct.

http://www.techsupportforum.com/forums/f10/advice-on-keylogger-317311.html
Relevancy 28.81%

I m a new poster of this forum That s why may be I m not sure if this is the right sub forum to post my posting Anyway for some days my computer keylogger Behavior Similar to is affecting by a strange to me problem Below I stated that For few days when I start my computer I ve been seeing that after starting the Behavior Similar to keylogger hard disk light is continuously flashing dim Behavior Similar to keylogger even when the computer is idle While flashing sometimes the light flash deeply and at that moment the computer turned into hang for few seconds around or seconds nothing can be done for that few seconds even if I press any key of the keyboard I m using Kaspersky Internet Security KIS While this is happening to my computer one day the avp active virus protection of KIS shows a message that Behavior similar to keylogger activity Then I click on the option View Report After that the report window of the KIS opened and there I found a driver file named FSHOTKEY for which KIS shows the above warning message After that I searched the above file through out my whole computer and found that the above file is in this C WINDOWS system drivers path location And the file indicates the followings It s a system file Full name Farstone hot key driver File version Company Farstone Inc Date Created AM Size KB Now I m confused what to do in this situation However I m using Virtual Drive software And I think this system file is for that software Now please suggest me what to do to recover from this miserable circumstances I m really stuck on this problem and can t do anything smoothly in my computer

http://www.techsupportforum.com/forums/f10/behavior-similar-to-keylogger-296346.html
Relevancy 28.81%

Ok so I play world of warcraft and recently my account was hacked by a keylogger meaning plz Warcraft help hacked 2x - keylogger World of my character had all money gear stolen etc I went to the WoW Customer support forums and found steps to remove keyloggers So I ran both Ad-aware and Spybot S amp D and my anti-virus avast free edition and got rid of a number of trojans and even viruses I quarantined them Thinking it was safe the company was able to restore my character's inventory to how it was before and I resumed playing However last night I was hacked again and this time my password was changed I'm the only one that knows this password Obviously the key logger is still there I'm not a computer buff at all I only know the basics of spyware removal programs like ad-aware etc I know of Hijack this and all but have never actually used it World of Warcraft keylogger - hacked 2x plz help before Can someone please help me remove this keylogger I'm quite busy today but I will try to filter in and out of the forums to see if anyone has replied Sorry if I take longer to respond today Thanks a lot

A:World of Warcraft keylogger - hacked 2x plz help

This the place to start:

http://www.techsupportforum.com/secu...oval-help.html

BG

http://www.techsupportforum.com/forums/f10/world-of-warcraft-keylogger-hacked-2x-plz-help-238882.html
Relevancy 29.24%

I do contract product support for different companies I have established an identity for each plus my personal identity in roboform For several days now my identity buttons on my Roboform browser tool bar have been doing something strange at about minute intervals They seem to not display then display again in sequence From right to left in nano-seconds Very rapidly I Keylogger Else? Something Infected Is With Or My PC A didn't think Is My PC Infected With A Keylogger Or Something Else? much of it at first Don't ask me why I should have immediately been suspicious It's almost like something is reading those identities in sequence A few days back XoftSpy malware program caught a keylogger on my system WebSnitch is a keylogger that captures keystrokes and screenshots The information can be sent to an email address I went through the fix operation and it said it deleted the dll file that was the culprit But still I am having this weird deal happen with the Roboform buttons Now Roboform is not the only program affected by this issue It appears that it is obviously taking up CPU power when it happens but in watching my processes no running program is showing the usage It just spikes to for the to seconds it is happening and then goes back to normal So does what is happening here sound like symptoms you have heard of before or that anyone that reads this post may have experienced and cured ANY thoughts on this issue will be greatly appreciated

http://www.techsupportforum.com/forums/f284/is-my-pc-infected-with-a-keylogger-or-something-else-232699.html
Relevancy 29.24%

Hi guys

Is there such a thing as a safe keylogger? I've been asked to do so PI work and stupidly I said yes without really knowing *****.

Help!

A:A safe keylogger?

http://www.techsupportforum.com/rules.php
5th paragraph @general
and for fun read INTENTIONALLY HARMFUL ADVICE

http://www.techsupportforum.com/forums/f10/a-safe-keylogger-179983.html
Relevancy 29.67%

Hi,

Im looking for a keylogger to hopefully run in the background with no image on the taskbar and to startup when windows does.

Hopefully one that will send the information to my email address. or not.

Thanks

Jay.

A:Keylogger

sorry we cannot be of any help on this topic.
part of the forum rules:

Quote:




We will not provide any user with information about the location of websites that assist with software pirating, hacking, password cracking and keystroke recording software. Furthermore we will not offer advice, assistance or instruction with regard to any of the above activities, illegal or otherwise.

http://www.techsupportforum.com/forums/f10/keylogger-164251.html
Relevancy 42.14%

Hi, I was wondering if any has heard of a facebook tracker that allows you to see what people have viewed your profile, and if it is out there what are the steps to get it? thanks.

Keith

A:Facebook Tracker

im almost 100% sure there is no such thing. you might be able to see the ips of the people but i dont htink so.

http://www.techsupportforum.com/forums/f10/facebook-tracker-137791.html
Relevancy 28.81%

keylogger key snatch bonzi buddy and a lot removal help hjt /malware keylogger log lot a need with of of spy ware reported on my system i found a reference to these files listed below and have posted my hjt log Please help thanks c windows system wbocx ocx ---------------------------------------------------- c program files active- --------------------------------------------------- trojan downloader win swizzor w ------------------------------------------- keysnatch hkey local machine software classes clsid c d aa d baf b hkey local machine software classes clsid c d aa d baff- b e and c daa d baff b e hkey local machine sofeware classes interface c need a lot of help with hjt log /malware keylogger removal d aa d baf b e hkeylocal machine software class interface c d aa d baf b e hkey local machine software classes interface c d aa need a lot of help with hjt log /malware keylogger removal d baf b e c d aa d baf b e hkey local machine software splitter pane object hkey local machine software splitter pane object hkey local machine software splitter pane object clasid hkey local machine software splitter pane object Logfile of HijackThis v Scan need a lot of help with hjt log /malware keylogger removal saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files AVPersonal AVWUPSRV EXE C WINDOWS system cisvc exe C WINDOWS System svchost exe C WINDOWS SYSTEM ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system dla tfswctrl exe C Program Files MusicMatch MusicMatch Jukebox mmtask exe C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe C Program Files Common Files Real Update OB realsched exe C PROGRA Grisoft AVGFRE avgcc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Dell Media Experience PCMService exe C Program Files QuickTime qttask exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system lxamsp exe C WINDOWS System spool DRIVERS W X printray exe C Program Files BillP Studios WinPatrol winpatrol exe C Program Files AVPersonal AVGNT EXE C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files NetZero exec exe C Program Files LexmarkX AcBtnMgr X exe C Program Files LexmarkX ACMonitor X exe C Program Files CheckIt CheckIt exe C WINDOWS system cidaemon exe C WINDOWS system NOTEPAD EXE C Program Files ewido security suite ewidoguard exe C Program Files ewido security suite ewidoctrl exe C WINDOWS notepad exe C WINDOWS system lxbscoms exe C Program Files Acesoft Tracks Eraser Pro te exe C Program Files Acesoft Tracks Eraser Pro autocomp exe C Program Files ewido security suite securitysuite exe C Program Files Internet Explorer iexplore exe C WINDOWS system NOTEPAD EXE C unzipped hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http google com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer F - REG system ini UserInit userinit exe O - Hosts www dcsresearch com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO MSEvents Object - DC -DD F- A -A - EB A - C WINDOWS system xxyww dll O - BHO CheckIt Extension Class - DF - B - d -B F- A A E - C Program Files CheckIt CheckIt dll O - HKLM Run IgfxTray C WINDOWS System igfxtray ... Read more

A:need a lot of help with hjt log /malware keylogger removal

Hello docmay and welcome to TSF,

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to extract the files

*This will create a VundoFix folder on your desktop.
*After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
*Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
*You will first be presented with a warning and a list of forums to seek help at.
it should look like this
[quote]VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk

Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net
At this point press enter one time.

Next you will see:

Quote:




Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.




At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\xxyww.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

Next you will see:

Quote:




Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.




At this point, please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\wwyxx.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

The fix will run then HijackThis will open.

In HiJackThis, please place a check next to the following items and click FIX CHECKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\xxyww.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: xxyww - C:\WINDOWS\system32\xxyww.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
** Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! Once your machine reboots please continue with the instructions below.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
-Empty Recycle Bins
-Delete Cookies
-Delete Prefetch files
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

http://www.techsupportforum.com/forums/f284/need-a-lot-of-help-with-hjt-log-malware-keylogger-removal-71149.html
Relevancy 28.81%

Hi,
i run windows xp, have norton internet security 2005 (up-to-date), and various other spyware scanners. when norton antispy runs a scan, it finds the file C:\WINDOWS\system32\explorer.dll, and states that it is a hacktool. however when it tries to delete it, it always fails. i can't delete it manually, presumably because it is in use. i have searched through my running processes and cant find anything illegitimate, however im not that experienced! in the last few days, another problem has occurred, Explorer.exe keeps crashing, rusulting in that annoying apology from microsoft asking me to tell them about it. i would REALLY appreciate some help, ive exhausted every way i can think of to cure this.

Once again a huge please and thank you.

A:Norton finds keylogger but can't delete

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the HijackThis forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

http://www.techsupportforum.com/forums/f10/norton-finds-keylogger-but-cant-delete-49752.html
Relevancy 28.81%

I installed Ardamax Keylogger to monitor my daughter's internet usage due to her uncle teaching her how to look up porn, and now thats all she wants to do (who teaches a 7 year old that?) Anyway she's incredibly smart for her age so conventional methods of parental controls have been attempted and failed. But I digress...I bought Ardamax for $40 and installed it, everything works fine with the FTP delivery and stuff...but her computer freezes right up sometimes...do keyloggers significantly mess up computers? Because I thought it was safe being that it's licensed and a old and trusted company making it (not to mention my boss used to use it in his old office building). So do they? And is there a way to fix it so it doesn't mess with performance?

A:Ardamax Keylogger Freezing My Computer?

Hi,

Sorry but we cannot assist with this matter due to the forum rules:

Quote:




ASSISTANCE WITH ILLEGAL ACTIVITIES
We will not provide any user with information about the location of websites that assist with the following activities

* software pirating
* hacking
* password cracking
* keystroke recording software

We will also not offer advice, assistance or instruction with regard to any of the above activities, illegal or otherwise.




Perhaps removing internet access completely might be a better course of action?

http://www.techsupportforum.com/forums/f217/ardamax-keylogger-freezing-my-computer-569741.html
Relevancy 41.28%

Hi,

I'm looking for a simple Windows Vista desktop software that runs in the background that just keeps a log of the time that my laptop is on and running. I just want something to track the number of hours I work each day. I don't need to keep track of the tasks. And I don't want to have to turn on and turn off the program -- I want it to be completely automatic (but not a memory hog).

I've searched download.com. But all the software there seems quite complicated (ie, it requires me to enter in tasks, etc). Perhaps I searched the wrong thing (I searched "desktop time tracker").

Does anyone know of anything like this?

Thanks for the advice.

A:Looking for simple time tracker software

Hi, in XP it used to tell you "system uptime" now it records only "system boot time" still you can easily work out how long you have been on. Go to start accessories and right click on command prompt select "run as administrator" at the prompt type:- systeminfo press enter

http://www.techsupportforum.com/forums/f217/looking-for-simple-time-tracker-software-334151.html
Relevancy 29.67%

How to identify keylogger is working on pc ?

A:keylogger

Install an anti-keylogger and run a scan.

http://www.techsupportforum.com/forums/f131/keylogger-288213.html
Relevancy 29.24%

Recently my email I QUICK have help need think I keylogger/RAT, a and website passwords have been changing all of the sudden not by me I think I have a keylogger/RAT, need help QUICK ofcourse Just yesterday I was watching a youtube video and my mouse started moving around in circles and it WAS NOT ME I am certain that I have a RAT or something that gives control of my computer I did as instructed here are the logs DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by James at on - - Microsoft Windows Home Premium GMT - AV AVG Internet Security Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Internet Security Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW AVG Firewall Enabled CC - -F -D - E EA B Running Processes C PROGRA AVG AVG avgchsva exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Common Files logishrd LVMVFM UMVPFSrv exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Windows SysWOW svchost exe -k Akamai C Program Files Alienware Command Center AlienFusionService exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Autodesk ds Max mentalimages satellite raysat dsmax server exe c Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Program Files x AVG AVG avgam exe C Program Files x AVG AVG avgnsa exe C Program Files x AVG AVG avgemca exe C Windows system conhost exe C Program Files x Common Files Nero Nero BackItUp NBService exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files x TeamViewer Version TeamViewer Service exe C Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system atieclxx exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Intel Intel R Rapid Storage Technology IAStorDataMgrSvc exe C Windows system SearchIndexer exe C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Realtek Audio HDA RAVCpl exe C Program Files Alienware Command Center AlienwareAlienFXController exe C Program Files Alienware Command Center ThermalController exe C Windows System rundll exe C Program Files x Windows Live Messenger msnmsgr exe C Windows system wbem wmiprvse exe C Users James AppData Local Akamai netsession win exe C Users James AppData Local Akamai netsession win exe C Program Files x Intel Intel R Rapid Storage Technology IAStorIcon exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x AVG AVG avgtray exe C Program Files x AVG Secure Search vprot exe C Program Files x iTunes iTunesHelper exe C Program Files x NETGEAR WN v WN v exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Windows system wuauclt exe C Program Files x Logitech LWS Webcam Software CameraHelperShell exe C Program Files iPod bin iPodService exe C Program Files x AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files x Common Files Logishrd LQCVFX COCIManager exe C Program Fil... Read more

A:I think I have a keylogger/RAT, need help QUICK

BUMP, PLEASE someone reply!

http://www.techsupportforum.com/forums/f50/i-think-i-have-a-keylogger-rat-need-help-quick-671030.html
Relevancy 29.67%

Hi i think i have a virus keylogger and an active hacker he changed all my passwords of my life steam facebook hotmail etc here are some logs maybe you can find it DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Keylogger Run by seppe at on - - Microsoft Windows Home Premium GMT AV Norton Enabled Updated DF - - D- - DC EFD BF SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Norton Enabled Updated D BEB -B A- E - B -B B Keylogger FW Norton Enabled BE D -DB F- - AD - F E C FC Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows Keylogger system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System Keylogger svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x DeviceVM Browser Configuration Utility BCUService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x LogMeIn Hamachi hamachi- exe C Windows SysWOW PnkBstrA exe C ProgramData Skype Toolbars Skype C C Service c c service exe C Windows system svchost exe -k imgsvc C Windows system taskeng exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x ASUS EPU- Engine FourEngine exe C Program Files Microsoft LifeChat LifeChat exe C Program Files x Skype Phone Skype exe C Program Files Windows Sidebar sidebar exe C Program Files x ccadd CheckTelemeter CheckTelemeter exe C Program Files x Overwolf Overwolf exe C Program Files x DeviceVM Browser Configuration Utility BCU exe C Program Files x LogMeIn Hamachi hamachi- -ui exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Program Files x Common Files Overwolf OverwolfHelper exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files x Norton Engine ccSvcHst exe C Program Files x Norton Engine ccSvcHst exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows SysWOW Macromed Flash FlashPlayerPlugin exe C Windows system AUDIODG EXE C Windows system DllHost exe C Windows system DllHost exe C Windows system DllHost exe C Windows SysWOW cmd exe C Windows system conhost exe C Windows SysWOW cscript exe Pseudo HJT Report uStart Page hxxp www google be uInternet Settings ProxyOverride local uURLSearchHooks SearchHook Class bc e ab-eda - - f-ce b c f a - C Program Files x DeviceVM Browser Configuration Utility AddressBarSearch dll mWinlogon Userinit userinit exe BHO Spybot-S amp D IE Protection - f - d - - d f - C Program Files x Spybot - Search amp Destroy SDHelper dll BHO Norton Identity Protection adb e- aff- - aa - dac dfa - C Program Files x Norton Engine coIEPlg dll BHO Norton Vulnerability Protection d ec - aae- -aeee-f f c - C Program Files x Norton Engine IPS IPSBHO DLL BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - C Program Files x Oracle JavaFX Runtime bin ssv dll BHO Skype Browser Helper ae - e c- ed - f b-f f a - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - C Program Files x Oracle JavaFX Runtime bin jp ssv dll TB Norton Toolbar febefe - b - - d -ffb d b ca - C Program Files x Norton Engine coIEPlg dll uRun Steam quot C Program Files x Steam steam exe quot -silent uRun Skype quot C Program Files x Skype Phone Sky... Read more

Relevancy 29.67%

I play an online game and i dont know if i downloaded a keylogger or something but every other day i get hacked and lose all my hard earned money.

heres a log from OTL this can you tell me if there is any virus program in it?


oh and heres the extras. idk if you need it or not

A:Think i have a keylogger

Hello krunkkracker,

For an initial scan, we'd prefer you follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f50/think-i-have-a-keylogger-658242.html
Relevancy 29.67%

So I like to think of myself as a very careful internet browser I try to stay Keylogger Possible only on trusted sites I've had Utorrent installed but I don't Possible Keylogger think I've ever used it and sites Possible Keylogger I find even slightly suspicious I run in Sandboxie and delete the sandbox as soon as I'm done Maybe sandboxie isn't as safe as I was led to believe it was but I'm almost certain I have some sort of keylogger or virus of some sort The issue is that occassionally my mouse will start to sporadically jump all over the screen or things I'm typing come typed out as something else Recently when it was doing that I just sat Possible Keylogger back in frustration and seconds later I watch as it types out the second half of my password in a chrome search dialogue As you can probably imagine that scared me pretty intensely I use my computer for online banking and have bought a few things online too Luckily the password was for neither of those two things and I haven't noticed any of my e-mails or accounts as being compromised yet I'm running Windows Ultimate bit I have Microsoft Security Essentials installed My computer is an i with gbs of ram Here's the dds txt and attached is the attach txt I run bit so could not run GMer and so no Ark txt is attached DDS Ver - - - NTFSAMD Internet Explorer Run by tom at on - - Microsoft Windows Ultimate GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Program Files Sandboxie SbieSvc exe C Windows SYSTEM WISPTIS EXE C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows SYSTEM WISPTIS EXE C Windows SysWOW PnkBstrA exe C Windows SysWOW PnkBstrB exe C Windows system svchost exe -k imgsvc C Program Files Tablet Wacom Wacom Tablet exe C Program Files Tablet Wacom Wacom TabletUser exe C Program Files Microsoft Security Client Antimalware NisSrv exe C Program Files Tablet Wacom Wacom Tablet exe C Windows system SearchIndexer exe C Program Files NetWorx networx exe C Program Files Microsoft Security Client msseces exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files Logitech Logitech WebCam Software LWS exe C Program Files x iTunes iTunesHelper exe C Program Files Logitech SetPointG SetPointII exe C Program Files x Common Files Java Java Update jusched exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x Razer BlackWidow BlackWidowTray exe C Program Files x Common Files Logishrd LQCVFX COCIManager exe C Program Files iPod bin iPodService exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Windows Microsoft NET Framework v mscorsvw exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system SearchProtocolHost exe C Windows system msiexec exe C Windows System svchost exe -k swprv C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Windows SysWOW cmd exe C Windows system conhost exe C Window... Read more

A:Possible Keylogger

Hey, it's been a while posted this. I was just wondering if there was any response forthcoming and if it's an acceptable amount of time for me to be bumping this?

Thanks!

http://www.techsupportforum.com/forums/f50/possible-keylogger-633941.html
Relevancy 28.81%

I had been suspicious of the increasingly acceptable illegal use of a keylogger or other monitoring method on my PC KL Detector seems to be a straightforward approach of identifying prepared logs created by a keylogger since a keylogger can be quite stealthy Sharing seems to be the new desire of keyboard tapping youth using social media these days or at least that is what we are being spoon-fed to believe we want to do Many programs have pre checked the quot sharing quot box for us as a default as if we cannot click a mouse of our own consideration and preference I have reviewed many of the spyware/keylogger 9 you? correct can't Can this. logs and related files indicated by KL Detector as suspect and find them to contain more personal information about me rather than about system 9 spyware/keylogger can't correct this. Can you? info I have run Malwarebytes SuperAntispy Microsoft Essentials and others to be disappointed that KL Detector still locates all of these files As a stab at some form of scientific relativity I ran that same program on two other machines that have 9 spyware/keylogger can't correct this. Can you? been isolated from those who believe I have an apparent need to quot share quot my personal information so much that they are willing to help me get that out to everyone by betraying my trust KL Detector found no incidences or traces of any kind I am desperate to abandon my paranoia and possibly a friend or two This mornings log attached KL detector - log Below are some file operations that were done during the monitoring process Review them carefully and check for suspicious files C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles wid was created C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles ci 9 spyware/keylogger can't correct this. Can you? was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles dir was created C Users bruce ntuser dat LOG was modified C Users bruce ntuser dat was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles ci was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles dir was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles dir was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles dir was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles dir was modified C ProgramData Microsoft Search Data Applications Windows Projects SystemIndex Indexer CiFiles ci was modified C Users bruce AppData Local Google Chrome User Data chrome shutdown ms txt was removed C Users bruce AppData Local Google Chrome User Data Default Bookmarks bak was modified C Users bruce AppData Local Google Chrome User Data Default Bookmarks bak was modified C Windows Prefetch CHROME EXE- DEBE pf was modified C Windows Prefetch CHROME EXE- DEBE pf was modified C Users bruce AppData Local Google Chrome User Data Temp was modified C Users bruce AppData Local Google Chrome User Data Temp was modified C Users bruce AppData Local Google Chrome User Data Default Last Tabs was removed C Users bruce AppData Local Google Chrome User Data Default was modified C Users bruce AppData Local Google Chrome User Data Default was modified C Users bruce AppData Local Google Chrome User Data Default was modified C Users bruce AppData Local Google Chrome User Data Default History Provider Cache was modified C Users bruce AppData Local Google Chrome User Data Default Web Data-journal was created C Users bruce AppData Local Google Chrome User Data Default was modified C Users bruce AppData Local Google Chrome User Data Default Web Data-journal was modified C Users bruce AppData Local Google Chrome User Data Default Web Data-journal was modified C Users br... Read more

A:9 spyware/keylogger can't correct this. Can you?

2 days. 81 views, 0 replies. Pardon my impatience but is this not a place to come for help or is it a place one can come only to hope for help but leave disappointed.

http://www.techsupportforum.com/forums/f50/9-spyware-keylogger-cant-correct-this-can-you-607516.html
Relevancy 29.24%

How do you remove a keylogger?

A:How to remove keylogger?

We require a comprehensive set of logs to identify and begin the removal of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f50/how-to-remove-keylogger-592644.html
Relevancy 28.38%

Today I had someone stealing money out of my bank account via PayPal according to my bank who phoned me to tell me of a I URGENT!!! and Firewalls] from Do Security have keylogger[Moved unauthorized use I have ran Hijack this and saved a log on both my computers Could someone please check this for me Computer 'A' Hijack This Log download link Computer A Hijack This log log Computer 'B' Hijack This Log download link Computer B Hijack This log log Thankyou ALSO Could a jailbroken URGENT!!! Do I have a keylogger[Moved from Security and Firewalls] iPhone with added cydia sources get a keylogger on it Computer 'A' URGENT!!! Do I have a keylogger[Moved from Security and Firewalls] Hijack This Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Spybot - Search amp Destroy TeaTimer exe C Program Files Alwil Software Avast AvastUI exe C Program Files x iTunes iTunesHelper exe C Program Files x DivX DivX Update DivXUpdate exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Air Mouse Air Mouse Air Mouse exe C Program Files x Trend Micro HiJackThis HiJackThis exe C Windows SysWOW DllHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page Bing R - HKCU Software Microsoft Internet Explorer Main Start Page Facemoods Search R - HKLM Software Microsoft Internet Explorer Main Default Page URL MSN com R - HKLM Software Microsoft Internet Explorer Main Default Search URL Bing R - HKLM Software Microsoft Internet Explorer Main Search Page Bing R - HKLM Software Microsoft Internet Explorer Main Start Page MSN com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http start facemoods com a ddr amp s searchTerms amp f R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Increase performance and video formats for your HTML lt video gt - E D- - FD- C - A F - C Program Files x DivX DivX Plus Web Player npdivx dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dll O - BHO Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - DDEC - - cdd- E - DADAA E - C Program Files x DivX DivX Plus Web Player npdivx dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GROOVEEX DLL O - BHO URLRedirectionBHO - B F A - E - -BA - B E FF - C PROGRA MICROS Office URLREDIR DLL O - BHO Ask Toolbar BHO - D C F- A- -A AD- D - C Program Files x Ask com GenericAskToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar no name - D C F- A- -A AD- D - C Program Files x Ask com GenericAskToolbar dll O - HKLM Run avast quot C Program Files Alwil Software Avast avastUI exe quot nogui O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files x Common Files Adobe ARM AdobeARM exe quot O - HKLM Run DivX Download Manager quot C Program Files x DivX DivX Plus Web Player DDmService exe quot start O - HKLM Run QuickTime Task quot C Program Files x QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run BCSSync quot C Program Files x Microsoft Office Office BCSSync exe quot DelayServices O - HKLM Run DivXUpdate quot C Program Files x DivX DivX Update DivXUpdate exe quot CHECKNOW O - HKLM Run SunJa... Read more

A:URGENT!!! Do I have a keylogger[Moved from Security and Firewalls]

can anyone please help?

http://www.techsupportforum.com/forums/f50/urgent-do-i-have-a-keylogger-moved-from-security-and-firewalls-567776.html
Relevancy 28.81%

Ran the following programs CCleaner Ad-Adware Spybot S amp D MBAM BitDefender Online Scanner I do NOT have access to Windows Install Keylogger, Included Logs Suspected or Boot Disc DDS Ver - - - NTFS AMD Run by User at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Vista Ultimate GMT - AV Lavasoft Ad-Watch Live Anti-Virus Enabled Updated FF - D Suspected Keylogger, Logs Included -CE B- ECB-E A Suspected Keylogger, Logs Included A AV avast antivirus Enabled Outdated C D F - -E C- AA- DAD F SP avast antivirus Enabled Outdated C E - -EBB - A A- CA AE B B SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP Lavasoft Ad-Watch Live Enabled Updated - EE-C E - B-DC BDD BAB Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system nvvsvc exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Program Files x Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files x AIM aim exe C Windows ehome ehmsas exe C Program Files x Common Files Java Java Update jusched exe C Program Files x iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Program Files x Spyware Doctor BDT BDTUpdateService exe C Program Files x Common Files InterVideo DeviceService DevSvc exe C Program Files x Common Files LightScribe LSSrvc exe c Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Windows system svchost exe -k NetworkServiceNetworkRestricted c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files x Spybot - Search amp Destroy SDWinSec exe C Windows system WUDFHost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files iPod bin iPodService exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnscfg exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x World of Warcraft WoW exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Users User Documents wowTXT Core Temp exe C Program Files x Lavasoft Ad-Aware AAWTray exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Windows system SearchProtocolHost exe C Windows system msiexec exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Windows system SearchFilterHost exe C Windows explorer exe C Users User Downloads dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www yahoo com uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll BHO PC Tools Browser Guard BHO a f d b- - ff -b - cce e - C PROGRAM FILES X SPYWARE DO... Read more

A:Suspected Keylogger, Logs Included

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Ad-Watch Live and avast!. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/suspected-keylogger-logs-included-562638.html
Relevancy 29.24%

hey guys Recently I have become a victim to a mass hacking - my emails and accounts on various things have been about keylogger! a Scared hacked Scared about a keylogger! and passwords changed luckily I have salvaged some of my more important accounts I am currently writing to you via my laptop as Scared about a keylogger! my desktop PC is the one I am thinking is infected To begin I have these programs to protect me Avast AVG Norton HiJack This SUPERanti-spy Helios Lite Spybot - search and destroy CCleaner Now it all started roughly days ago I went to log into my email and it said my password was incorrect - so i repeated and repeated until I asked for a new password They said they sent it to an alternate email address - annoyingly I have never sorted out an alternative This happened basically for several other accounts that I had logged into that day I ran all the programs above to see if i had a virus keylogger all found slight errors bar AVG and AVAST AVG stated that there was a hidden key logger within my 'C ' Drive I went there manually and tried to delete it and it said it was in use by another user or program I ctrl delete'd and closed any suspicious processes and services I then moved to my Avast Avast said that I had a keylogger and would remove it for me - and so I completed the steps that removed my keylogger It was located in my explorer exe I then began to re-scan and re-scan all on in-depth long scans to ensure that everything was wiped I set my firewall to emergency mode which blocked traffic going in and out of my PC and continued to try and find the cause Long story short I became paranoid and still am that I have not removed this keylogger and my data was being sapped from me and probably being used on websites such as quot Doxsters net quot and others affiliated I decided to press f on start up to bring up my xpress recovery - I gave myself a restore to factory settings I had to re-install my drivers and download all my anti-spy and what not and refrained from using the internet when possible I began to run my scans and they all said that i was clear but im just so uncertain I began to loosen up and browsed cautiously around websites for Keylogger scanners - I was not successful It was then that I searched for something I had before i did a system restart and it was highlighted in purple indicating that I had visited this site before - and yet i hadn't on this fresh install It began to make me think that it didnt delete temporary files or aspects of my HDD are still being used - which brought my fear back of still having this keylogger I apologise for this long and boring commentary on my problem but I believe the more information I give you the better you can help me Pleas guys I came here because you were the top of the search list and the highest rated Thanks in advance Moderator's Note Bold and red color tags are removed Please keep your posts simple

Relevancy 29.24%

Hi I've completed all steps in the quot Read This Before Posting For Malware Removal Help quot -thread Description is that my hotmail i e live-account today sent out spam to all my Trojan/Keylogger? contacts I changed my password through my work computer but I wanna know if something on my home computer is registering my keystrokes for passwords or if it's anything else doing it I was not using my computer at the time of the mails being sent and the password was not changed I noticed because my inbox was full of mail not sent-messages Appreciate the help Btw it's a norwegian mail-account from hotmail so it's live no Here is the dds txt Trojan/Keylogger? DDS Ver - - - NTFS AMD Run by Ho-Man at on Internet Explorer BrowserJavaVersion Microsoft Windows Home Premium GMT Trojan/Keylogger? AV Microsoft Security Essentials Enabled Updated BF CEBDC-F D - - C-F CE FD E SP Microsoft Security Essentials Enabled Updated D A -D E - ACE- E C-CBBC A A DB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Essentials MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe Trojan/Keylogger? -k NetworkService C Windows system nvvsvc exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x HTC Internet Pass-Through PassThruSvr exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system WUDFHost exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Microsoft Security Essentials msseces exe C Program Files x RocketDock RocketDock exe C Program Files x ANI ANIWZCS Service WZCSLDR exe C Program Files x D-Link DWA- AirNCFG exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Common Files Nokia MPlatform NokiaMServer exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Spotify spotify exe C Windows system taskeng exe C Program Files x Windows Live Mail wlmail exe C Users Ho-Man AppData Local Google Chrome Application chrome exe C Program Files x Windows Live Contacts wlcomm exe C Users Ho-Man AppData Local Google Chrome Application chrome exe C Users Ho-Man AppData Local Google Chrome Application chrome exe C Windows system wbem wmiprvse exe C Windows servicing TrustedInstaller exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Windows system SearchProtocolHost exe C Windows system msiexec exe C Windows system SearchFilterHost exe C Users Ho-Man Desktop dds com C Windows system conhost exe Pseudo HJT Report uStart Page hxxp c telecomputing no TeleoptiCCC framework Login aspx mWinlogon Userinit userinit exe BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO P loggingshjelp for Windows Live ID d - c - abf- ecc- c - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Office Document Cache Handler b f a - e - -ba - b e ff - C PROGRA MICROS Office URLREDIR DLL BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - C Program Files x Java jre bin jp ssv dll uRun Google Update quot C Users Ho-Man AppData Local Google Update GoogleUpdate exe quot c uRun RocketDock quot C Program Files x RocketDock RocketDock exe q... Read more

Relevancy 29.24%

you must get this often but this is really bothering me I lived in Canada and recently may contain keylogger? laptop spent months in Syria where i bought a Toshiba laptop for a job training and than moved to Saudi Arabia where I am currently working During that time i was given CDs with all kinds of information related to work and all that of course i always scan using Kaspersky before exploring any content on a CD or USB but i have a strong feeling my laptop could be infected with softwares such as keyloggers and such I have no proof of that but my suspissions began when I was given a CD from a manager which was infected laptop may contain keylogger? kaspersky was able to clean it off laptop may contain keylogger? but I still am paranoid about the whole deal I hope you can help me I thank you in advance Leon Kaough P S loving the price of gas DDS Ver - - - NTFSx Run by LEO at on Internet Explorer Microsoft Windows Home Premium GMT Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Windows system hasplms exe C Program Files Intel Intel R Management Engine Components LMS LMS exe C Windows system svchost exe -k imgsvc C Program Files Toshiba TEMPRO TemproSvc exe C Windows system TODDSrv exe C Program Files TOSHIBA Power Saver TosCoSrv exe C Program Files TOSHIBA TECO TecoService exe C Windows System svchost exe -k secsvcs C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Intel Intel R Rapid Storage Technology IAStorDataMgrSvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Realtek Audio HDA RtHDVCpl exe C Program Files Intel Intel R Rapid Storage Technology IAStorIcon exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files TOSHIBA TOSHIBA Service Station ToshibaServiceStation exe C Program Files Toshiba TEMPRO TemproTray exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Users LEO AppData Local Google Chrome Application chrome exe C Windows system taskeng exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA ConfigFree CFSwMgr exe C Program Files TOSHIBA ConfigFree CFIWmxSvcs exe C Program Files TOSHIBA ConfigFree CFSvcs exe C Program Files Intel Intel R Management Engine Components UNS UNS exe C Program Files TOSHIBA TOSHIBA Service Station TMachInfo exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Users LEO AppData Local Google Chrome Application chrome exe C Users LEO AppData Local Google Chrome Application chrome exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users LEO Downloads dds scr C Windows system conhost exe Pseudo HJT Report uStart Page hxxp www google com ig redirectdomain brand TSEH amp bmod TSEH uDefault Page URL hxxp www google com ig redirectdomain brand TSEH amp bmod TSEH BHO IDMIEHlprObj Class c - - b-a bf- b c a a - c program files internet download manager IDMIECC dll BHO Adobe ... Read more

Relevancy 28.81%

First of all thank you for your time to analyse this Im from Portugal and some words of my language portuguese require the use of some specific accents on some words and they are showing up in Possible Keyboard behaviour - weird having Keylogger duplicate everytime i press Possible Keylogger - Keyboard having weird behaviour them for example n ao meanos no ol a means ol a This is terrible when i have to contact someone using emails or even use skype Scanned with Avira updated and SPywareBlaster and nothing was found I searched the internet and everything points to somekind of a weird keylogger P s I don't have access to any Windows Install disc or a Boot CD Here is the DDS txt log file DDS Ver - - - NTFSx Run by Miguel at on - - Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Avira AntiVir Desktop avguard exe C Windows system taskhost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k hpdevmgmt C Windows System svchost exe -k HPZ C Windows system Dwm exe C Program Files CDBurnerXP NMSAccessU exe C Windows System svchost exe -k HPZ C Windows system svchost exe -k imgsvc C Windows Explorer EXE C Program Files Avira AntiVir Desktop avgnt exe C Program Files HP HP Software Update hpwuSchd exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Yahoo Messenger ymsgr tray exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files HP Digital Imaging bin hpqgpc exe C Program Files Mozilla Firefox firefox exe C Windows System svchost exe -k secsvcs C Windows system wuauclt exe C Windows system AUDIODG EXE C Windows system taskhost exe C Windows system DllHost exe C Windows system DllHost exe C Users Miguel Desktop dds scr C Windows system conhost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page about blank uInternet Settings ProxyOverride local BHO HP Print Enhancer c e- - -bf - c - c program files hp digital imaging smart web printing hpswp printenhancer dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO C C A-E - b - D - CECB - No File BHO Programa Auxiliar de In cio de Sess o do Windows Live d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO HP Smart BHO Class ffffffff-cf e- f b-bdc - e e a - c program files hp digital imaging smart web printing hpswp BHO dll EB HP Smart Web Printing d d - bd - -a -cfc a - c program files hp digital imaging smart web printing hpswp bho dll uRun Sidebar c program files windows sidebar sidebar exe autoRun uRun AdobeBridge uRun Messenger Yahoo quot c progra yahoo messenger YahooMessenger exe quot -quiet uRun windowsdvd exe c windowsdvd exe windowsdvd exe uRun DB CA - B - F - DF - F F... Read more

A:Possible Keylogger - Keyboard having weird behaviour

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections steal information. That includes all passwords, log ins to forums, your email details & other websites, and most of all your Bank, Credit Card, or PayPal details. If this system is used for web based email, online banking, or has credit card information on it, all passwords should be changed immediately by using a known, clean computer. Banking and credit card institutions, if any, should be notified of the possible security breech. It also seems to be able to steal all your emails so anything you have emailed to anyone is no longer confidential.

I also suggest that you read this article.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/possible-keylogger-keyboard-having-weird-behaviour-523896.html
Relevancy 29.24%

So last night I was logged URGENT Keylogger?? out of my WoW account and my password and e-mail was changed I managed Keylogger?? URGENT to recover the account but today my e-mail and pass were changed again I have a suspicion that I may have a keylogger on my computer I've run MalwareBytes and Nortan scans and they have both come up with nothing I checked my processes for any suspicious processes and I didn't find anything either Heres my DDS Log DDS Ver - - - NTFS AMD Run by Trae at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium Keylogger?? URGENT GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Program Files NVIDIA Corporation Display NvXDSync exe C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows System WLTRYSVC EXE C Windows system WLANExt exe C Windows System bcmwltry exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows system taskeng exe C Windows System DriverStore FileRepository stwrt inf bb e AESTSr exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Program Files X Intel Intel Matrix Storage Manager Iaantmon exe C Program Files x Norton Security Suite Engine ccSvcHst exe C Program Files DellTPad Apoint exe C Windows System WLTRAY EXE C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files SigmaTel C-Major Audio WDM sttray exe C Program Files Microsoft Xbox Accessories XBoxStat exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Program Files Dell QuickSet quickset exe C Program Files Dell DellDock DellDock exe C Windows OEM Mon exe C Program Files x Dell Dell Webcam Manager DellWMgr exe C Program Files x Common Files Java Java Update jusched exe C Program Files x DivX DivX Update DivXUpdate exe C Program Files x iTunes iTunesHelper exe C Windows ehome ehmsas exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Windows Sidebar sidebar exe C Windows System DriverStore FileRepository stwrt inf bb e STacSV exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system wbem wmiprvse exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Program Files iPod bin iPodService exe C Program Files x Norton Security Suite Engine ccSvcHst exe C Windows SysWOW DllHost exe C Program Files Windows Media Player wmpnetwk exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Program Files x World of Warcraft WoW exe C Windows system DllHost exe C Windows system DllHost exe C Users Trae Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyOverride local BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO Symantec NCO BHO adb e- aff- - aa - dac dfa - C Program Files x Norton Security Suite Engine coIEPlg dll BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - C Program Files x Nort... Read more

A:Keylogger?? URGENT

By the way, I had WoW open and was typing random stuff into the login screen to possibly activate the keylogger. I dunno if that really helped, but oh well.

http://www.techsupportforum.com/forums/f50/keylogger-urgent-527007.html
Relevancy 28.81%

So a few days ago I got the beta for SC and behold I go to sign on my battle Keylogger Issue Probable net account and invalid password I figured it has been a while and maybe I changed it without remembering so I recovered it and changed the password Yesterday at about pm I went to get on and my password was incorrect again so I changed it again figuring it would happen again I tried to find out how quickly it would get changed back I woke up today and checked it at am and bam gone again Needless to say I have come to ask for this communities expertise I did download a few movies via torrent so I am guessing that is where it came from but I have deleted all my torrents files programs pertaining to them as mentioned in the NEW INSTRUCTIONS sticky I have went through and cleaned out what I KNOW I can clean out but security is not my forte I took all of these scans with the steps provided in the sticky One anti-virus program installed all programs shut down during the time of scans I will also post my Hijackthis log incase it can help in anyway possible Probable Keylogger Issue Thank you all for any help possible in advance Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Java Java Update jusched exe C WINDOWS RTHDCPL EXE C WINDOWS system ctfmon exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe C WINDOWS system wuauclt exe C WINDOWS system wscntfy exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run SunJavaUpdateSched quot C Program Files Common Files Java Java Update jusched exe quot O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run SkyTel SkyTel EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsu O - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dll O - Service Id String F B CC BB B Bonjour Service - Apple Computer Inc - C Program Files Bonjour mDNSResponder exe O - Service Java Quick Starter JavaQuickStarterService - Sun Microsystems Inc - C Program Files Java jre bin jqs exe O - Service Logitech Bluetooth Service LBTServ - Logitech Inc - C Program Files Common Files Logishrd Bluetooth LBTServ exe O - Service nProtect GameGuard Service npggsvc - Unknown owner - C WINDOWS system GameMon des exe file missing O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exe -- End of file - bytes

A:Probable Keylogger Issue

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.




Combofix
We will now use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/probable-keylogger-issue-482980.html
Relevancy 29.24%

So I may have a keylogger running somewhere on my laptop I was wondering if someone could decipher my hijackthis results Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Suspected Keylogger taskhost exe C Windows system Dwm exe C Windows Suspected Keylogger Explorer EXE C Program Files Dell Support Center bin sprtcmd exe C Windows System hkcmd exe C Windows system wuauclt exe C Windows system igfxsrvc exe C Program Files Mozilla Firefox firefox exe C Program Files Ventrilo Ventrilo exe C Program Files Common Files Adobe ARM AdobeARM exe C Windows system SearchFilterHost exe C Windows explorer exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http g msn com USCON R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft k LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SearchHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GR A DLL O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run dellsupportcenter quot C Program Files Dell Support Center bin sprtcmd exe quot P dellsupportcenter O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'LOCAL SERVICE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'NETWORK SERVICE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'NETWORK SERVICE' O - DEFAULT User Startup Dell Dock First Run lnk C Program Files Dell DellDock DellDock exe User 'Default user' O - Extra context menu item amp D amp ownload amp with BitComet - res C Program Files BitComet BitComet exe AddLink htm O - Extra context menu item amp D amp ownload all video with BitComet - res C Program Files BitComet BitComet exe AddVideo htm O - Extra context menu item amp D amp ownload all with BitComet - res C Program Files BitComet BitComet exe AddAllLink htm O - Extra context menu item E amp xport to Microsoft Exce... Read more

A:Suspected Keylogger

Bump. Still unresolved :/

http://www.techsupportforum.com/forums/f50/suspected-keylogger-480709.html
Relevancy 29.67%

I have a keylogger on computer and cant get rid of it. I cant download or install anything. and cant acces anything. will someone please tell me how to get rid of it?

A:keylogger

Can you please be more specific? What makes you suspect it is a keylogger?What do you mean you can't access anything? Nothing at all? What Operating System is this - XP, Vista, Win7? Have you tried System Restore? Will the system work better in Safe Mode?

http://www.techsupportforum.com/forums/f50/keylogger-471868.html
Relevancy 29.24%

Could anyone help me figure out my HijackThis Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Unknown Windows WinNT MSIE Internet Explorer v Trojan? Keylogger / Boot mode Normal Running processes C Program Files x Lavasoft Ad-Aware AAWTray exe C Program Files x AVG AVG avgtray exe C Program Files x AVG AVG Keylogger / Trojan? Identity Protection agent bin avgidsmonitor exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows SysWow Macromed Flash FlashUtil e exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www dr dk p R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files x AVG AVG Toolbar IEToolbar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files x AVG AVG Toolbar IEToolbar dll O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files x Common Files Adobe ARM AdobeARM exe quot O - HKCU Run Sidebar C Program Files Windows Sidebar sidebar exe autoRun O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'LOKAL TJENESTE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'LOKAL TJENESTE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User 'NETV RKSTJENESTE' O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User 'NETV RKSTJENESTE' O - Startup CurseClientStartup ccip O - Gopher Prefix O - DPF E E F- F- FB - -AC BF A - http platformdl adobe com NOS getPlusPlus gp cab O - Protocol avgsecuritytoolbar - F DDE B - - A - D -E E B C - C Program Files x AVG AVG Toolbar IEToolbar dll O - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files x AVG AVG avgpp dll O - Service SystemRoot system Alg exe - ALG - Unknown owner - C Windows System alg exe file missing O - Service AVG Security Toolbar Service - Unknown owner - C Program Files x AVG AVG Toolbar ToolbarBroker exe O - Service AVG E-mail Scanner avg emc - AVG Technologies CZ s r o - C Program Files x AVG AVG avgemc exe O - Service AVG WatchDog avg wd - AVG Technologies CZ s r o - C Program Files x AVG AVG avgwdsvc exe O - Service AVG Firewall avgfws - AVG Technologies CZ s r o - C Program Files x AVG AVG avgfws exe O - Service AVG IDSAgent AVGIDSAgent - AVG Technologies CZ s r o - C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe O - Service SystemRoot system efssvc dll - EFS - Unknown owner - C Windows System lsass exe file missing O - Service systemroot system fxsresm dll - Fax - Unknown owner - C Windows system fxssvc exe file missing O - Service keyiso dll - KeyIso - Unknown owne... Read more

A:Keylogger / Trojan?

Hello chlister and welcome,

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, more comprehensive set of logs is required to determine the presence of malware.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f50/keylogger-trojan-471364.html
Relevancy 29.24%

Hey everybody pros and those trying to learn from them A very jealous significant other installed a keylogger on my computer I really need help removing it Here are my DDS and GMER reports thank you all so much for reading DDS Ver - - - NTFSx Run by Davis at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - AV Total Protection Service On-access scanning Help nail me Please! this keylogger enabled Updated C - F - Help me nail this keylogger Please! E - DC-AD E C SP Total Protection Service enabled Updated DEBE C- A A- CC- A- E BB SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF FW Total Protection Service enabled FBE - BE- F - F F- DB BBBC Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe Help me nail this keylogger Please! -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe Help me nail this keylogger Please! -k LocalService C Windows system svchost exe -k NetworkService C Windows System WLTRYSVC EXE C Windows System bcmwltry exe C Program Files Lavasoft Ad-Aware AAWService exe C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Windows system AERTSrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files McAfee Managed VirusScan VScan EngineServer exe C Windows system Dwm exe C Windows system taskeng exe C PROGRA McAfee MANAGE VScan McShield exe C Windows Explorer EXE C Program Files ArcSoft Magic-i uMgiSvr exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Windows system DRIVERS o flash exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files DellTPad Apoint exe C Windows RtHDVCpl exe C Windows System igfxtray exe C Windows system igfxsrvc exe C Windows System igfxpers exe C Windows System WLTRAY EXE C Program Files McAfee Managed VirusScan DesktopUI XTray exe C Windows system wbem unsecapp exe C Program Files iTunes iTunesHelper exe C Program Files Winamp winampa exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files HP Button Manager Button Manager exe C Program Files Common Files Real Update OB realsched exe C Program Files Common Files Java Java Update jusched exe C Program Files Windows Sidebar sidebar exe C Program Files DellTPad ApMsgFwd exe C Users Davis Program Files DNA btdna exe C Program Files Windows Media Player wmpnscfg exe C Windows ehome ehtray exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files ArcSoft Magic-i Magic-i exe C Program Files Dell QuickSet quickset exe C Program Files WinZip WZQKPICK EXE C Program Files Windows Media Player wmpnetwk exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Windows ehome ehmsas exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Windows system wuauclt exe C Users Davis Desktop dds scr C Program Files McAfee Managed VirusScan Agent MyUsrSrv exe C Program Files Skype Toolbars Shared SkypeNames exe C Windows system wbem ... Read more

Relevancy 29.67%

Hi I appoligize in advance for my poor spelling English is not my native language i hope its not to disturbing here goes In the last month my world of warcraft account has been jacked times After much hassle with blizzard my account has been restored to me only to find that all my gold and items has been disposed off It has been suggested to my by the a wow admin that i might have a keylogger running somewhere on my pc I have run numerous virusscans and spyware scans with no result I check my task manager - times a day to see if theres anything suspecious running but i cant seem to locate the little bugger I normally keep a very tight pc so i am very puzzled by the possible intrusion of a keylogger I really hope you can help me --------------------------------- DDS Ver - - - NTFSX Run by Warchief at on - - Internet Explorer keylogger? possible BrowserJavaVersion Microsoft Windows Vista Home Premium GMT SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running possible keylogger? Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system possible keylogger? svchost exe -k rpcss C Windows System svchost exe -k possible keylogger? secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files x Creative Shared Files CTDevSrv exe C Program Files x Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files NetLimiter Pro nlsvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x CyberLink Shared Files RichVideo exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system taskeng exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files NetLimiter Pro NLClient exe C Program Files Windows Defender MSASCui exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files UltraMon UltraMon exe C Windows System rundll exe C Program Files x DAEMON Tools daemon exe C Windows system wbem wmiprvse exe C Program Files x Windows Live Messenger msnmsgr exe C Windows System rundll exe C Program Files Windows Sidebar sidebar exe C Windows ehome ehtray exe C Garmin ANT Agent ANT Agent exe C Program Files x Creative Creative Media Lite CTZDetec exe C Program Files x Creative Software Update SoftAuto exe C Program Files UltraMon UltraMonTaskbar exe C Windows ehome ehmsas exe C Program Files x Java jre bin jusched exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exe C Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exe C Program Files x Razer Copperhead razerhid exe C Program Files x Common Files Realtime Soft RTSHookInterop x RTSHookInterop exe C Program Files Windows Sidebar sidebar exe C Program Files x Razer Copperhead razertra exe C Program Files x Razer Copperhead razerofa exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Java jre bin jucheck exe G World of Warcraft WoW exe C Program Files Alwil Software Avast AvastSvc exe C Program Files Alwil Software Avast avastUI exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Users Warchief Desktop dds scr C Win... Read more

A:possible keylogger?

Sill having problems nexuzz ?
If so post back and update us on the symtoms please.

Right click the windows logo on the taskbar choose explore browse to and see if this file exists at this location ?
c:\windows\media\csrss.exe

http://www.techsupportforum.com/forums/f50/possible-keylogger-459895.html
Relevancy 29.24%

I recently had a keylogger on my system whereby someone was able to change my account details on World of Warcraft.

I have run the following programs:

Ad-Aware
CCleaner
HiJack This
Malwarebytes' Anti-Malware
Spybot - Search & Destroy
HiJackthis

I have also gone through the "New Instructions - Read This..." thread and followed the instructions and the files required are attached.

Thank you in advance for any help that you can give.

Relevancy 29.24%

here's my hijackthis log and MBAM logfile can anyone help Logfile of Trend Micro HijackThis v BETA Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon suspecting keylogger exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system nvsvc exe C suspecting keylogger WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS arservice exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C WINDOWS ehome ehtray exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS System spool DRIVERS W X HPZIPM EXE C windows system hpsysdrv exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS ARPWRMSG EXE C Program Files HP HP Software Update HPWuSchd exe C HP KBD KBD suspecting keylogger EXE C Program Files Microsoft IntelliType Pro type exe C Program Files Common Files Logitech G-series Software LGDCore exe C WINDOWS system SearchIndexer exe C WINDOWS eHome ehmsas exe C WINDOWS RTHDCPL EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files XoftSpySE XoftSpySE exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Alwil Software Avast ashMaiSv exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files OpenOffice org program soffice exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C Program Files OpenOffice org program soffice bin C PROGRA MI AA rapimgr exe C Program Files Common Files XoftSpySE xoftspyservice exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Windows Live Contacts wlcomm exe C Program Files Ventrilo Ventrilo exe C WINDOWS system SearchProtocolHost exe C Program Files Mozilla Firefox firefox exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS system msiexec exe C Program Files TrendMicro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google dk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn dk SEDADK SAOS FORM TOOLBR O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B C AC BB E dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C ... Read more

A:suspecting keylogger

bumped.

I discovered I couldn't edit the post after typing it, so here's some more info to my problem:

I got hacked in world of warcraft, thus suspecting a keylogger. I have scanned my computer with the following programmes one by one:
Avast! (my ordinary antivirus - only one I kept afterwards)
Panda
Ccleaner
registryfix
xoftspySE
Kaspersky
MBAM
Ad-aware
ATF cleaner
Bitdefender
Spybot search and destroy

the MBAM programme found the rogue.multiple, but I don't know if this was the keylogger or "just" some malware.
The rest did not find anything.

Can you see if there's still a keylogger hiding in there somewhere?

http://www.techsupportforum.com/forums/f50/suspecting-keylogger-452379.html
Relevancy 28.81%

my account of an online game WoW keeps getting hijacked by somebody and they can get my password and email address at will even though i have changed both many times i know nothing about computers but i followed a guideline i was given to me and scanned my pc with Avast Ad-Aware Spy-bot Malwarebyte and ATF-Cleaner i have posted my logfiles below and if its possible i would be delighted if somebody could look at it and help me out i am a silver-surfer and not PC savvy so any help would be greatly appreciated thanks in advance Spike DDS Ver - - - NTFSx Run by Phil at on Internet Explorer Microsoft Windows XP Home Edition GMT AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS System Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C WINDOWS system acs exe svchost exe C Program Files Atheros ACU exe C WINDOWS system RUNDLL EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C my by account is compromosed think keylogger Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C WINDOWS system notepad exe C WINDOWS system notepad exe C WINDOWS system wscript exe C Documents and Settings Phil My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp goggle com uURLSearchHooks DefaultSearchHook Class c e b- - a - b- b befc db - c program files asksearch bin DefaultSearch dll TB EA- A- B-ADF - D E CC - No File EB - a - b-a - c a a - No File uRun CTFMON EXE c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun ACU quot c program files atheros ACU exe quot -nogui mRun think my account is compromosed by keylogger MS MASTER RUNDLL EXE c windows system xml inc dll i mRun avast c progra alwils avast ashDisp exe mRun KernelFaultCheck systemroot system dumprep -k dRun CTFMON EXE c windows system CTFMON EXE IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF D CDB E-AE D- CF- B - - hxxp download macromedia com pub shockwave cabs flash swflash cab Notify AtiExtEvent - Ati evxx dll SERVICES DRIVERS R Lbd Lbd c think my account is compromosed by keylogger windows system drivers Lbd sys - - R aswSP avast Self Protection c windows system drivers aswSP sys - - R aswFsBlk aswFsBlk c windows system drivers aswFsBlk sys - - R avast Antivirus avast Antivirus c program files alwil software avast ashServ exe - - R Lavasoft Ad-Aware Service Lavasoft Ad-Aware Service c program files lavasoft ad-aware AAWService exe - - R avast Mail Scanner avast Mail Scanner c program files alwil software avast ashMaiSv exe - - R avast Web Scanner avast Web Scanner c program files alwil software avast ashWebSv exe - - R HSFHWATI HSFHWATI c windows system drivers HSFHWATI sys - - S gupdate Google Update Service gupdate c program files google update GoogleUpdate exe - - Created Last - - -c--a-w- C BdUninstallTool - reg - - d-----w- c docume alluse win applic Kaspersky Lab Setup Files - - d-----w- c docume phil applic Malwarebytes - - -c--a-w- c windows system drivers mbamswissarmy sys - - -c--a-w- c windows system drivers mbam sys - - d-----w- c docume alluse win applic Malwarebytes - - d-----w- c program files Malwarebytes' Anti-Malware - - d-----w- c program files Spybot - Search amp Destroy - - d-----w- c docume alluse win applic Spybot - Search amp Destroy - - -c--a-w- c windows system lsdelete... Read more

A:think my account is compromosed by keylogger

here is the MBAM log as well,but it just says all is clear,cheers

Malwarebytes' Anti-Malware 1.43
Database version: 3468
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

01/01/2010 12:52:58
mbam-log-2010-01-01 (12-52-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165506
Time elapsed: 47 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

http://www.techsupportforum.com/forums/f50/think-my-account-is-compromosed-by-keylogger-447078.html
Relevancy 28.81%

Im sorry if this is in the wrong section but the HJT log section is inactive I have been having security issues on my computer and had a few of my accounts compromised Im trying to work with what i've got and not have to RESTORE my PC completely seeing Possible TROJAN/Keylogger Vista 64bit as i don't have a Possible TROJAN/Keylogger 64bit Vista vista disc I have cleaned all Temp folders uninstalled java quicktime itunes ETC ran SpybotSD found only a few browser cookies Could these contain Keyloggers If anyone can take a look at my logs and let me know if you see anything suspicious it would be much appreciated Thanks in advance for the assistance Again sorry if this is in the wrong section Quote Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x NETGEAR WN wn exe C Program Files x Lenovo Lenovo Standard Keyboard Driver SkDaemond exe C Program Files x Winamp winampa exe C Program Files x AVG AVG avgtray exe C Program Files x NETGEAR WN WPS WN exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www lenovo com R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www lenovo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www lenovo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Solid Converter PDF - F C-A - F -B A-ED A C C - C Program Files x SolidDocuments SolidConverterPDF SCPDF ExploreExtPDF dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll file missing O - Toolbar Solid Converter PDF - F C-A - F -B A-ED A C C - C Program Files x SolidDocuments SolidConverterPDF SCPDF ExploreExtPDF dll O - HKLM Run SkDaemond C Program Files x Lenovo Lenovo Standard Keyboard Driver SkDaemond exe O - HKLM Run WinampAgent quot C Program Files x Winamp winampa exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKCU Run Power GoExpress NA O - HKCU Run SpybotSD TeaTimer C Program Files x Spybot - Search amp Destroy TeaTimer exe O - HKCU Run WMPNSCFG C Program Files x Windows Media Player WMPNSCFG exe O - HKCU Run DAEMON Tools Lite C Program Files x DAEMON Tools Lite DTLite exe -autorun O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOCAL SERVICE' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'NETWORK SERVICE' O - Global Startup NETGEAR WN Smart Wizard lnk C Program Files x NETGEAR WN wn exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra 'Tools' menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A ... Read more

Relevancy 29.24%

Hello, i was playing CoD Modern Warfare 2 yesterday online. then after a while i was disconnected from steam. i tried to restart everything like 4 times. but no difference. i could not log onto steam. so i decided to play WoW instead. when i entered the log in screen. an error message appeared saying that a possible Keylogger could exist on my computer so i pressed exit instantly afraid of getting my account hacked or something. so i got to the WoW support and followed the steps on this page:
--> http://forums.wow-europe.com/thread....83442401&sid=1

And the guide told me to go here for help after i've done the steps.

should i just post the hijackthis log here?

A:Need help with Keylogger virus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:41, on 2009-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Norman\Npm\bin\ELOGSVC.EXE
D:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Norman\Npm\Bin\Zanda.exe
D:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
D:\Adobe\Photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
D:\Norman\Npm\Bin\scheduler.exe
D:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Norman\Nse\bin\NSESVC.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Norman\Nvc\bin\nvcoas.exe
D:\Norman\Nvc\Bin\Nip.exe
D:\Norman\Nvc\Bin\cclaw.exe
C:\Documents and Settings\Therese\Start Menu\Programs\Startup\raw32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live inloggningshj?lpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07... Read more

http://www.techsupportforum.com/forums/f50/need-help-with-keylogger-virus-446521.html
Relevancy 28.38%

I received notice that my WoW account was being locked because i was trying to sell account information I had not been playing WoW for six months or paying for it Someone had been playing and paying for it My characters had been moved around though from what i could tell nothing sold I changed my password thinking i got careless somewhere and ran a multitude of virus and mal add ware scans with nothing prompting up Later i started playing again then stopped recently and received emails within the week i stopped saying my password had been Warcraft World of Keylogger Possbile Related changed and account locked again for the same offense I have removed every WoW related program i could find to the best of my knowledge checked and changed all other passwords from a safe computer and i have run more scans Possbile Keylogger World of Warcraft Related various ones listed on your site with nothing prompting If it is a keylogger the last thing i am worried about is my account but i would just like to know that my computer is safe for my personal data again No other accounts i have bank email etc have been tampered with to my knowledge Hopefully i am posting everything correctly DDS Ver - - - NTFSx Run by Greg at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA Possbile Keylogger World of Warcraft Related C ACF Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Windows system lsm exe C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system nvvsvc exe C Windows system WLANExt exe C Windows System spoolsv exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Wireless Bin EvtEng exe C Windows system svchost exe -k hpdevmgmt C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system PnkBstrA exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files AVG AVG avgam exe C Program Files AVG AVG avgnsx exe C Windows system taskeng exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files AVG AVG avgcsrvx exe C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskeng exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Dell MediaDirect PCMService exe C Program Files iTunes iTunesHelper exe C Program Files Zune ZuneLauncher exe C Windows sttray exe C Program Files Java jre bin jusched exe C Windows System rundll exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files AVG AVG ... Read more

Relevancy 29.24%

One of my online gaming accounts has been issues Keylogger hacked twice by a key logger within Keylogger issues the pass few days Despite changing passwords I am also led to believe they have gained access to my email account etc Have scanned my PC avast nod avg Mcafee and none of them found any trojans or keyloggers If you can give any assistance it would be greatly appreciated DDS below and file attached as requested ---------------------------------------------------------------------- DDS Ver - - - NTFSx Run by jamie at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Keylogger issues Home Premium GMT SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE SP Lavasoft Ad-Watch Live disabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Windows system lsm exe C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows system Ati evxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system Ati evxx exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Program Files AMD RAIDXpert bin RAIDXpertService exe C Program Files AMD RAIDXpert bin RAIDXpert exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files AVG AVG avgam exe C Program Files AVG AVG avgnsx exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Windows system WUDFHost exe C Program Files AVG AVG avgcsrvx exe C Windows system wbem wmiprvse exe C Windows system WinMsgBalloonServer exe C Windows system WinMsgBalloonClient exe C Windows system BeepApp exe C Program Files Dell Support Center bin sprtsvc exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows RtHDVCpl exe C Program Files Alienware AlienFX AlienwareAlienFXController exe C Program Files Dell DataSafe Online DataSafeOnline exe C Program Files BroadJump Client Foundation CFD exe C Program Files AVG AVG avgtray exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Curse CurseClient exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Users jamie AppData Roaming Octoshape Octoshape Streaming Services OctoshapeClient exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Windows system wuauclt exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Alienware AlienFX AlienFXHook Mngr exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Program Files Skype Phone Skype exe C Program Files Skype Plugin Manager skypePM exe C Program Files Lavasoft Ad-Aware AAWService exe C Windows system wbem unsecapp exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C Windows system wbem wmiprvse exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users jamie Downloads dds scr C Users jamie Downloads dds scr Pseudo HJT Report uStart Page hxxp... Read more

A:Keylogger issues

BUMP Please [as requested past 72 hours]

http://www.techsupportforum.com/forums/f50/keylogger-issues-438445.html
Relevancy 29.24%

Hi my World of Warcraft account was recently hacked I've retrieved my password but it was changed again the next day which has me suspecting i might have some sort of keylogger I've already scanned the computer with multiple programs included) Log (HJT keylogger Possible Spybot S amp D Ad-Aware MBAM NOD and removed everything Possible keylogger (HJT Log included) those found Nevertheless I would appreciate if my HJT log can be reviewed just to be on the safe side HJT Log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Creative Shared Files CTAudSvc exe C Program Files ESET ESET NOD Antivirus ekrn exe C WINDOWS system IoctlSvc exe C WINDOWS system HPZipm exe C WINDOWS system PnkBstrA exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C WINDOWS System svchost exe C WINDOWS CTHELPER EXE C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system CTXFIHLP EXE C WINDOWS SYSTEM CTXFISPI EXE C WINDOWS system ctfmon exe C Program Files Restore Desktop RestoreDesktop exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files Stardock CursorFX CursorFX exe C Program Files Internet Download Manager IDMan exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Internet Download Manager IEMonitor exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C Program Files Xfire xfire exe C Program Files Steam Steam exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www walla co il R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run CTxfiHlp CTXFIHLP EXE O - HKLM Run ... Read more

A:Possible keylogger (HJT Log included)

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

http://www.techsupportforum.com/forums/f50/possible-keylogger-hjt-log-included-439161.html
Relevancy 29.24%

One of my online gaming accounts has been hacked twice within a week dispite the fact that I changed my password the first time This leads me to believe that there is a keylogger somewhere on my system but I've been unable to problems. Keylogger find it so far I've already updated and scanned with Ad-Aware A-Squared Malewarebyte's Anti-Malware and Spybot - Search and Destroy None of them found any trojans or keyloggers If you can give any assistance it would be greatly appreciated Thanks Keylogger problems. Jimoteh DDS Ver - - - NTFSx Run by Jimoteh at on Internet Explorer Keylogger problems. BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV ESET NOD antivirus system On-access scanning enabled Updated E E D - - F - FB -D ACA F C Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C Keylogger problems. WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS RTHDCPL EXE C Program Files Eset nod kui exe C PROGRA AVG AVG avgtray exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Microsoft Xbox Accessories XboxStat exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Documents and Settings Jimoteh Application Data Octoshape Octoshape Streaming Services OctoshapeClient exe svchost exe C Program Files a-squared Free a service exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files LogMeIn Hamachi hamachi- exe C Program Files Java jre bin jqs exe C Program Files Mozilla Firefox firefox exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Eset nod krn exe C WINDOWS system PnkBstrA exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files Microsoft SQL Server Shared sqlwriter exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C PROGRA AVG AVG avgnsx exe C Documents and Settings Jimoteh My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uInternet Connection Wizard ShellNext iexplore mSearchAssistant hxxp www google com ie uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll mURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO C C A-E - b - D - CECB - No File BHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO Windows Live Toolbar Helper e a dc - - a - ea-dc ec acf - c program files windows live toolbar wltcore dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB AVG Secur... Read more

A:Keylogger problems.

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f50/keylogger-problems-438216.html
Relevancy 29.67%

So I received an email from Blizzard entertainment regarding my WoW account and I fear that it was compromised by a keylogger I have since secured my account but do not want to ? for Keylogger WoW log back in because I want ? Keylogger for WoW to make sure they don't get my new password Anyways I ran Norton Spybot S and D Bitdefender ATF cleaner Ad-aware and MalwareBytes' Anti-Malware I ran the tests on this site and the DDS is as follows DDS Ver - - - NTFSx Run by Adam Snavely at on Sat Internet Explorer Microsoft Windows XP Professional GMT - AV Norton AntiVirus On-access scanning enabled Updated E A - - -B - C C F Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Ahead InCD InCDsrv exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Common Files Logitech Bluetooth LBTSERV EXE svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS Explorer EXE C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Bonjour mDNSResponder exe svchost exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Logitech Easy Synchronization servicestub exe C Program Files Logitech Easy Synchronization LogitechEasySync exe C Program Files Norton AntiVirus Norton AntiVirus Engine ccSvcHst exe C WINDOWS system nvsvc exe C WINDOWS ehome RMSvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wuauclt exe C Program Files Canon CAL CALMAIN exe C WINDOWS ehome ehtray exe C WINDOWS eHome ehmsas exe C WINDOWS SOUNDMAN EXE C Program Files Logitech Easy Synchronization LogitechEasySync exe C Program Files Logitech MediaLife MediaLifeService exe C Program Files Norton AntiVirus Norton AntiVirus Engine ccSvcHst exe C WINDOWS system nvraidservice exe C WINDOWS system rundll exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Logitech SetPoint LBTWiz exe C WINDOWS system RUNDLL EXE C WINDOWS system wbem unsecapp exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Logitech SetPoint SetPoint exe C Program Files Linksys WUSB N WUSB N exe C Program Files Palm HOTSYNC EXE C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files iPod bin iPodService exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings Adam Snavely Desktop dds scr Pseudo HJT Report uStart Page hxxp espn go com uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files norton antivirus norton antivirus engine IPSBHO DLL BHO Java tm Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program... Read more

A:? Keylogger for WoW

Bump...over 72 hrs since my first post with no response

http://www.techsupportforum.com/forums/f50/keylogger-for-wow-436216.html
Relevancy 28.81%

Hello most of my passwords were hijacked this morning I have had a few issues the past week or so mostly the computer running a little slower than usual Since I run a regular virus scan with avg I didn't think much of it and have had no error messages I have spent some time cleaning up the computer and I think I may have gotten the issue but since I'm not sure a friend suggested I post here I can get a hold of a Suspected please keylogger, advise vista CD on sunday at the earliest Any help or suggestions would be much appreciated and thank you for your time DDS Ver - - - NTFSx Run by eiyel at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Suspected keylogger, please advise Windows system wininit exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Windows system lsm exe C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system rundll exe C Windows SYSTEM WISPTIS EXE C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system agrsmsvc exe C Program Files AVG AVG avgwdsvc exe C Program Files NewTech Infosystems NTI Backup Now Client Agentsvc exe C Program Files Acer Arcade Deluxe HomeMedia Kernel DMP CLHNService exe C Program Files Acer Empowering Technology eDataSecurity x eDSService exe C Program Files Acer Empowering Technology Service ETService exe C Program Files Intel WiFi bin EvtEng exe C Program Files AVG AVG avgnsx exe C Program Files Common Files LightScribe LSSrvc exe C Acer Mobility Center MobilityService exe C Program Files NewTech Infosystems NTI Backup Now BackupSvc exe Suspected keylogger, please advise C Program Files NewTech Infosystems NTI Backup Now SchedulerSvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files Cyberlink Shared files RichVideo exe C Program Files Acer Acer VCM RS Service exe C Windows system svchost exe -k imgsvc C Windows system Wacom Tablet exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files AVG AVG avgemc exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Program Files AVG AVG avgcsrvx exe C Windows system wbem wmiprvse exe C Windows system taskeng exe C Windows system wbem unsecapp exe C Windows system taskeng exe C Windows SYSTEM WISPTIS EXE C Windows system Dwm exe C Windows Explorer EXE C Windows system WTablet Wacom TabletUser exe C Windows system Wacom Tablet exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files NewTech Infosystems NTI Backup Now BkupTray exe C Windows System rundll exe C Windows RtHDVCpl exe C Windows PLFSetI exe C Program Files Acer Empowering Technology eAudio eAudio exe C Program Files AVG AVG avgtray exe C Users eiyel AppData Local Temp RtkBtMnt exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Acer Empowering Technology NotificationCenter Framework NotificationCenter exe C Windows system wbem wmiprvse exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe D Downloads dds scr Pseudo HJT Report uStart Page hxxp homepage acer com rdr aspx b ACAW amp l d amp s amp o vp amp d amp m aspire mStart Page hxxp homepage acer com rdr aspx b ACAW amp l d amp s amp o vp amp d amp m aspire uInternet Set... Read more

A:Suspected keylogger, please advise

Hello eiyel,

As you do play World of Warcraft, I'll want to take a bit deeper look. Download rsit.exe and save it to your desktop.Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. I only need to see the log.txt

http://www.techsupportforum.com/forums/f50/suspected-keylogger-please-advise-435553.html
Relevancy 29.67%

Hi Sorry for the previous post ive read through the reply and have done what was asked with all of the following DDS txt keylogger. think Please I help! I have a Attach txt and GMER GMER took a hour or so to I think I have a keylogger. Please help! finish or else Id have responded sooner Additionally I removed all the P P programs etc I could Frostwire gone and utorrent are gone However I couldnt seem to do much with DAEMON If this is an issue please lemme know what to do As I mentioned before my WoW account was hacked and I did some testing myself before i found this site and I would like to know if Im still infected If so please help Here are the requested logs data If i missed something please tell me thank you for your time and patience ---------------------------------------------------------------------- DDS Ver - - - NTFSx Run by Jaimie at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe svchost exe C Program Files AVG AVG avgwdsvc exe C Program Files Java jre bin jqs exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system svchost exe -k imgsvc C Program Files AVG AVG avgnsx exe C WINDOWS system wuauclt exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS Explorer EXE C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Jaimie My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uDefault Search URL hxxp www google com ie uInternet Connection Wizard ShellNext iexplore uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB A A -BACC- D - - A E E - No File TB EF BD -C FB- D - F- D F - No File TB BC A- - D - AC -E B A BA C - No File EB amp Yahoo Messenger bbe - e - d -ad - d ad - c program files yahoo messenger yhexbmes dll uRun ctfmon exe c windows system ctfmon exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript mRun avast c progra alwils avast ashDisp exe IE Add to Google Photos Screensa amp ver - c windows system GPhotos scr IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF B BCA- F C- CF- - - hxxp download macromedia com pub shockwave cabs director sw cab DPF B - - - ... Read more

A:I think I have a keylogger. Please help!

Been over 72hours. Bump. Still need help.

http://www.techsupportforum.com/forums/f50/i-think-i-have-a-keylogger-please-help-432868.html
Relevancy 29.67%

hi 2 keylogger again this is post as for the first one did not have what you needed to help me now i play world of warcraft and my acount was hacked i dont no how i think keylogger 2 i have a key logger they are fixing the acount now but i dont want to relog in and have the same thing happin again so i maid a post here and i was ask to make some scans with dds keylogger 2 and gmer the dds worked fine and i am attaching them now but the gmer when i go keylogger 2 to use that one a box shows up and says c window system config system the system cannot find the file specified at this time i click OK and gmer shows up now i see on the instuction about what to unstick in gmer but the only ones that have check marks in them is services registry files c ADS now if i go to put check marks in the other one like libraries threads processes and so on nothing happens so any way then i hit the scan botton and the first thing that comes up is C winsows system config system the process cannot access the file because it is being used by another process now i hit OK and the scan starts and then when it is done it say gmer hasn't found any system modifications and the page is blank if i hit the save botton it saves it to my desktop but it is blank so here is what i have so far and thank you for your help as i said i did not get what i needed out of the gmer so i ran the catchme exe and this is what it gave me hope it helps ty again

A:keylogger 2

is there a reason no one is giving me a reply

http://www.techsupportforum.com/forums/f50/keylogger-2-a-434107.html
Relevancy 28.81%

Hi I am using Kaspersky Internet Security v Just today when I tried to update my Windows OS via Windows Update it kept failing to update and gave me 2010 by detected PDM.keylogger KIS error C Also in my system properties window under Windows Activation tab it shows the quot Status Not Available quot and quot Product ID Not Available quot which is why i think the update isnt happening There is a keylogger activity detected in KIS labelled under PDM.keylogger detected by KIS 2010 quot status suspicious quot and has PDM.keylogger detected by KIS 2010 its detailed description in chinese fonts hence cant even define it properly I suspect the update and activation failure are because of this quot riskware quot Could someone please help even identify what this is Thanks An addition to above problem Unable to perform a system restore either And I have attached the report txt files of Kaspersky Internet Security for reference I apologise as I hadnt been through the quot first steps quot before posting my concerns Dont know if this post will be look into by someone Below is the diagnostic report by DDS SCR DDS Ver - - - NTFSx Run by Aijaz at on - - Internet Explorer Microsoft Windows Ultimate GMT Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Program Files Avira AntiVir Desktop avfwsvc exe C Windows system Dwm exe C Program Files Avira AntiVir Desktop avguard exe C Windows Explorer EXE C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows System igfxtray exe C Windows System igfxpers exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files Kaspersky Lab Kaspersky Internet Security avp exe C Windows system igfxsrvc exe C FGuard Folder Guard FGKey exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Avira AntiVir Desktop avmailc exe C Program Files Avira AntiVir Desktop AVWEBGRD EXE C Windows system taskmgr exe C Windows system SearchIndexer exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows System svchost exe -k secsvcs C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Kaspersky Lab Kaspersky Internet Security klwtblfs exe C Windows system locator exe C Windows system svchost exe -k SDRSVC C Windows system migwiz migwiz exe C Windows system dllhost exe C Windows System msdtc exe C Windows system Macromed Flash FlashUtil c exe C Windows system WUDFHost exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Windows system migwiz mighost exe C Windows system conhost exe C Program Files Internet Explorer iexplore exe C Users Aijaz Desktop dds scr C Windows system conhost exe C Windows system SearchProtocolHost exe C Windows system DllHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page about blank BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO IEVkbdBHO Class ab -e d - f -a a - fa cca c - c program files kaspersky lab kaspersky internet security ievkbd dll BHO FilterBHO Class e cf -d - a- f - f a f - c program files kaspersky lab kaspersky internet security klwtbbho dll mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun avgnt quot c program files avira antivir desktop avgnt exe quot min... Read more

A:PDM.keylogger detected by KIS 2010

Formatted and re-installed OS.. Solved..

http://www.techsupportforum.com/forums/f50/pdm-keylogger-detected-by-kis-2010-a-431378.html
Relevancy 29.24%

Hello there I have been using my computer for some time now but haven't noticed anything like this before When I try to log into one of my games I see that the information which I type in correctly are not the needed ones whereas I am keylogger please Possible help! threath, sure I typed them in correctly Also I checked several forums and asked for help at other places but it seems that the account has ben hacked I hope you can help with my problem Thank you in advance for the help Here are my logs Logfile of Trend Micro HijackThis v Scan saved at on Platform Possible keylogger threath, please help! Windows XP Szervizcsomag WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes F WINDOWS System smss exe F WINDOWS SYSTEM winlogon exe F WINDOWS system services exe F WINDOWS system lsass exe F WINDOWS system Ati evxx exe F WINDOWS system svchost exe F Program Files Panda Security Panda Antivirus Firewall pavsrv exe F Program Files Panda Security Panda Antivirus Firewall AVENGINE EXE F WINDOWS system svchost exe F Program Files Panda Security Panda Antivirus Firewall TPSrv exe F WINDOWS SYSTEM Ati evxx exe F Program Files Panda Security Panda Antivirus Firewall WebProxy exe F WINDOWS system spoolsv exe F WINDOWS Explorer EXE F Program Files Panda Security Panda Antivirus Firewall APVXDWIN EXE F Program Files Microsoft Office Office GrooveMonitor exe F WINDOWS system ctfmon exe F Program Files Windows Live Messenger msnmsgr exe F Program Files Common Files Microsoft Shared VS DEBUG mdm exe F WINDOWS System svchost exe F Program Files Panda Security Panda Antivirus Firewall PsCtrls exe F Program Files Panda Security Panda Antivirus Firewall PavFnSvr exe F Program Files Common Files Possible keylogger threath, please help! Panda Software PavShld pavprsrv exe F WINDOWS System svchost exe f program files panda security panda antivirus firewall firewall PSHOST EXE F Program Files Possible keylogger threath, please help! Panda Security Panda Antivirus Firewall PsImSvc exe F WINDOWS system svchost exe F WINDOWS system wuauclt exe F Program Files Panda Security Panda Antivirus Firewall avciman exe F Program Files Internet Explorer IEXPLORE EXE F WINDOWS system wuauclt exe F Program Files Panda Security Panda Antivirus Firewall WebProxy exe F Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google hu R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hivatkoz sok O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - F Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - F Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - F Program Files Java jre bin ssv dll O - BHO Windows Live bejelentkez si seg ts g - D - C - ABF- ECC- C - F Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run APVXDWIN quot F Program Files Panda Security Panda Antivirus Firewall APVXDWIN EXE quot s O - HKLM Run GrooveMonitor quot F Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Malwarebytes Anti-Malware reboot quot F Program Files Malwarebytes' Anti-Malware mbam exe quot runcleanupscript O - HKCU Run ctfmon exe F WINDOWS system ctfmon exe O - HKCU Run msnmsgr quot F Program Files Windows Live Messenger msnmsgr exe quot background O - HKCU RunOnce Shockwave Updater F WINDOWS system Adobe SHOCKW SWHELP EXE -Update - - quot Mozilla compatible MSIE Windows NT SV InfoPath NET CLR NET CLR NET CLR NET CLR NET CLR NET CLR quot - quot http www candystand com play dodgeball quot O - HKUS S- - - Run CTFMON EXE F WINDOWS system CTFMON EXE User 'HELYI SZOLG LTAT S' O - HKUS S- - - Run CTFMON EXE F WINDOWS system CTFMON EXE User 'H L ZATI SZOLG LTAT S' O - Extra context menu item E amp xport l s a Microsoft Excel programba... Read more

A:Possible keylogger threath, please help!

Hello Gredor,

HijackThis is no longer the preferred initial scanning tool in this forum as it no longer provides enough information in regard to today's malware.


Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f50/possible-keylogger-threath-please-help-427232.html