But anyway, I agree with you that the most likely scenario is the characters were logged- the first thing I would do is check all your running processes and see if any are Trojans or viruses.