Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer compromised with a keylogger

(In Progress)
(!)

taylor88's Avatar
taylor88 taylor88 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Feb 2008
Experience: Intermediate
28-Mar-2010, 11:11 PM #1
Computer compromised with a keylogger
I play World of Warcraft and recently had my account taken control of. I then realised since I have never given out my password, it must be a keylogger.

I ran KL-Detector while I screwed around in notepad and a few other things, and this is what it came up with

Code:
KL-Detector has found some suspicious files:
C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
C:\Program Files\World of Warcraft\Logs\SESound.log

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Taylor\AppData\Local\Temp\
C:\Program Files\World of Warcraft\Logs\
C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Windows\Prefetch\
C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\



>>FULL REPORT<<

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\ntuser.dat.LOG1
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
was modified.

C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
was modified.

C:\ProgramData\Alwil Software\Avast5\journal\journal00271030
was created.

C:\ProgramData\Alwil Software\Avast5\journal
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1E3.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFF1E3.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
was modified.

C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
was modified.

C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp
was modified.

C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf
was modified.

C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was created.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
was created.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCXY8JZQ\swfobject[1].js
was removed.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
was created.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
was removed.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
was created.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
was created.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
was removed.

C:\Program Files\World of Warcraft\Logs\Launcher.log
was modified.

C:\Windows\System32\config\SOFTWARE.LOG1
was modified.

C:\Windows\System32\config\SOFTWARE
was modified.

C:\Windows\System32\config\SOFTWARE
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\cpu.log
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\cpu.log
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\gx.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was modified.

C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
was removed.

C:\Windows\Prefetch\LAUNCHER.EXE-EA7BE9F6.pf
was modified.

C:\Windows\Prefetch\LAUNCHER.EXE-EA7BE9F6.pf
was modified.

C:\Windows\Prefetch\WOW.EXE-CEB1028D.pf
was modified.

C:\Windows\Prefetch\WOW.EXE-CEB1028D.pf
was modified.

C:\Users\Taylor\ntuser.dat.LOG1
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\creaturecache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\creaturecache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\gameobjectcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\gameobjectcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemnamecache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemnamecache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\npccache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\npccache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\questcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\questcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\pagetextcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\pagetextcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemtextcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemtextcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\wowcache.wdb
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\wowcache.wdb
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Program Files\World of Warcraft\Logs\SESound.log
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\gx.log
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\WTF\Config.wtf
was modified.

C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\WTF\Config.wtf
was modified.

C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default
was modified.
Also here is the hiijack this logfile.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:28 PM, on 29/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} (UnityWebPlayer Control) - http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\Windows\System32\ASWLSVC.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LP - Unknown owner - C:\Users\Taylor\Desktop\Documents\Downloads\LowerPingv1.4\LP.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7840 bytes
Thanks for any and all help, it really is appreciated.

edit: I might add I have done a full scan with both avast and adaware and they found nothing
taylor88's Avatar
taylor88 taylor88 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Feb 2008
Experience: Intermediate
29-Mar-2010, 11:27 PM #2
Hey guys, if the KL detector doesn't mean much, just ignore it and look at the hijack this post.

Thanks guys!
taylor88's Avatar
taylor88 taylor88 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Feb 2008
Experience: Intermediate
30-Mar-2010, 10:52 PM #3
bump, still needing help
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,691 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2010, 07:31 AM #4
all the KL detector findings are perfectly normal & not a sign of a keylogger

* Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

If that won't run then
Run an online antivirus check from one of the following sites

http://www.eset.com/online-scanner
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑