GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Does this mean I have keylogger activity?

View previous topic View next topic Go down

Does this mean I have keylogger activity?

Post by cattielbullard on Thu Feb 18, 2010 12:06 pm

I ran KL-Detector and this was the report

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\SchedLgU.Txt
was modified.

C:\WINDOWS\SchedLgU.Txt
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INI
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\wbem\Logs\wbemcore.log
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
was modified.

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.



No suspicious files were found in your hard disk Smile


You MAY want to take a look at:
C:\WINDOWS\system32\config\

cattielbullard
Intermediate
Intermediate

Status :
Online
Offline

Posts : 102
Joined : 2009-10-11
Gender : Female
OS : Vista
Points : 27544
# Likes : 0

View user profile

Back to top Go down

Re: Does this mean I have keylogger activity?

Post by Belahzur on Thu Feb 18, 2010 7:35 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Does this mean I have keylogger activity?

Post by cattielbullard on Thu Feb 18, 2010 11:05 pm

I was able to download the OTL but wasnt able to run it. I run Windows XP. But it said that I may not have the promissions needed to run it. I dont understand that considering I am the only account on my pc. I dont have an Administrator account. I have the same privilege/rights as an Administrator. What should I do?

cattielbullard
Intermediate
Intermediate

Status :
Online
Offline

Posts : 102
Joined : 2009-10-11
Gender : Female
OS : Vista
Points : 27544
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum