Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: 45,120 events in event viewer, I have a keylogger

13 Apr 2013   #21
gregrocker

 

What exactly told you that you had a keylogger?

If you want to try the AHCI setting using the method VistaKing linked in Post #2, I'd save a Win7 backup image externally first. Backup Complete Computer - Create an Image Backup


My System SpecsSystem Spec
.
13 Apr 2013   #22
cottonball

Windows 7 Home Premium
 
 

Amingst,

We need to rule out the possibility of a TDSS Rootkit that hides by infecting a system driver, like atapi.sys, or, iastor.sys.

Please download TDSSKiller.zip:
http://www.bleepingcomputer.com/download/tdsskiller/
Right-click the program and select: Extract to tdsskiller\

You will see a TDSSKiller folder found on your Desktop.
Open the folder, and double-click the TDSSKiller application.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt

Please post the TDSSKiller log in your reply.



Also download SystemLook:
64-bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content of the following quote box into the main textfield (do not copy the word 'Quote'):
Quote:
:filefind
iaStor.sys
Click the Look button to start the scan.

When finished, a notepad window opens with the results of the scan.

Please post the SystemLook.txt (found on the Desktop) in your reply.
My System SpecsSystem Spec
13 Apr 2013   #23
Amingst

Windows 7 Home Premium 64bit
 
 

I called support and they said since 45k events were in event viewer and I couldn't run disk check that I had a keylogger
My System SpecsSystem Spec
.

13 Apr 2013   #24
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Amingst

You don't have a key logger what you have is more of a rootkit. If you go to your post in the System Security thread Cottonball and Jacee will be glad to get that removed from your computer .
My System SpecsSystem Spec
13 Apr 2013   #25
Amingst

Windows 7 Home Premium 64bit
 
 

I called support... They said that since I had 45k events in event viewer and that I could not run disk check when scheduled at startup that I had a keylogger.

At this point I really want to stop the BSOD with code 0xD1 causes by iastorA.sys
My System SpecsSystem Spec
14 Apr 2013   #26
cottonball

Windows 7 Home Premium
 
 

Amingst,

We understand the frustration that may be caused by the current situation the computer is in.
If there is a rootkit involved, we need to find out what kind it is, in order to use the correct tools to remove it.

To resolve your problem, you need to stay cool, have some patience, and follow the instructions
posted above.
My System SpecsSystem Spec
14 Apr 2013   #27
cottonball

Windows 7 Home Premium
 
 

Quote:
At this point I really want to stop the BSOD with code 0xD1 causes by iastorA.sys
Well sure. That's the goal.

However, if you have a TDSS Rootkit that hides by infecting iastor.sys, it's not going to happen.

Go back to Post # 12, in the System Security forum, and follow those instructions.

Otherwise...
My System SpecsSystem Spec
15 Apr 2013   #28
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Quote   Quote: Originally Posted by cottonball View Post
Amingst,

We understand the frustration that may be caused by the current situation the computer is in.
If there is a rootkit involved, we need to find out what kind it is, in order to use the correct tools to remove it.

To resolve your problem, you need to stay cool, have some patience, and follow the instructions
posted above.
+1 for me too mate it will get sorted
My System SpecsSystem Spec
15 Apr 2013   #29
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by Amingst View Post
I called support... They said that since I had 45k events in event viewer and that I could not run disk check when scheduled at startup that I had a keylogger.
Friend, translated that means, "we don't have a clue what's wrong with your PC, good luck". Please try the suggestions given. Keyloggers are fairly rare.By the way, that's not an uncommon number of events either, I have 95,561 just in system logs.
My System SpecsSystem Spec
15 Apr 2013   #30
Amingst

Windows 7 Home Premium 64bit
 
 

could fragmented iaStorA.sys Driver files be the cause of my BSOD with from that. I found that those driver files were fragmented
My System SpecsSystem Spec
Reply

 45,120 events in event viewer, I have a keylogger




Thread Tools




Similar help and support threads
Thread Forum
How To Clear Administrative Events Log - Event Viewer
Hi: Does anyone know how to clear the Administrative Events log listed under Custom Views in the Event Viewer? All the logs listed under the Windows logs have options to clear, but the above does not. Thanks, ColTom2
Performance & Maintenance
Event Viewer: Clear All Events
How to Clear all Event Logs in Event Viewer using Windows PowerShell This tutorial will show you how to quickly clear all event logs in Event Viewer with a one line PowerShell script. This one line command clears each log in the Event log list one at a time. wevtutil el gets the Event log...
Tutorials
Can not get a chkdsk log in Events Viewer
I can not get a log saved in Events/Windows Logs/Applications. Have run chkdsk/f from Administrator CMD prompt...chkdsk runs at reboot...but no log is created in Events Viewer as it always had been previously ? Any ideas on why and/or where the reboot chkdsk/f logs are ? jpg is after a...
Performance & Maintenance
Events Viewer CAP12 Error
I have just discovered that for the past few days I have been getting a CAP12 Error in Events Viewer/Administrative Events. I have tried to attach a picture of the General and Details tab but I am not sure how this is going to appear. This error message keeps appearing and I wonder if...
General Discussion
Events Viewer
I am running Win 7 Pro, 32 bits I was trying to run down a problem with Windows Explorer crashing and wanted to check the Events Log. When I went to check it it I got this: I then check Services and got this:
BSOD Help and Support
How to clear events in viewer?
How, in W7, does one clear the events? In vista, I went to actions and clear events. On W7, I do not see a clear events. Thanks Dave
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App