i`ve been keylogged

Please follow this thread first:
http://forums.majorgeeks.com/showthread.php?t=35407

After doing the steps indicated there come back and tell us what you have done, the results for each, and where your problems stands now.

 

Have it fix everything it finds. Was it able to fix the key logger?
Did you run the other items too?

Is your problem resolved?

 

Okay follow the steps below:

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:

regsvr32 /u C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

then click OK. If a dialog box confirming this action appears, click OK.
Now run HijackThis and put check marks on the items below but DO NOT CLICK FIX YET:
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunServices: [explorer] C:\WINDOWS\SYSTEM\explorer.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Now exit ALL Internet Explorer (or other browser) sessions and click Fix in HijackThis.

Now reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650

Now use Windows Explorer and navigate to and delete:

C:\PROGRAM FILES\TV MEDIA <---- The whole directory
C:\WINDOWS\SYSTEM\explorer.exe
C:\WINDOWS\SYSTEM\explorer.dll <---- from the keylogger. Let's make sure it's gone.

Now reboot in normal mode and let's where you stand. All the TVMedia items and the bogus explorer.exe should be gone from your HJT log.

 

That's okay! That just means the dll file was not registered. Continue with the rest of the steps.

 

Looks like the same log to me. Are you sure you did the steps correctly? Did you enable viewing of hidden files and folders?

 

You really should post your log here as an attachment. Just name it with a .txt extension and upload it. Doing it the way you are gives us no history mechanism.

 

Bad idea. That's why I want you to post them here as text attachments. So we can have a running history. At any rate. Your log has not changed. It does not look like you executed the steps I gave you correctly.

You did not answer my previous questions:

"Looks like the same log to me. Are you sure you did the steps correctly? Did you enable viewing of hidden files and folders?"

 

Well it is not really a "bad idea" to overwrite the logs on your PC as long as you have been attaching each one here as I requested.

 

Use Windows Explorer to rename it. RIght Click on it and select Rename. Then change the extension from log to txt.

 

Okay! Now you have given me an updated log file and the items are all fixed. Your previous log did not show that anything had been done.

By the way the settings for enabling Hidden files and folders you have made is correct but it would also be better to Uncheck the "Hide file extensions for known file types" options too. Otherwise you would only see a file like TvmBho.dll as TvmBho That could result in your telling me (or someone else) you could not find the file.

The link I sent you to told you to uncheck that option.

 

Everything that showed in your HJT log is fixed. I have no idea what runescape is and it is the first time your are mentioning it. Why are you now worried about that?

 

I do not play games nor do I have the time for them.

Bad idea to play games that allow stuff like this to occur. You are going to windup with more problems like this again.

Also we do not like talk like this here:

" (i have his msn..now is there anyway i can get back at him? ,a buddy of mines alrdy said he`d spam his email)..lol"

This is a Tech Forum. Not a hacking forum!

 

Your welcome!