infected with several things...

Hi,

Your site is really awesome. and has been very helpful so far. Thank you!!!

I have followed all instructions in the Read & Run Me First and I am posting now to display my logs and to ask for your infinite wisdom in helping me rid myself of these malicious buggers. I suspected I had some problems on the machine here when Monday my Symantec Anti-Virus and my Zone Alarm stopped loading when I rebooted.

Symantec found nothing.
TrendMicro online found "Ardamax" but failed to clean it. That was 2 days ago.


Msconfig is set to Normal Mode.
Ran ccleaner in SafeMode.
Ran SB S & D, found 4 benign things: "Microsoft.WindowsSecurityCenter.UpdateDisableNotify", "Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify", "Microsoft.WindowsSecurityCenter.FirewallDisableNotify" , "Microsoft.WindowsSecurityCenter.AntiVirusOverride" that I have disabled in XP) Immunized, DID NOT use teatimer.
Microsoft Malicious didn't find anything.
Windows Defender would not run in SafeMode w/networking and found nothing in normal mode.

BitDefender found Backdoor.Xbot.26 in system volume info. see attached bdscan.txt.

Pandascan found many things. See attached ActiveScan.txt.

Also attached is my HJT log.

I hope I am doing this right, and that this can be cleaned out forever. I will also post a second time with my other logs. Thanks again!

 

Here are my logs from GetRunKey and ShowNew

 

Thank you for responding.

The only problem I have noticed is that Zone Alarm and Symantec AV no longer load up when I start the computer. It will load my volume icon then seems to pause a bit before it will let me manually start Zone Alarm.

I didn't install any keyloggers and it is freaking me out that they are there...can you help me get rid of them?

Also, I did install Paltalk on purpose. Is it bad? Should I get rid of it?

 

Okay so I decided to just uninstall Symantec since it is not so great, and I got AVG instead. I scanned and it found "PSW.Generic2.HWX" Great I have not only keyloggers, but also a password stealer. I can't believe all those other scans I did never showed it. AVG was able to get rid of this PSW trojan for me. ::whew::

I am upset about someone putting keyloggers on this computer. I Googled the names you mentioned and eventually figured out Ardamax was living in the directory "CKM" where an uninstaller was located (visible thanks to your instructions to unhide the hidden folders) and I uninstalled Ardamax, then deleted the directory. I have not been able to find anything on Google about getting rid of All in One Keylogger

When I originally scanned with BitDefender, it found Backdoor.Xbot.26 in System Volume Info. Today's AVG scan has not found it and that may be because I disabled System Restore and rebooted before I scanned.

Anyway, can you please help me get rid of the All in One Keylogger? I am going to follow your other threads about protecting myself and I am going to confront the people I share this computer with about the keyloggers.

Thanks for your site, it has really helped me!!

Alyssa

 

What does this registry change do?

I ran it even though I have no idea what it does, and attached is the new GetRunKey log.

There is no flaupdate.exe anywhere on the machine.

I fixed Zone Alarm by applying an update it had waiting and it loads just fine everytime now.

The machine has been running fine since I ran all those scans and got AVG.