View Full Version : 5 year old Keylogger file? - acr*.tmp
I have a Thinkpad T20 laptop running W2k.
I am trying to understand if I have some sort of malware or potential keylogger file that seems to date back to 2001. There are a group of excel files that have a file naming scheme of acr*.tmp under D:\documents and settings\"myname"\local settings\temp.
The files have been compiled, on average, every 7-10 days and are always 2MB in size. The associated icon is for an excel file
When I open the files with Excel they are encrypted for the most part, however in parts I can see simple text that looks like website I have visted.....as if someone were recording/tracking my movements.
I have attached a Bitdefender scan and HijackThis log.
Any ideas about these particular files? Thanks
shelf life
2006-08-15, 23:47
hi Romulus,
ive posted the hjt log.
was bitdefender able to remove anything?
Logfile of HijackThis v1.99.1
Scan saved at 5:06:05 PM, on 8/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINNT\System32\WFXSVC.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\wuauclt.exe
D:\WINNT\system32\tp4mon.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\WINNT\system32\ltcm000c.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
D:\WINNT\system32\Promon.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Norton Internet Security\CfgWiz.exe
C:\Program Files\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LexStart] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HPAiODevice.lnk = D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Global Startup: Event Reminder.lnk = D:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .HttpServletAdapter: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: Sierra Photo Garden Designer - {CFF6D1EB-77D8-F7DC-5AE7-E55959FCE844} - c:\program files\sierra\photogd\oyhot9.dll (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\DAVIDC~1.DAV\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINNT\System32\WFXSVC.EXE
--------------------------------------------------------------------------------------
i would download ewido and check for updates to your antivirus and run them both with computer in SAFE MODE. to reach safe mode you tap the f8 key during a computer restart, chose the first option safe mode.
Install Ewido Anti-Malware, 30 day trial version.
http://download.ewido.net/ewido-setup.exe
* Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
* On the top of the main screen click Shield
* Click the word active to change it to inactive
* On the top of the main screen click Update.
* Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap the F8 key during the computer restart.chose the first option from the list: SAFE MODE
* In Safe Mode,run Ewido.
* Click Scanner
* Click on the Scan tab
* Click Complete System Scan to begin scanning.
* When the scan is complete click Recommended Action and change it to Quarantine
* Then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
Make sure you know where to find this file again (like on the Desktop).
post the ewido log in next reply, you can edit out the cookies.
shelf life
I believe I mistakenly attached the virus scan and hijack log. So I have pasted this time.
Again, I have what I believe is a 5 year old keylogger program that uses excel files (that is the default icon associated with the file). The files have been saved approx. every 7-10 days and are typically in the format of acr**.tmp and always 2.0MB in size.
Does anyone know what the name of a keylogger program this old would be?? any ideas would be greatly appreciated.
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Aug 11, 2006 - 20:47:26
--------------------------------------------------------------------------------
Scan Info
Scanned Files
280283
Infected Files 57
Virus Detected
X97M.Laroux.IZ 2
X97M.Laroux.DX1 6
W97M.Class.{D,DB-DC} 20
Trojan.Downloader.Small.AGQ 3
Macro.VBA 3
Trojan.Spy.Hoa.B 2
Trojan.HTML.Clicker.AM 1
Trojan.HostAntiAV.A 1
Trojan.Dropper.Small.AAD 3
Dropped:Trojan.StartPage.WA 1
O97M.Tristate.C 2
W97M.Marker.C 1
W97M.Steroid.A2 5
Backdoor.Dumador.DF 2
Backdoor.Dumador.DG 1
X97M.Laroux.FC 1
Trojan.Agent.HH 1
XM.Laroux.A 2
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate
statistics about virus activity around the world.
Logfile of HijackThis v1.99.1
Scan saved at 5:06:05 PM, on 8/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINNT\System32\WFXSVC.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\wuauclt.exe
D:\WINNT\system32\tp4mon.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\WINNT\system32\ltcm000c.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
D:\WINNT\system32\Promon.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Norton Internet Security\CfgWiz.exe
C:\Program Files\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security
Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LexStart] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HPAiODevice.lnk = D:\Program Files\Hewlett-Packard\HP OfficeJet K
Series\bin\hpodev07.exe
O4 - Global Startup: Event Reminder.lnk = D:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
(file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
D:\WINNT\web\related.htm
O12 - Plugin for .HttpServletAdapter: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: Sierra Photo Garden Designer - {CFF6D1EB-77D8-F7DC-5AE7-E55959FCE844} -
c:\program files\sierra\photogd\oyhot9.dll (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program
Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -
D:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\DAVIDC~1.DAV\LOCALS~1\Temp\hpdj.exe (file
missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
D:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program
Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINNT\System32\WFXSVC.EXE
shelf life
2006-08-16, 00:28
hi Romulus,
scroll up, check the bottom of the posted hjt log.
what the name of a keylogger
i would be more concerned if its actually been up loading your keystrokes somewhere/someone.
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.
Applies only to the original topic starter.