1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer compromised with a keylogger

Discussion in 'Virus & Other Malware Removal' started by taylor88, Mar 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. taylor88

    taylor88 Thread Starter

    Joined:
    Feb 26, 2008
    Messages:
    8
    I play World of Warcraft and recently had my account taken control of. I then realised since I have never given out my password, it must be a keylogger.

    I ran KL-Detector while I screwed around in notepad and a few other things, and this is what it came up with

    Code:
    KL-Detector has found some suspicious files:
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    C:\Program Files\World of Warcraft\Logs\SESound.log
    
    Please check; someone might have installed a keylogger on your computer!
    
    
    You MAY want to take a look at:
    C:\Users\Taylor\AppData\Local\Temp\
    C:\Program Files\World of Warcraft\Logs\
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\
    C:\Windows\Prefetch\
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\
    
    
    
    >>FULL REPORT<<
    
    Below are some file operations that were done during the monitoring process.
    Review them carefully and check for suspicious files.
    
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
    was modified.
    
    C:\Users\Taylor\ntuser.dat.LOG1
    was modified.
    
    C:\Users\Taylor\NTUSER.DAT
    was modified.
    
    C:\Users\Taylor\NTUSER.DAT
    was modified.
    
    C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
    was modified.
    
    C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
    was modified.
    
    C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
    was modified.
    
    C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
    was modified.
    
    C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
    was modified.
    
    C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC7A.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFEC8A.tmp
    was modified.
    
    C:\ProgramData\Alwil Software\Avast5\journal\journal00271030
    was created.
    
    C:\ProgramData\Alwil Software\Avast5\journal
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1E3.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1E3.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
    was modified.
    
    C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
    was modified.
    
    C:\Windows\Tasks\User_Feed_Synchronization-{3389518A-2486-47BD-BCC8-F2ED4321C4C6}.job
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1D2.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFF1BC.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp
    was modified.
    
    C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf
    was modified.
    
    C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was created.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
    was created.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\swfobject[1].js
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCXY8JZQ\swfobject[1].js
    was removed.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
    was created.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
    was removed.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
    was created.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[4].txt
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
    was created.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\taylor@worldofwarcraft[5].txt
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GBLF8E\index[1].xml
    was removed.
    
    C:\Program Files\World of Warcraft\Logs\Launcher.log
    was modified.
    
    C:\Windows\System32\config\SOFTWARE.LOG1
    was modified.
    
    C:\Windows\System32\config\SOFTWARE
    was modified.
    
    C:\Windows\System32\config\SOFTWARE
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\cpu.log
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\cpu.log
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\gx.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was modified.
    
    C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
    was removed.
    
    C:\Windows\Prefetch\LAUNCHER.EXE-EA7BE9F6.pf
    was modified.
    
    C:\Windows\Prefetch\LAUNCHER.EXE-EA7BE9F6.pf
    was modified.
    
    C:\Windows\Prefetch\WOW.EXE-CEB1028D.pf
    was modified.
    
    C:\Windows\Prefetch\WOW.EXE-CEB1028D.pf
    was modified.
    
    C:\Users\Taylor\ntuser.dat.LOG1
    was modified.
    
    C:\Users\Taylor\NTUSER.DAT
    was modified.
    
    C:\Users\Taylor\NTUSER.DAT
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\creaturecache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\creaturecache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\gameobjectcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\gameobjectcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemnamecache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemnamecache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\npccache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\npccache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\questcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\questcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\pagetextcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\pagetextcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemtextcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\itemtextcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\wowcache.wdb
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\wowcache.wdb
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Program Files\World of Warcraft\Logs\SESound.log
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Logs\gx.log
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\WTF\Config.wtf
    was modified.
    
    C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\WTF\Config.wtf
    was modified.
    
    C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default
    was modified.
    
    Also here is the hiijack this logfile.

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:10:28 PM, on 29/03/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\DisplayFusion\DisplayFusion.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix: 
    O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} (UnityWebPlayer Control) - http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASWLSVC - Unknown owner - C:\Windows\System32\ASWLSVC.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LP - Unknown owner - C:\Users\Taylor\Desktop\Documents\Downloads\LowerPingv1.4\LP.exe
    O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    
    --
    End of file - 7840 bytes
    
    Thanks for any and all help, it really is appreciated.

    edit: I might add I have done a full scan with both avast and adaware and they found nothing
     
  2. taylor88

    taylor88 Thread Starter

    Joined:
    Feb 26, 2008
    Messages:
    8
    Hey guys, if the KL detector doesn't mean much, just ignore it and look at the hijack this post.

    Thanks guys!
     
  3. taylor88

    taylor88 Thread Starter

    Joined:
    Feb 26, 2008
    Messages:
    8
    bump, still needing help
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    all the KL detector findings are perfectly normal & not a sign of a keylogger

    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites

    http://www.eset.com/online-scanner
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/913219