Over 1 million tech questions and answers.

Suspected Keylogger Infection - Need Help w/ Removal

Q: Suspected Keylogger Infection - Need Help w/ Removal

Attaching my HJT log. I believe I'm infected with a keylogger of some sort, as my gmail.com e-mail address has been compromised as well as a World of Warcraft account (multiple times, even after a password reset). I'm now fearful that the next target will be my bank account. I would appreciate any assistance with anything suspicious of keylogger activity. Thanks in advance!

(The log itself is in the form of an attachment to this post)

RELEVANCY SCORE 200
Preferred Solution: Suspected Keylogger Infection - Need Help w/ Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Suspected Keylogger Infection - Need Help w/ Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

Read other 2 answers
RELEVANCY SCORE 75.6

Hello, please can you help me? I think I may have some key logging malware on my pc.
Someone accessed my WOW account and cleaned it out. I have recently had lots of WOW fishing emails, but haven't clicked on any of the links, so I don't know how they got my password.
I have followed the advice given by WOW support and before running Hijackthis, I ran:
CC Cleaner
SUPERantispyware
Spybot seach & derstroy
MBAM
Bit Defender deep system scan

Many thanks in advance for your help.

Here are my log files:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:49, on 18/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\Ad... Read more

A:Suspected keylogger infection....

Read other 9 answers
RELEVANCY SCORE 74.8

When typing information into my browser on a computer running Windows Vista Ultimate, the type is delayed as though it is being analyzed before it shows up on the screen. I suspect some type of keylogger that may be trying to capture passwords or other data. I am aware that rootkits are quite deadly and are all but invisible. What should I do to see if I am hijacked?

A:Suspected Keylogger type infection

Let's see if we can find out---------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see ... Read more

Read other 1 answers
RELEVANCY SCORE 56.4

I've reason to believe my computer is infected with a keylogger, after having several of my accounts to various internetsites and onlinegames compromised. However, I have no clue as to how I might spot and/or fix this problem. Logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:46:57 AM, on 10/17/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\Anti-Spy.Info\AntiSpy.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=disR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\... Read more

A:Suspected Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

My World of Warcraft account was hijacked this weekend. My password and user name are lengthy alphanumeric combinations and are not used for any other applications. There is no way anybody could have guessed them through social engeneering. This leaves me to belive there is a keylogger on my system. I have scanned with AVG and Spybot. Everything appears to be clean.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:15 AM, on 6/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\itunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\quickenw\QWDLLS.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 56.4

Hey I'm a World of Warcraft player and recently my account was hacked. I have never shared my password and am thinking a 3rd party program may have been infected that stole my password. Either way just to be safe I would like to check if you guys could take a look.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Java\jre1.6.0... Read more

Read other answers
RELEVANCY SCORE 56.4

So I may have a keylogger running somewhere on my laptop, I was wondering if someone could decipher my hijackthis results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:47 PM, on 5/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,St... Read more

A:Suspected Keylogger

Bump. Still unresolved :/
 

Read other 2 answers
RELEVANCY SCORE 56.4

Hello, I'd like to thank you in advance for your help. Like the title says, I suspect I've got a keylogger. I consider myself extremely good with computers and I don't see anything suspicious in my processes, but I'm worried that I may have contracted a keylogger from a fake website link.

I've yet to experience any type of keylogging activity, but I want to get rid of any potential keylogger before information is stolen. I am using a Dell Inspiron 6400 with Windows XP Professional 64 bit.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:31 AM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program... Read more

A:Suspected Keylogger - HJT Log

Bump
 

Read other 2 answers
RELEVANCY SCORE 56.4

Hi,My WoW account was recently hacked. I scan my system with both AVG and MalwareBytes, with both scans showing no infections (other than tracking cookies). Attached are my HJT and DDS logs. Can someone check my logs? ThxLogfile of Trend Micro HijackThis v2.0.4Scan saved at 5:39:41 PM, on 7/8/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Users\Man\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1R1 - HKL... Read more

A:Suspected Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 56.4

I had a game account stolen from me a few weeks ago, I assumed I was keylogged since I was pretty lax on security. I've ran a number of virus scans and have tried to clean up everything I possibly can. I was a. wondering if I'm clean now (how do I know for sure?) and b. what are the best free tools to prevent something like this from happening again(although I'm sure I could find that answer by looking around these forums) Below is my hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:10 AM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls... Read more

A:Suspected Keylogger

Hello, Johnsmithhh
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your s... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

I just discovered my WoW account had been hijacked over the weekend while i was away. I dont respond to unknown emails, never got any messages from someone making pretend to be a WoW advisor, etc so i have no idea wtf happened, how or where it could have come up. I already have had the account restored to me, but do not want to log in from this computer until im sure i got rid of whatever the hell is on here, if anything. AVG and SuperAntiSpyware came up empty. DDS log is as followsDDS (Ver_10-03-17.01) - NTFSx86 Run by Blatherbeard at 9:29:22.49 on Tue 06/01/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3325.1564 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSyste... Read more

A:Suspected Keylogger

sure glad i have majorgeeks to help me. thanks for the views, i got help somewhere else.

Read other 2 answers
RELEVANCY SCORE 56.4

Hello, a keylogger stole my world of warcraft password and hacked my account a few days ago, i did a full clean up of the pc after that and after retrieveing my account back started playing again but had a series of weird disconnects implying that my password was stolen again and was being used. I fear I still have the keylogger around my system, so I've done a full pc scan again and came here for help with my hijack log.

Thanks in advance for any help!

Maleware log:
Malwarebytes' Anti-Malware 1.41
Database version: 2928
Windows 5.1.2600 Service Pack 3

10/9/2009 12:38:25
mbam-log-2009-10-09 (12-38-25).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 151842
Time elapsed: 17 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:04, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Ru... Read more

A:Suspected keylogger

Bump
 

Read other 2 answers
RELEVANCY SCORE 56.4

Oh god, I just got a blue-screen when I scanned with that GMER program, I was on the toilet when it happened and when I came back my computer it had been restarted due to a serious problem or something like that. And I was just about done with copying all my logs into this thread. Ah well. Now I don't have alot of time to write alot and be all fancy so I'll just take the short-version of it.

My story is that my anti-virus program Avast! alerted me that it had detected a malicious virus. It called itself worm/keylogger or something like that. I got the pop-up just when I pressed Enter after typing my World of Warcraft password in the the password box. Luckily my account did not get hacked due to the fact that I have my e-mail set to automatically get filled into respective box.

I followed a guide on the official wow-europe.com forum, it was on how to get rid of keyloggers and the last step is to post a bunch of logs here on this forum for you guys to check on. And that I will do now.

+++HiJackThis logfile+++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:47, on 2010-10-03
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program... Read more

A:Suspected Keylogger

Just posted this before I was fully done with it all to kind of save it since I don't want to re-write it like I already did once due to the bluescreen while doing the GMER scan.

EDIT: And I sure as hell gott a bluescreen when I started my GMER scan, I need help with helping myself already it seems. Seems like I can't do a GMER scan, I did it before once but that was before I followed the guide on wow-europe.com where they tell you to get all kinds of removal programs before you start posting on these kinds of forums. Tried running the GMER exe yet again to see if I could somehow make it past a bluescreen. I got a message saying that GMER.exe stopped working and that it has been shut down.

EDIT2: Okay, got a third blue-screen. Something is definintely wrong. I got this bluescreen while doing nothing at all except using my internet browser to add this website to my favourites.

I got a message from spybot saying it detected something that have been changed in the registry. I copied a bunch of crap, if you will, from the spybot log. Here goes.
2010-10-03 15:24:33 Denied (based on user decision) value "wow64main.exe" (new data: "") deleted in System Startup user entry!
2010-10-03 15:24:36 Denied (based on user decision) value "SpybotDeletingB3095" (new data: "command.com /c del "C:\Windows\System32\28463\ASYQ.001"") added in System Startup user entry!
2010-10-03 15:24:52 Allowed (based on user decision) value "... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

Hey guys,

I came home today to find that my World of Warcraft account had been hacked, which presumably is from a keylogger. I ran ATF Cleaner, and Ad-Aware 2008, followed by Hijackthis as suggested by a forum post I was referred to by Blizzard.

I was told not to try and use Hijackthis myself and looking at the log I can see why, so instead I came to this forum through that same post. Anyways, here is my the log I got returned to me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:58, on 13/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start... Read more

A:Suspected Keylogger

Bump

Also updated my original post today with a new HackThis log. I ran a Disk Cleanup earlier today too, not sure if it is relevant or not.
 

Read other 3 answers
RELEVANCY SCORE 56.4

Hello, i suspect that a keylogger is on my computer, reason is, i was on MSN Messenger and i logged off and when i tried to log back in, it gave an error saying my password could be wrong, i also can't get in my email, my password was changed, I then made a new MSN and E-mail, only to find that today it has the same problem. Any suggestions/Advice?

heres my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:10 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\... Read more

A:Suspected keylogger

bump
 

Read other 2 answers
RELEVANCY SCORE 56.4

Could someone please help me? LOL I believe there is a keylogger or some other sort of spyware on my computer. I think my passwords, conversations, and other information are being either recorded or viewed somehow. Is there any way to detect this? My bank account has been logged into from a different IP address, some of my online conversations have been disclosed to others, etc. PLEASE -- HELP!!!

I have attached a fresh copy of Hijackthis.

Thanks in advance!

Jennifer Z.

 

A:PLEASE HELP... keylogger suspected

Is there anyone who can help me with this, please???
 

Read other 1 answers
RELEVANCY SCORE 56.4

Hi all,
my XP ThinkPad might be infected by keyloggers and other malware.
I just want a "clear" on it, or if it is not clear, I want to clear it.
Thanks

<ACTIVESCAN.TXT START>
Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa89681f.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xa... Read more

Read other answers
RELEVANCY SCORE 56.4

Hello, I have reason to believe I have a key logger. I have been unable to locate anything in my system processes, or through hijackthis. I have also ran malware bytes, and avg. Can anyone see if they can spot anything malicious? Thank you very much,- DanielLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:08 PM, on 9/29/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Program Files (x86)\AIM6\aim6.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\AVG\AVG8\avgtray.exeE:\Program Files (x86)\Google\Gmail Notifier\gnotify.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeC:\Users\Daniel\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\Program Files (x86)\Skype\Plugin Manager\skypePM.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\AIM6\aolsoftware.exeC:\Program Files (x86)\AIM6\aolsoftware.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet ... Read more

A:Suspected Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

OK, I accidentally clicked on one of those links on those crafty WoW Threads, after this there was many reply to the thread saying it was a keylogger and 10 minutes later the post was deleted.

Ok now for the hijackthis log.

All help will be appreciated. Thanks all in advance.

Logfile of HijackThis v1.99.1
Scan saved at 22:07:23, on 19/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON To... Read more

A:Suspected Keylogger.

Sorry for double post but afterwards all my computer crashed up and slow besides xfire which still worked.
I found that everything started working fine once i had restarted computer.
 

Read other 1 answers
RELEVANCY SCORE 56.4

I suspect I have have a keylogger installed on my computer. Someone has been using services of mine, such as e-mail and Spotify, that require my password. I feel intruded, to say the least.
My friend tipped me about this site, now I need help. What's the first step?
Thanks in advance to anyone who reaches out to me.
 

A:Suspected keylogger. Need help

Hello ingemar, welcome to Tech Support Guy's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
Please backup important documents before proceeding with my instructions.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

======================================================

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farb... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

My World of Warcraft account has been compromised, an authenticator was placed on the account. I have ran numerous anti virus scans and anti spyware scans and nothing has turned up. My yahoo email account was also hijacked and password changed. I was able to run the dds scan but had a problem when attempting to scan with gmer. Gmer would begin its scan and the my computer would freeze and become unresponsive. DDS (Ver_10-03-17.01) - NTFSx86 Run by Marcus at 4:47:18.56 on Sat 07/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1315 [GMT -5:00]AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exesvchost.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Progra... Read more

A:Suspected Keylogger

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 56.4

Hi there. Mine and my sons computers have both been infected with viruses and a possible keylogger. I have performed many scans and repairs and am hoping i have now fixed the problem on my computer could somebody please take a look at my hijackthis file and let me know if there is still anything to worry about. I'll post a new thread for my sons computer when i've finished scanning and repairing. Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:47, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\tsnpstd3.exe
E:\WINDOWS\FixCamera.exe
E:\WINDOWS\tsnp325.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Java\jre6\bin\jqs.exe... Read more

A:suspected keylogger, have i got rid of it?

Hello whitestoneware,

If you still require assistance, we require a more comprehensive set of logs to determine the presence of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

Read other 2 answers
RELEVANCY SCORE 56.4

I think I might have a key logger, which is quite serious considering what gets entered on my computer. I've checked, but can't seem to find it. So I'm hoping you guys can

Here's my HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:47 PM, on 3/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\S... Read more

Read other answers
RELEVANCY SCORE 56.4

Hello

I would like to ask for help confirming that my computer is clear of keyloggers.
3 days ago my world of warcraft account was hacked into and I was told it was most likely a keylogger that compromised my accout, I have followed the advice that was given to me from http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1.

I have run 'ATF cleaner', 'Ad-Aware', 'Spybot S&D' and 'MBAM' along with virus scans from McAfee (all updated) and they are now returning clean results. can anyone check over my HJT log to confirm that i have removed any keyloggers that were on my system?

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:19, on 25/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\... Read more

A:Suspected Keylogger

Read other 9 answers
RELEVANCY SCORE 56.4

Okay here is the issue , Today I checked my rapidshare account and found out that there has been alot of traffic used from another country so I could only think that my account was hacked and my computer has a keylogger , here is the log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Reeko at 14:57:39.34 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1256.971.1033.18.3071.2120 [GMT 4:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour ... Read more

A:Suspected keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 56.4

So I may have a keylogger running somewhere on my laptop, I was wondering if someone could decipher my hijackthis results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:47 PM, on 5/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Micros... Read more

A:Suspected Keylogger

Bump. Still unresolved :/

Read other 1 answers
RELEVANCY SCORE 56.4

Hey guys, i've had some funny activity on some of my internet accounts, first my skype account was hacked so i went and changed every password i use and this morning my google account password was changed. I've recently formatted my mac at home so I can only imagine it could be my other Windows XP computer, i did look into it myself but there's so many processes i got confused. pretty worried about my data/emails etc.

here's the log:
DDS (Ver_09-10-12.01) - NTFSx86
Run by SamLoomes at 11:08:02.21 on 12/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2589 [GMT 1:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Pr... Read more

A:Suspected keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hello all,

A few days ago a friend of mine notified me of the fact hat my WoW accout had been hacked. Since it had (and now again has) a pretty secure password, I suspected a keylogger might be active on my system. I scanned using Avast and Spybot S&D, and for good measure also ran CCleaner. However, they all came up pretty clean. So, I turn to this forum for help. Below is my hijackthis log. Thanks in advance for anyone who is willing to help.

Greetings,

- Brionne
--------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:19:40, on 20-3-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Bruno\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
... Read more

A:Hijackthis log for suspected keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

Read other 2 answers
RELEVANCY SCORE 56

Officially at wits end on this - any help would be deeply appreciated.

Monday morning my Warcraft account was compromised. I play on (2) PCs, both running XP Pro SP3, Spysweeper, RUBotted, and ESET NOD AV. Machines are set for auto-updates and daily sweeps at the OS/app/security program levels.

Machines are password-protected when I am not physically at them.

I don't run 3rd-party apps with WoW or surf porn or casual game sites. My WoW account password was not the same as the password for the email address attached to the WoW account (and my email passwords are mixed case, alpha-numeric, at least 8 characters long, and include at least one special character).

Home network sits behind a router connected to a DSL modem, but I have Windows Firewall turned on as well.

There was no indication prior to Monday morning that anything was wrong on either machine. After being notified that my WoW password had changed, I ran a complete sweep of the machine #1. There were still no indications or flags of infections. (note: I have not used machine #2 to log in to WoW or my email since the compromise)

Tuesday morning, I changed the email address and password for my WoW account using machine #1.

Wednesday morning, the account was promptly hacked again.

Ran the online Panda Security sweep, Trojan Remover, and Malwarebytes AM on both machine #1 and #2. Again, nothing flagged as an infection.

Yesterday, I used a different computer (a third one, separate from machines ... Read more

A:Help with suspected but undetected keylogger

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh set of DDS Logs. Both DDS and Attach.txt

Read other 3 answers
RELEVANCY SCORE 56

i did a hijack this scan and this is what the log file said, plz help, i have no clue what to do. i keep getting my accounts hacked for games i play.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:46:51 PM, on 7/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\... Read more

A:Keylogger Suspected, Log File.

Title was: Keylogger Trouble., my coputer has a key logger i think. stealing passwords ~ OBi'm almost possitive i have a keylogger on my computer and i need to get rid of it they keep stealing my passwords to games that i play and somehow they keep getting the email's i change it too even tho i use the onscreen keyboard. i ran hijack this and this is the log it came up with PLZ HELP!----------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:31 AM, on 7/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files�... Read more

Read other 3 answers
RELEVANCY SCORE 56

Recently my World of Warcraft account has been hacked. I changed the password and they must of found it out cause now I can't get on at all. Here is my HJT log. Any help will be appreciated.Running processes:C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeC:\Program Files (x86)\AutoTask\AutoTask.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exeK:\HDDPROP\HDDPROP.EXEC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtR1 - HKLM\Software\Microsoft\Internet Explorer ... Read more

A:HijackThis Log: Suspected Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56

The associated e-mail to my wow account uses the same password as wow so all my e-mails could have been compremised (has card details for purchased goods,and other sensitive info). I was running widows 7 ultimate at the time so i have formatted back to windows xp sp3 and installed and scanned with avg 9 (got the 30 day full internet security) , spybot, adaware, Malwarebytes' Anti-Malware, atf cleaner and HijackThis. Only cookies have been detected so im pretty sure the virus that was used to hack my wow account is gone for good but would masivelly appreciate advice on my logs, thanks very much in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:38:46, on 24/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVG... Read more

A:Suspected keylogger or trojan

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 3 answers
RELEVANCY SCORE 56

Hey guys, I suspect a keylogger in my system after my WOW account was compromised. Now I usually know I'm very good at preventing things like this, but for some reason my account did get compromised. So here's my HiJackThis log. Currently running NOD32 3.0 scanning and Spybot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:09 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\CTHELPER.EX... Read more

A:Suspected keylogger in system

Bump :)

Read other 1 answers
RELEVANCY SCORE 56

An online game I play was recently hacked, and it has been suggested that it was done by a keylogger or trojan horse. I have run an ad-aware scan, a spybot scan, a malware scan, and also a scan using Norton 360. Finally I have run a hijackthis scan, and hope you can find in the log below a keylogger or trojan my other scans have missed! I am running Windows Vista. The spybot scan and the malware scan both found things which I have been able to remove. I have also included the malware log below the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:41, on 22/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Curse\Curs... Read more

Read other answers
RELEVANCY SCORE 56

Hello, most of my passwords were hijacked this morning. I have had a few issues the past week or so, mostly the computer running a little slower than usual. Since I run a regular virus scan with avg I didn't think much of it, and have had no error messages.

I have spent some time cleaning up the computer and I think I may have gotten the issue, but since I'm not sure a friend suggested I post here. I can get a hold of a vista CD on sunday at the earliest.

Any help or suggestions would be much appreciated, and thank you for your time. :)


DDS (Ver_09-11-24.02) - NTFSx86
Run by eiyel at 15:47:49,71 on 2009/11/26
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.46.1033.18.3066.1993 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windo... Read more

A:Suspected keylogger, please advise

Hello eiyel,

As you do play World of Warcraft, I'll want to take a bit deeper look. Download rsit.exe and save it to your desktop.Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. I only need to see the log.txt

Read other 1 answers
RELEVANCY SCORE 56

A week ago or so the password to my WoW account was changed, and when retrieving it, it said the account had been banned. I've cleared that up with the support but I haven't yet dared to write in the resetted password or make a new in case the process would be repeated!

I have followed all of the steps in a rather long guide on how to clean your computer:

http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1

And I've cleaned my computer of as much crap as possible to make the hijackthis scan easier to read since that was the final step off the guide! I've done exactly everything it told me to, haven't skipped a single bit! =)

It's not only the WoW account I'm afraid might be compromised, but also other stuff and credit cards I use to buy things online with! Help would be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:16, on 2009-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shar... Read more

Read other answers
RELEVANCY SCORE 56

Hello.


Forgive me beforehand if some of my English isn't correct.

I have recently been infected of a trojan of the keylogger sort. This I am sure of since my World of Warcraft account has been hacked. I have run several scans with popular anti-spyware/malware/adware and anti-virus programs (such as Ad-Aware, Malwarebytes Antimalware, avast!, AVG, Rising, Bitdefender, SuperAntiSpyware, etc).

None of the listed above have successfully found and deleted (fully) the trojan. The exception is Bitdefender which finds:
Trojan.PWS.OnlineGames.AAGF
This is most certainly the trojan that is the keylogger however, after it deletes it and I reboot my system it appears again.
The "Trojan.PWS.OnlineGames.AAGF" seems to be located in something like: C:\System Volume Information\
Though this is nothing that I can find in my C:\?

Please reply if anything is unclear and I shall do my best to help you out!


Here's a logfile from after a scan using HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:59, on 2009-01-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Rising\Rav\CCenter.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\Program\Delade filer\BitDefender\BitDefender Update S... Read more

Read other answers
RELEVANCY SCORE 56

Hi all, I've noticed at times that my Norton 360's intrusion detection turns itself off or is turned off not by me. Until now it's been a curiosity, but this new MMO i'm playing recently has all sorts of hacking going on in and around it. When looking up some info on google I think i may have clicked on a malware/god-seller site by mistake. although i closed the webpage window as quickly as possible, i think i may have inadvertently downloaded a keylogger, etc.

At any rate I was hoping for some intelligent eyes on my logs in order to help either assuage my fears or let me know the extent of the damage. Any and all help would be greatly appreciated.
/respectfully,
Whoops09
 Attach.txt   10.66KB
  1 downloads

DDS (Ver_09-10-13.01) - NTFSx86
Run by Example John at 2:31:00.55 on Fri 10/16/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4090.1917 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe... Read more

A:Suspected Keylogger/ rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hey guys I have well i think i have a Trojan or a keylogger or something along those lines as I keep loosing my account information for an mmo i play. As a result i have lost controll of that account several times so it was suggested i look to Hijackthis and consiquently this site . I have run serveral scans with kaspersky, Malwarebytes and spybot search and destroy. All to no avail. I dont know enough to search any further myself.
DDS (Ver_09-11-29.01) - NTFSx86
Run by Patch at 21:06:24.20 on 30/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.987 [GMT 0:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:... Read more

A:Suspected keylogger or Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 4 answers
RELEVANCY SCORE 56

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:27:00 PM, on 3/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptax... Read more

A:HiJackThis Log - Suspected Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 56

i very stupidly opened something on Sunday night due to sheer laziness and the next thing i know the audio is turned off and my anti virus was being turned off. After rebooting I uninstalled bitdefender and most of the security stuff was having issues with being turned off.I did scans with Malware Bytes and that found something and deleted it but i think that was a previous virus that i was unaware of. After scanning with all sorts and doing a system restore i am now at the point where every scanner is coming up clean - Malware Bytes, Superantispyware, Avast, NOD 32, NOD32 online scanner they all say my system is clean but I still think something is there when i look at the task manager and see all these processes like csrss, atieclxx and many svchost.exe etc. Also iexplore.exe is running a few times in processes even though i only have it opened once.here is the hijack log and rooter log for good measureLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:55:29, on 16/12/2552Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\USB Disk Security\USBGuard.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page... Read more

A:Suspected trojan / Keylogger

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 56

The following scan is from the wife's computer. I don't see anything that pops out at me instantly as being dirty.

Prior to coming here i've done a full Ad-aware scan, AVG scan, S&D scan and for kicks also ran Stinger. Save for a couple pieces of adware, they scans came back clean. Nothing has been found which would indicate a keylogger.

(the reason we're under the impression of a keylogger is because her Warcraft account was compromised, but she happened to be online when it happened, and was able to do resets of passwords at what we believe to be initial time of intrusion)

Any help would be appreciated.

/McK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:49 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iT... Read more

A:Suspected Keylogger - HJT! inside

Bumping.
A full scan from Kaspersky came back with -zero- hits.
what else is there that i can run or is there anything in my HJT! log to say there's any issues?
 

Read other 3 answers
RELEVANCY SCORE 56

I suspect my Warcraft account is being hacked. It's been banned twice and I've received four password resets from Blizzard in the last fortnight, in addition to making several of my own.
The account is accessed only from my computer, and I've done nothing stupid with regard to giving out account details. For this reason I suspect a virus on my computer.
Avast returns a clean virus scan. The computer freezes at the same percentage complete through a pandasecurity scan. I've noticed no other changes with the computer.
Logs are shown below, appreciate the help.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Robert at 12:17:43.32 on Fri 09/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1601 [GMT 12:00]

AV: avast! antivirus 4.8.1351 [VPS 090903-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\PROGRA~1\ALWILS~1\Avast4... Read more

A:Suspected keylogger virus

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next rep... Read more

Read other 11 answers
RELEVANCY SCORE 56

I suspect that I have some kind of Keylogger/trojan on my network computer.An online account was accessed and password changed.Can anyone look at the following and identify anything suspicious.Thanks.**********************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:59 AM, on 11/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\dllhost.exeC:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSESvc.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeD:\Microsoft Firewall Client 2004\FwcAgent.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXED:\MozyPro\mozyprobackup.exeD:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\Program ... Read more

A:Suspected Trojan and/or Keylogger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Avast, Malwarebyte show nothing. Hijack this log shows no high risk items, but some "unsure" ones.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:50 PM, on 5/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\... Read more

A:Suspected keylogger, hijackthislog posted

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533913 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

Hi guys, 2 wow accounts have been stolen very recently. I tried an AVG scan and picked up nothing. So, I did Hijack This, and now here I am. Please take a look at me log. I would very much appreciate any input on the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:26 PM, on 9/24/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINX64\RaUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG8\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\WINDO... Read more

A:2 WoW Accounts stolen. Keylogger suspected.

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.2.3790 Service Pack 2

9/24/2009 6:30:01 PM
mbam-log-2009-09-24 (18-30-01).txt

Scan type: Quick Scan
Objects scanned: 94656
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\Iasex.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ias (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ias (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Adm... Read more

Read other 2 answers