Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Keylogger on computer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk
View previous topic :: View next topic  
Author Message
cokefag
Master Cheater
Reputation: 51

Joined: 15 Nov 2007
Posts: 488
PostPosted: Wed Nov 03, 2010 7:39 pm    Post subject: Keylogger on computer Reply with quote
I've scanned using AVG/Malwarebytes, anyone recommend anything else? I can't find this keylogger at all, yet all my shit keeps getting changed.
Back to top
View user's profile Send private message  
Zcythe
Grandmaster Cheater
Reputation: 2

Joined: 17 Dec 2007
Posts: 679
Location: :noitacoL
PostPosted: Wed Nov 03, 2010 8:59 pm    Post subject: Reply with quote
Can you do a HijackThis scan and post the log. Also maybe try SuperAnti-Spyware scan.
_________________
Back to top
View user's profile Send private message  
PUSHEAX_PUSHEAX
Grandmaster Cheater
Reputation: 72

Joined: 13 Apr 2009
Posts: 969
PostPosted: Wed Nov 03, 2010 9:10 pm    Post subject: Reply with quote
Do an ESET nod32 online scan. But if it's FUD good luck to you.
Back to top
View user's profile Send private message  
cokefag
Master Cheater
Reputation: 51

Joined: 15 Nov 2007
Posts: 488
PostPosted: Wed Nov 03, 2010 9:50 pm    Post subject: Reply with quote
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:37 PM, on 03/11/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
F:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
F:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
F:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CKL\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {01E501C0-444A-1535-5A8D-619040006DF3} - C:\Windows\system32\appi-ms-win-core-rtlsupport-l1-1-0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - F:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [AVG9_TRAY] F:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\Users\CKL\AppData\Roaming\Microsoft\System\Services\msconfig.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "F:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ManyCam] "F:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\CKL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GomezPEER.lnk = F:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = F:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - F:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - F:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - F:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - F:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (file missing)

--
End of file - 11441 bytes
Back to top
View user's profile Send private message  
Haswell
Grandmaster Cheater
Reputation: 10

Joined: 24 Nov 2007
Posts: 703
PostPosted: Wed Nov 03, 2010 10:08 pm    Post subject: Reply with quote
Log looks clean. Are you sure you're being keylogged? What are the symptoms you are experiencing?
Back to top
View user's profile Send private message  
cokefag
Master Cheater
Reputation: 51

Joined: 15 Nov 2007
Posts: 488
PostPosted: Wed Nov 03, 2010 10:09 pm    Post subject: Reply with quote
Hotmail password changed.
Steam password changed.
Went to support of steam to get it back.
Steam support account password changed.
Went to try again
Second steam support account password changed.
Another email's password changed.

If it is FUD, what do I do?
Back to top
View user's profile Send private message  
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801
PostPosted: Wed Nov 03, 2010 10:21 pm    Post subject: Reply with quote
just reformat and get it over with
Back to top
View user's profile Send private message  
SF
I'm a spammer
Reputation: 119

Joined: 19 Mar 2007
Posts: 6028
PostPosted: Wed Nov 03, 2010 10:49 pm    Post subject: Reply with quote
GomezPeer? When did you install it? Personally I wouldn't trust something that wants you to be asleep while it sends out information regarding your internet usage.
_________________
Back to top
View user's profile Send private message  
AhMunRa
Grandmaster Cheater Supreme
Reputation: 27

Joined: 06 Aug 2010
Posts: 1117
PostPosted: Thu Nov 04, 2010 8:46 am    Post subject: Reply with quote
If you are sure there isn't a software keylogger, have you looked at the box for a hardware keylogger? Perhaps a friend is playing tricks on you.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.>
Back to top
View user's profile Send private message  
DarkWraith
Cheater
Reputation: -1

Joined: 20 Apr 2009
Posts: 43
Location: sparta, wisconsin
PostPosted: Mon Nov 08, 2010 2:00 pm    Post subject: Reply with quote
if its professionally made it might not appear on the windows registry. or they might have just named their virus after an already existing executable. try using avg. and only use windows on-screen-keyboard until then. that will reduce your chance of getting it stolen.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger 
cokefag
Master Cheater
Reputation: 51

Joined: 15 Nov 2007
Posts: 488
PostPosted: Tue Nov 09, 2010 6:24 pm    Post subject: Reply with quote
Reformatted instead.
Thanks for your efforts though guys.
/lock plox
Back to top
View user's profile Send private message  
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites