45,120 events in event viewer, I have a keylogger

Amingst,

We need to rule out the possibility of a TDSS Rootkit that hides by infecting a system driver, like atapi.sys, or, iastor.sys.

Please download TDSSKiller.zip:
http://www.bleepingcomputer.com/download/tdsskiller/
Right-click the program and select: Extract to tdsskiller\

You will see a TDSSKiller folder found on your Desktop.
Open the folder, and double-click the TDSSKiller application.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt

Please post the TDSSKiller log in your reply.



Also download SystemLook:
64-bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content of the following quote box into the main textfield (do not copy the word 'Quote'):

:filefind
iaStor.sys

Click the Look button to start the scan.

When finished, a notepad window opens with the results of the scan.

Please post the SystemLook.txt (found on the Desktop) in your reply.

Amingst

You don't have a key logger what you have is more of a rootkit. If you go to your post in the System Security thread Cottonball and Jacee will be glad to get that removed from your computer .

Amingst,

We understand the frustration that may be caused by the current situation the computer is in.
If there is a rootkit involved, we need to find out what kind it is, in order to use the correct tools to remove it.

To resolve your problem, you need to stay cool, have some patience, and follow the instructions
posted above.

At this point I really want to stop the BSOD with code 0xD1 causes by iastorA.sys

Well sure. That's the goal.

However, if you have a TDSS Rootkit that hides by infecting iastor.sys, it's not going to happen.

Go back to Post # 12, in the System Security forum, and follow those instructions.

Otherwise...

cottonball said:

Amingst,

We understand the frustration that may be caused by the current situation the computer is in.
If there is a rootkit involved, we need to find out what kind it is, in order to use the correct tools to remove it.

To resolve your problem, you need to stay cool, have some patience, and follow the instructions
posted above.

+1 for me too mate it will get sorted

Amingst said:

I called support... They said that since I had 45k events in event viewer and that I could not run disk check when scheduled at startup that I had a keylogger.

Friend, translated that means, "we don't have a clue what's wrong with your PC, good luck". Please try the suggestions given. Keyloggers are fairly rare.By the way, that's not an uncommon number of events either, I have 95,561 just in system logs.