Total control, worms, Keylogging HELP!

KEYLOGGER on my COMP - scrambler.sys

hi

i know for a FACT that i have keylogger software on my comp.

people have gotten into my email, my accounts, etc.

the one file that i can find is scrambler.sys

what should i do first?

 

Re: KEYLOGGER on my COMP - scrambler.sys

you should follow all the steps in the READ ME sticky at the top of this forum...

http://forums.majorgeeks.com/showthread.php?t=35407

follow those steps first and report the findings back here...

 

Re: may i post my log now?

hi

may i please post my hijackthis log now?? or where should i post it?

I found that the keylogger has it setup on my computer to also send themself
emails from the data they are collecting.

I have ZoneAlarm, AntiVir Guard, and Spy Protector on my computer, but they still go through somehow.

Also, there are some logs that shows that my computer is successfully being remotely controlled and i have NO IDEA how to fix this.

thanks

 

My Log

okay i saw below that you said to post my findings here.

here is my log.

 

Re: My Log

pamelaj,

One of your main problems is that you have 3 antivirus programs running. This is NOT recommended as running more then one antivirus program will cause conflicts on your computer.

You must pick ONE antivirus and uninstall the other two. After you complete this reboot and post a fresh HJT log.

 

Re: KEYLOGGER on my COMP - scrambler.sys

so i shouldnt run Spy Doctor for keylogging and Grisoft AVG at the same time??

what about ZOne alarm?

Thanks,

 

New Log

is this log better?

 

I also have THIS PROBLEM

this folder CONTINUES TO SHOW UP in my EMAIL BOX under TRASH folder

and it CANNOT BE DELETED PERMANENTLY...........it keeps COMING back over and over again.

file name is: MSIMGSIZ.DAT

I also found some logs that said that my computer was being connected to remotely???

 

Re: I also have THIS PROBLEM

pamelaj,

You still have more than one AV installed. You have AVG & Avast! installed, pick one of these and uninstall the other. ZoneAlarm is fine as long as this is your ONLY firewall.

After you pick one AV & Firewall, reboot and post a fresh HJT log.

 

okay...but one question

if i use the AVG 7.0 virus PLUS the AVG firewall

should i uninstall ZONE ALARM? still?

thanks

 

Re: KEYLOGGER on my COMP - scrambler.sys

also, my yahoo messenger wont run with AVG 7.0 plus the AVG firewall up. Any way to fix this??

 

KEYLOGGER help...still waiting

hi, is there anyone else who can check my log below that i posted.

i know the spyware and keylogging is continuing on my computer because

now there is a FOLDER in my email called MSIMGSIZ.DAT and I cant delete it. I think someone is now monitoring my emails.

Please help.

 

they are located HERE...the MSIMGSIZ.DAT files

My MSIMGSIZ.DAT folder is located here in all of these folders below and some are MSIMGSIZ.DAT.sbd

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\Trash.sbd

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\Trash.sbd

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer

NOTE: I have also have tvdebug.log in C:\WINDOWS\Internet Logs

I seriously think someone is remotely controlling my computer.

I am going to go KILL the things you asked, and be right back to post a new log.

 

YAHOO - to chasalang

Well i deleted ZONE ALARM

and cannot find any way to give AVG 7.0 permission for Yahoo. Note that Yahoo works, however, if the firewall is disabled.

 

Help Total Control Is Running

Etrust SPYWARE encyclopedia is running - TOTAL CONTROL

how do i get rid of this ???

am i being monitored???

 

i was directed here to post from the security forum by chasalang.

i have big problems

i have the following appearing: MSIMGSIZ.DAT these are located in my trash folder in my Mozilla email, they are located in my internet explorer folder.

I also have iexplore.exe trying to always run and then it runs this:

Etrust Encyclopedia Spyware -TOTAL CONTROL I dont know what this is?

when i when to the task kill, and tried to kill it.............some worms started being listed as processes running...

my emails have been broken into, my passwords changed.......

Please help? I have hijack this and I have followed all of the STICKY THREAD NOTES to do before posting a log.

 

Yes I downloaded tools and did the on line scans, and here are the results of the ON-LINE TROJAN SCAN below, it found THESE:

c:\documents and settings\all users\application data\antispyinfo\mwso (adware. toolbar).

c:\documents and settings\all users\application data\antispyinfo\mwss
(adware. toolbar).

c:\documents and settings\owner\cookies@statcountet(1).txt trace. tracking

c:\program files\mozilla firefox\plugins\NPMywebs.dll
(adware.toolbar).

c:\windows\system32\f3PSSavr.scr
(adware.toolbar).


ALSO>>>>>>>>>>>>>my NEW LOG IS ATTACHED. Thank you So much.

 

Re: KEYLOGGER on my COMP - scrambler.sys

okay...but what I meant was this: In the Task Manager WINdow, under APPLICATIONS RUNNING, last night, it said that Etrust Encylcopedia Spwyare was running......im not sure what it mean (unless my internet wasn't closed??)

heres my new log.

thank you for your time, and for your help.

 

Re: KEYLOGGER on my COMP - scrambler.sys

LOG ATTACHED. sorry. As you directed me to this forum for the other problem. thanks.

http://forum.majorgeeks.com/showthread.php?t=67233

 

Re: KEYLOGGER on my COMP - scrambler.sys

My log

 

Re: KEYLOGGER on my COMP - scrambler.sys

i cant get this log to post

is the site not accepting logs?

let me try again

 

Re: KEYLOGGER on my COMP - scrambler.sys

Log Log Log Log

 

im sorry, i got lost. i always get in trouble here....its so confusing.

heres my new log.

thanks.

i removed avast.

 

as far as TOtal Control...i found out that i had internet explorer open reading about it.......so it showed up as a running process/page.

forget about it.

thank you.

 

okay i did everything you said, and it worked.

heres my log for verification.

hopefully i am clean thanks to you.

my sincere respect to you.

 

i have one problem with a program running since all of these adjustments.

I use a SECURE program on line to transcribe work in for a local hospital and all of my keys are not working on this site.

This site allows me to access pop up menus for doctor rosters, etc.

the site is https://secure.bayscribe.com/cgi/tr and I access this program on line every day to type data into.

the only problem I am having is this: When I am on line accessing this program, I should be able to press the "A" key to insert data.........and this is not working now. This is a required process for my work to submit successfully to their server.

Could it be that I have blocked partial access to them through AVG 7.0???
I cannot figure out how to configure this.

I did go into AVG settings and add all of the .exe files from the program I use which is on my computer and allowed access to all .exe files, but it still does not work. I even told AVG to allow access to some of the .dll files from this program folder on my computer, but it still does not work.

any ideas?

I think i may have block partial network into this program?

 

the other thought is

possibly while using Hijack this? something was disabled that would

allow me to work on this server??

thanks for listening.

 

ALSO, my help and support wont launch, which is where i can access

my system restore if i need to undo any changes?

Its my Hewell Packard System restore, it will not launch.

 

im sorry but my Help & SUpport Program will not even open

I have no way to UNDO what has been done

as far as System Restore now not working, and Help & Support not launching.

SOmething needs to be undone.........to resolve this program.

I hope you can help me resolve this last issue on my computer.

I believe Hijack this or something else you had me do, has stopped access to a NT service that allows the HP Help & Support to Run, and also my program that i use for work.

Its my only income to use that program and I cannot work.

Im so sorry to hound you.