Keylogger Detected - HJT included

[TimeParadoX]

I was downloading a file from Xfire and Avast! detected a Keylogger, I deleted the file and disconnected from my internet, ran all the anti-virus programs I have and nothing was found. I ran HJT and found a few odd things that I haven't seen before, so I was wondering if anyone can check it and see if it's a bad file or not.

 

[kritius]

Where these the entries?

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs:

Think it might be worth your while downloading the three tools in the Viruses/Spyware/Malware, preliminary removal instructions and run them.

Also you should maybe do a Panda antirootkit scan.

Nice short log by the way.

 

[TimeParadoX]

Where these the entries?

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs:

I don't know where they are, They recently appeared since I've never seen them in my log ( I did one about 3 days ago )

Think it might be worth your while downloading the three tools in the Viruses/Spyware/Malware, preliminary removal instructions and run them.

Also you should maybe do a Panda antirootkit scan.

Nice short log by the way.

I've downloaded and tried the three tools from the guide, I've also ran a Antirootkit scan. Also thanks for the compliment on my log, I use to have about 12 entities but now I have alot more.

 

[kritius]

Maybe just run combofix and post a log, just to be sure. You could also maybe have HJT fix those two entries, the first one should definitely be ok.

I would possibly wait and see if Blind Dragon or Momok could have a look at the logs just to be sure.

Are you having any other problems?

about the log, yours had 4815 bytes, I saw somebodys recently with over 20000, I think they had their entire computer running at once and evry virus you could think of!!

 

[Blind Dragon]

You can Launch Hijackthis and Select Do a System Scan only and check these

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs:

Select fix checked

Also I didn't notice a firewall running

If you want to run combofix and attach the log I would be happy to take a look

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[TimeParadoX]

Here is my ComboFix log, I reinstalled Comodo Firewall, I uninstalled it before I reformatted.

 

[TimeParadoX]

[bump][bump]

 

[kritius]

hey TimeParadoX ,

Sorry about the no reply, its been pretty busy round here.

I cant read ComboFix logs so we'll have to wait for someone who can, have you tried messaging Momok?