need help removing a suspected keylogger

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

need help removing a suspected keylogger, i am pretty shur i have a keylogger

Options

spencerh4 View Member Profile	Oct 9 2008, 05:48 PM Post #1
New Member Group: New Member Posts: 1 Joined: 9-October 08 Member No.: 81,892 Operating System: Windows vistas	i am pretty shur that someone has put a key logger onto my laptop without my knowlage i need to know if it exists or if anny other sneaky stuff is on my computer and if it does exist how to get rid of it i do have vistas if that make a difference i am going to put the statrup list just tell me in an email if you need annything elese als o have my own keyloggers in i have a refog on my pc and a cam studio so thanks here is my startup list StartupList report, 10/9/2008, 7:36:57 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista (WinNT 6.00.1904) Detected: Internet Explorer v7.00 (7.00.6000.16711) * Using default options ================================================== Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\ProgramData\vspqzyxy\pifcjsxk.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\CamStudio\Recorder.exe C:\Windows\System32\MPK\MPK.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\MPK.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run RtHDVCpl = RtHDVCpl.exe SynTPStart = C:\Program Files\Synaptics\SynTP\SynTPStart.exe NDSTray.exe = NDSTray.exe Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey StartCCC = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe McENUI = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WindowsWelcomeCenter = rundll32.exe oobefldr.dll,ShowWelcomeCenter TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe winactcmd = C:\ProgramData\winactcmd\zgjonwpu.exe AWAwKn52xE = C:\ProgramData\vspqzyxy\pifcjsxk.exe lphclo5j0e91d = C:\Windows\system32\lphclo5j0e91d.exe AdobeUpdater = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Load/Run keys from C:\Windows\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\logon.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} McAntiPhishingBHO - c:\PROGRA~1\mcafee\msk\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -------------------------------------------------- Enumerating Task Scheduler jobs: McDefragTask.job McQcTask.job -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #4: C:\Windows\system32\napinsp.dll NameSpace #5: C:\Windows\system32\pnrpnsp.dll NameSpace #6: C:\Windows\system32\pnrpnsp.dll NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Windows\system32\MPK\is-CC29V.tmp => C:\Windows\system32\MPK\MPK.exe\|C:\Windows\system32\MPK\is-KT4KO.tmp => C:\Windows\system32\MPK\Mpk.dll\|C:\Windows\system32\MPK\is-ITB4I.tmp => C:\Windows\system32\MPK\sqlite3.dll\|\|\| -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\system32\webcheck.dll -------------------------------------------------- End of report, 7,788 bytes Report generated in 0.109 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

shelf life View Member Profile	Oct 11 2008, 04:28 PM Post #2
SuperMember Group: Malware Expert Posts: 3,024 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Fedora Core, XP	hi, QUOTE also have my own keyloggers maybe these are yours then: C:\ProgramData\winactcmd\zgjonwpu.exe C:\Windows\system32\lphclo5j0e91d.exe C:\ProgramData\vspqzyxy\pifcjsxk.exe

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal Keylogger?	3	faithmarie	68	21st November 2008 - 09:20 AM Last post by: oldman960
HijackThis™ Logs and Infections Removal [Resolved] Need help removing trojan horse viruses 12	19	ballemand	366	20th November 2008 - 03:23 AM Last post by: jpshortstuff
HijackThis™ Logs and Infections Removal removing Smacchat.com pop-up	1	jklebaka	24	18th November 2008 - 05:14 AM Last post by: jpshortstuff
HijackThis™ Logs and Infections Removal [Closed] Removing Rapid antivirus	2	Paddymc	66	12th November 2008 - 04:44 PM Last post by: LDTate