Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wolfsong

Wolfsong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 November 2009 - 03:59 PM

Well, my WoW account seemed to have been hacked or keylogged, since there was an authenticater attatched to my account and I never bought one.

So, I changed my password and called the Blizzard support number ( I'm lucky they were open today ), and got the authenticator removed. He told me to check to make sure I don't have a keylogger.

What should I be looking for on the virus scan to indicate if I have a keylogger or not? All it says is I have a tracking cookie...

I downloaded KL-Detector and ran it. I found something in one of my temp folders and deleted it, and each time I run it, it comes up with something different.

The first thing it found was " C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log" I deleted it and when I restarted my computer, it was back again. The other things it says might be a keylogger are associated with my Norton Antivirus, so I doubt they're keyloggers. I'll post the full report that I got from both KL-Detector and Hijack this, so I know if I can delete anything.

I'm running Windows Vista, in case anyone needs to know.

KL-Detector

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\WINDOWS\System32\WDI\LogFiles\BootCKCL.etl
was modified.

C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.001
was modified.

C:\Users\Tiffany\AppData\Local\Temp
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy9.gthr
was modified.

C:\Users\Tiffany\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76REJWRF\www.orkut.com\gtalksettings.sol
was modified.

C:\Users\Tiffany\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76REJWRF\www.orkut.com\gtalksettings.sol
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\Tiffany\AppData\Local\Temp\CabD153.tmp
was created.

C:\Users\Tiffany\AppData\Local\Temp
was modified.

C:\WINDOWS\Prefetch\CONSENT.EXE-65F6206D.pf
was modified.

C:\WINDOWS\Prefetch\DLLHOST.EXE-A1CD8B86.pf
was modified.

C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log
was created.

C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log
was modified.

C:\ProgramData\Symantec\Common Client\volatile.DAT
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\WINDOWS\Prefetch\TASKENG.EXE-5BAF290C.pf
was modified.

C:\Users\Tiffany\ntuser.dat.LOG1
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\Users\Tiffany\AppData\Local\Temp\Tiffany.bmp
was modified.

C:\Users\Tiffany\AppData\Local\Temp\Tiffany.bmp
was modified.

C:\WINDOWS\Prefetch\DLLHOST.EXE-893DDF55.pf
was modified.

C:\WINDOWS\Prefetch\DLLHOST.EXE-893DDF55.pf
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\ProgramData\Symantec\SRTSP\SrtETmp\43B16F4B.TMP
was modified.

C:\WINDOWS\Prefetch\COM4QLBEX.EXE-6F9FBD83.pf
was modified.

C:\WINDOWS\Prefetch\COM4QLBEX.EXE-6F9FBD83.pf
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\WINDOWS\Prefetch\SYNTPHELPER.EXE-4B6F43CF.pf
was modified.

C:\WINDOWS\Prefetch\SYNTPHELPER.EXE-4B6F43CF.pf
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\Tiffany\AppData\Local\Temp\Cab627.tmp
was created.

C:\Users\Tiffany\AppData\Local\Temp
was modified.

C:\WINDOWS\System32\WDI\LogFiles\BootCKCL.etl
was modified.

C:\Users\Tiffany\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76REJWRF\www.orkut.com\gtalksettings.sol
was modified.

C:\Users\Tiffany\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\76REJWRF\www.orkut.com\gtalksettings.sol
was modified.

C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\Users\Tiffany\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog
was removed.

C:\Users\Tiffany\Tracing
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy9.gthr
was modified.

C:\WINDOWS\System32\WDI\LogFiles\BootCKCL.etl
was modified.

C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log
was modified.

C:\WINDOWS\System32\config\SYSTEM.LOG1
was modified.

C:\WINDOWS\System32\config\SYSTEM
was modified.

C:\WINDOWS\System32\config\SYSTEM
was modified.

C:\WINDOWS\System32\config\SYSTEM
was modified.

C:\Users\Tiffany\ntuser.dat.LOG1
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}
was modified.

C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.001
was modified.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{15aba053-2c8e-48aa-98ad-821486863af0}\snapshot.etl
was created.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{15aba053-2c8e-48aa-98ad-821486863af0}\snapshot.etl
was modified.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{15aba053-2c8e-48aa-98ad-821486863af0}\snapshot.etl
was modified.

C:\WINDOWS\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
was modified.

C:\WINDOWS\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
was modified.

C:\WINDOWS\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
was modified.

C:\WINDOWS\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
was modified.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1235484537-599327747-1317129028-1000_UserData.bin
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.6.gthr
was modified.

C:\WINDOWS\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1235484537-599327747-1317129028-1000_UserData.bin
was modified.

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
was modified.

C:\WINDOWS\Prefetch\ReadyBoot\Trace5.fx
was created.

C:\WINDOWS\Prefetch\ReadyBoot
was modified.

C:\WINDOWS\Prefetch\ReadyBoot\Trace5.fx
was modified.

C:\WINDOWS\Prefetch\ReadyBoot\ReadyBoot.etl
was removed.

C:\WINDOWS\Prefetch\ReadyBoot\Trace10.fx
was removed.

C:\Users\Tiffany\ntuser.dat.LOG1
was modified.

C:\Users\Tiffany\AppData\Local\Google\Google Talk\vcards
was modified.

C:\Users\Tiffany\AppData\Local\Google\Google Talk\vcards
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\Users\Tiffany\NTUSER.DAT
was modified.

C:\Users\Tiffany\AppData\Local\Temp\lxdxscan.log
was modified.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Defender\FileTracker\{E321D404-468C-4976-BD18-3DED171DE3A0}
was created.

C:\Users\Tiffany\AppData\Local\Microsoft\Windows Defender\FileTracker\{E321D404-468C-4976-BD18-3DED171DE3A0}
was modified.


Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:21 PM, on 11/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Tiffany\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [googletalk] C:\Users\Tiffany\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9492 bytes

PLEASE help me get rid of this keylogger so I can change my Warcraft password and log on to see if anything amiss on my account! Thank you!

EDIT: I just saw this was the wrong place to post this. I'm sorry. Feel free to ignore this if you wish.

Moving to the HiJack This forum from AII. ~ OB

Edited by Orange Blossom, 26 November 2009 - 06:02 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:56 PM

Posted 01 December 2009 - 11:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:02:56 PM

Posted 08 December 2009 - 10:38 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with the link to this thread.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users