1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spy Software that monitors your every keystroke

Discussion in 'Virus & Other Malware Removal' started by Dimension2400, Aug 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    How may I determine if spy software has been planted or
    installed on my machine. 'Web watcher' and certain other brands
    claim that they are completely invisible and are able to monitor
    every keystroke. I would first like to find and identify it,
    -and then of course, remove it!
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    nothing is completely invisible
    if you suspect you have a keylogger or monitoring program on your computer then, provided it is YOUR computer & not a company computer we can [possibly look & see and advise

    please give details on why you think you are being monitored & by whom. It depends on your answer whether we can or will help or not or whether we refer you to alternative help or advise
     
  3. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    Hi, Thank you for replying to my question.

    First, let me assure you that this is my personal computer that we are discussing. Purchased, owned and used only by me.

    To answer the second part of your question is a little harder because the issue would take much more writing in order to make it comprehensible. I could tell you why on the phone easily but to write it would take many pages.
    I believe that I have good reason and I hope you will assist me.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  5. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:12:45 PM, on 9/20/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal
    Firewall\capfsem.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal
    Firewall\capfasem.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-
    Spyware\CAPPActiveProtection.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-
    Spyware\PPCtlPriv.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ron\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.att.net/ie4/search/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-
    0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} -
    C:\Program Files\CA\CA Internet Security Suite\CA Website
    Inspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -
    C:\Program Files\CA\CA Internet Security Suite\CA Website
    Inspector\Toolbar\CallingIDIE.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
    Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
    \spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-
    8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
    Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program
    Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
    Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
    Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security
    Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security
    Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security
    Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security
    Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security
    Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program
    Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32
    \Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
    Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program
    Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
    Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: SmartUI.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5
    -00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-
    5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081
    -5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-
    12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file
    missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-
    12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file
    missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet
    Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet
    Explorer\Plugins\npimth32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class)
    - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B}
    (TTestGenXInstallObject) -
    http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control)
    - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/w
    uweb_site.cab?1237331202828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie
    nt/muweb_site.cab?1274310462968
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B}
    (TInterActXInstallObject) -
    http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
    O16 - DPF: {CD26FCFC-7502-48FD-A558-0451013195BD} (GrokDVRAx Control) -
    http://www.ati247.com/livedemo/PCDVRAx.cab
    O16 - DPF: {DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF} -
    http://www.haptek.com/products/player/autoinstall/data/latest.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    https://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
    C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B
    -00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF
    -2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA
    Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. -
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050
    \Intel 32\IDriverT.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) -
    CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet
    Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program
    Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program
    Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program
    Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program
    Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program
    Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    --
    End of file - 11675 bytes
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    well where are the rest of the logs then
     
  7. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Ron at 15:50:51.82 on Wed 09/22/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.77 [GMT -4:00]
    AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Documents and Settings\Ron\Desktop\Malware removal\scan DDS.com
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/webhp?hl=en
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    mSearch Bar = hxxp://www.att.net/ie4/search/index.html
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
    BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
    TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Sonic RecordNow!]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [DVDSentry] c:\windows\system32\DSentry.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
    mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
    mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
    mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
    mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
    mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    StartupFolder: c:\docume~1\ron\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\VetRedir.dll
    Trusted Zone: musicmatch.com\online
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237331202828
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274310462968
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
    DPF: {CD26FCFC-7502-48FD-A558-0451013195BD} - hxxp://www.ati247.com/livedemo/PCDVRAx.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF} - hxxp://www.haptek.com/products/player/autoinstall/data/latest.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
    Notify: igfxcui - igfxsrvc.dll
    Notify: PFW - UmxWnp.Dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
    SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
    ============= SERVICES / DRIVERS ===============
    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
    R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-3-4 4064]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
    R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-3-17 26352]
    R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-3-17 21104]
    R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-3-17 746216]
    R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-3-17 21488]
    R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-3-17 161008]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-3-17 144696]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
    R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
    R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
    R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-3-17 255312]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
    R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-3-17 185680]
    R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-3-17 130280]
    S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2005-3-4 91520]
    S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-3-4 2944]
    S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2005-4-20 3168]
    S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2005-4-20 39552]
    S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-3-4 60416]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-3-4 11008]
    S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-3-4 10368]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\packet.sys [2003-8-13 13203]
    =============== Created Last 30 ================
    2010-09-18 00:31:47 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-09-18 00:31:47 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
    2010-09-18 00:31:44 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-09-18 00:31:44 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-09-18 00:31:37 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2010-09-18 00:31:37 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2010-09-18 00:31:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-09-18 00:31:08 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
    ==================== Find3M ====================
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
    2010-09-20 04:27:50 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
    2010-09-20 04:27:50 135862 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
    2009-03-18 03:42:06 723 ----a-w- c:\program files\INSTALL.LOG
    ============= FINISH: 15:51:13.35 ===============
     
  8. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    The attach log file.
     

    Attached Files:

  9. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    ARK Test FILe
    Keep getting server 503 errors
    I try to send this as an attachment.
     

    Attached Files:

    • ark.txt
      File size:
      178.1 KB
      Views:
      1
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    I can't see any obvious signs and I am reluctant to delve deply without good reason

    Unless you give us a good reason to do so

    Just tell us briefly why you suspect a keylogger or monitor. You don't need to go iniot massive details just a brief description of what makes you think you are being monitored
     
  11. Dimension2400

    Dimension2400 Thread Starter

    Joined:
    Aug 29, 2010
    Messages:
    7
    It's is going to take a little time for me to write it up.
    I know of no way of giving a short synapse about this
    problem without providing some of back-round
    necessary to make it comprehensible.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Software monitors every
  1. ALEX331
    Replies:
    1
    Views:
    684
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/946469

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice