5 year old Keylogger file? - acr*.tmp

R

Romulus

New member
I have a Thinkpad T20 laptop running W2k.
I am trying to understand if I have some sort of malware or potential keylogger file that seems to date back to 2001. There are a group of excel files that have a file naming scheme of acr*.tmp under D:\documents and settings\"myname"\local settings\temp.

The files have been compiled, on average, every 7-10 days and are always 2MB in size. The associated icon is for an excel file

When I open the files with Excel they are encrypted for the most part, however in parts I can see simple text that looks like website I have visted.....as if someone were recording/tracking my movements.

I have attached a Bitdefender scan and HijackThis log.

Any ideas about these particular files? Thanks
 
hi Romulus,

ive posted the hjt log.

was bitdefender able to remove anything?


Logfile of HijackThis v1.99.1
Scan saved at 5:06:05 PM, on 8/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINNT\System32\WFXSVC.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\wuauclt.exe
D:\WINNT\system32\tp4mon.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\WINNT\system32\ltcm000c.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
D:\WINNT\system32\Promon.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Norton Internet Security\CfgWiz.exe
C:\Program Files\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LexStart] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HPAiODevice.lnk = D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Global Startup: Event Reminder.lnk = D:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .HttpServletAdapter: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: Sierra Photo Garden Designer - {CFF6D1EB-77D8-F7DC-5AE7-E55959FCE844} - c:\program files\sierra\photogd\oyhot9.dll (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\DAVIDC~1.DAV\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINNT\System32\WFXSVC.EXE
--------------------------------------------------------------------------------------

i would download ewido and check for updates to your antivirus and run them both with computer in SAFE MODE. to reach safe mode you tap the f8 key during a computer restart, chose the first option safe mode.

Install Ewido Anti-Malware, 30 day trial version.

http://download.ewido.net/ewido-setup.exe

* Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

* On the top of the main screen click Shield
* Click the word active to change it to inactive
* On the top of the main screen click Update.
* Then click on Start Update. The update will start and a progress bar will show the updates being installed.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap the F8 key during the computer restart.chose the first option from the list: SAFE MODE

* In Safe Mode,run Ewido.
* Click Scanner
* Click on the Scan tab
* Click Complete System Scan to begin scanning.
* When the scan is complete click Recommended Action and change it to Quarantine
* Then click Apply all actions

Once finished, click the Save report button, then click Save Report As. This will create a text file.

Make sure you know where to find this file again (like on the Desktop).
post the ewido log in next reply, you can edit out the cookies.

shelf life
 
Update - 5 year old Keylogger file???

I believe I mistakenly attached the virus scan and hijack log. So I have pasted this time.

Again, I have what I believe is a 5 year old keylogger program that uses excel files (that is the default icon associated with the file). The files have been saved approx. every 7-10 days and are typically in the format of acr**.tmp and always 2.0MB in size.

Does anyone know what the name of a keylogger program this old would be?? any ideas would be greatly appreciated.




BitDefender Online Scanner - Real Time Virus Report



Generated at: Fri, Aug 11, 2006 - 20:47:26


--------------------------------------------------------------------------------

Scan Info

Scanned Files
280283

Infected Files 57

Virus Detected

X97M.Laroux.IZ 2

X97M.Laroux.DX1 6

W97M.Class.{D,DB-DC} 20

Trojan.Downloader.Small.AGQ 3

Macro.VBA 3

Trojan.Spy.Hoa.B 2

Trojan.HTML.Clicker.AM 1

Trojan.HostAntiAV.A 1

Trojan.Dropper.Small.AAD 3

Dropped:Trojan.StartPage.WA 1

O97M.Tristate.C 2

W97M.Marker.C 1

W97M.Steroid.A2 5

Backdoor.Dumador.DF 2

Backdoor.Dumador.DG 1

X97M.Laroux.FC 1

Trojan.Agent.HH 1

XM.Laroux.A 2


--------------------------------------------------------------------------------


This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate

statistics about virus activity around the world.




Logfile of HijackThis v1.99.1
Scan saved at 5:06:05 PM, on 8/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINNT\System32\WFXSVC.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\wuauclt.exe
D:\WINNT\system32\tp4mon.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\WINNT\system32\ltcm000c.exe
D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
D:\WINNT\system32\Promon.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe
D:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Norton Internet Security\CfgWiz.exe
C:\Program Files\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BMMGAG] RunDll32 D:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LexStart] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HPAiODevice.lnk = D:\Program Files\Hewlett-Packard\HP OfficeJet K

Series\bin\hpodev07.exe
O4 - Global Startup: Event Reminder.lnk = D:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

(file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

D:\WINNT\web\related.htm
O12 - Plugin for .HttpServletAdapter: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: Sierra Photo Garden Designer - {CFF6D1EB-77D8-F7DC-5AE7-E55959FCE844} -

c:\program files\sierra\photogd\oyhot9.dll (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program

Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

D:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\DAVIDC~1.DAV\LOCALS~1\Temp\hpdj.exe (file

missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet

Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

D:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program

Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINNT\System32\WFXSVC.EXE
 
hi Romulus,

scroll up, check the bottom of the posted hjt log.
what the name of a keylogger
Click to expand...
i would be more concerned if its actually been up loading your keystrokes somewhere/someone.
 
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top