I need Help With This Keylogger

[Bartender]

Well, this has been posted once before, and once in the vet forum, and I would like to repost what happened, and post some stuff that I tried recently.
I downloaded AVG FREE - Froze in normal mode, safe mode - Found the virus but in the test results page to remove the viruses, only 3 out of the 9 I saw the night before showed up.
Ewido - Tried it, didn't like it, didn't try in safe mode.
Norton - Found the virus be cannot move / delete it because it is in use.

In safe mode, I found the virus, and deleted it, but when I ran in normal mode, ANOTHER keylogger showed that Norton had detected, AND the first virus popped up.

1 Keylogger is located in my C drive ( the one I deleted in safe mode )
1 Keylogger is loacated somewhere in my windows folder (haven't found it yet)
These two keyloggers are the ones Norton and AVG have detected during startup.

I'm thinking of reformating, but I heard my dad say that things in the windows folder don't erase while reformatting, leaving me still with the keylogger if this is true.

Everytime I said virus in the first part, I mean't the keyloggers.

[trayne]

download super ad blocker, restart. rightclick its icon and set it to scan for spyware, adware, malware etc. it will remove them then you just need to restart once more to finish the cleanup.

[Nex]

Try using this program spybot search and destroy I have it on my pc here. Be careful and be sure of what you delete when using this program. Another good program to try is Lavasoft's Ad-aware.

[$hane]

If you delete your partitons and format your hard drive, everything will be destroyed, everything! If your paranoid, go to your hard drive manufactures website and look for a low lvl format utility. Follow the directions and I guarantee that everything will be wiped squeaky clean. Then reload OS.

[Bartender]

Trayne, the super ad blocker didn't get the virus.

BTW, the keylogger I deleted came back when I restarted in normal mode.

[Tyler.]

Start up your computer
Press alt control delete, end anything that shouldnt be running.

download a scanner called A-Squared (this has removed tons of trojans/worms/keyloggers/ on my testing computer.

[A.D.]

Go into the start menu, go to 'run'

type 'msconfig'

Go to the startup tab, and there will be a list of applications that are executed on startup. The keylogger is probably in there somewhere. Uncheck anything that looks suspicious and reboot your system. You may get lucky, but I have run across adware/spyware that somehow gets around MS config, and sometimes they will show up in the 'services' tab instead, yet be careful when tooling around with services. I once disabled a few things I knew nothing about and I lost my sound and couldn't restore it. finally had to reinstall windows to get it to function again.

[SilverTears]

Trayne, the super ad blocker didn't get the virus.

BTW, the keylogger I deleted came back when I restarted in normal mode.

Is your system restore on? Sometimes if you dont shut your system restore off the virus will go right back on after your done scanning/getting rid of it.

[Bartender]

How do you turn system restore off?

Additional Comment:
AlmostDeadly, I ran msconfig and nothing on the startup tap nothing was enabled, on the service tab 3 things were enabled but weren't looking suspicous.

Additional Comment:
Bump... also, I tried system restore but it said SYSTEM RESTORE INCOMPLETE. =/

[SilverTears]

Did you do it right?

Start > Control Panel > System > System Restore > Turn off system restore

[trayne]

whats the name of the keylogger. i can probably find it and write a bounce.key for it to disable the keylogger. chances are its probably an infostealer instead of a keylogger. theres been 2 that have been spreading badly and keep returning cause they write themselves into the systems rebooting segments and restore segments. scanning and restarting doesnt help since it doesnt clear the cache. scanning and shutting down will clear its cache. you could do a free scan using trend micro, they tend to find those including parasites and removes them.

[wm_hunter]

Bartender I will look over your HiJackThis log tonight, I appologize I have been very busy.

[Bartender]

Okay, I went into safe mode and deleted that exe file again along with Kaspersky after 5 minutes of using it, it was just wayyy to annoying, and the file disappeared, I loaded my computer in normal mode and there was a sysload file error, I deleted that and no ms-dos pops up in the beginning or AVG showing a virus thing. Wm, I would still like to know what I should delete with HiJackThis to be 105% sure.

[wm_hunter]

Seeing as you have made some changes can you send me a fresh log? I don't want you to remove stuff that is already gone, and what they got you to do could have only half-fixed existing problems.

Just to be safe...

EDIT:

It doesn't reveal anything too specific about your PC if you just want to reply with it, you can always PM me though.

[Bartender]

Alright. Sending to you like right now.