Questions regarding key logging software that was installed on a laptop

[ahullsb]

(Continued)

00232552 application/winantivirus2006 HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\wa6p_is1
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERzlwium
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERxkfrgl
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERwevwnm
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERvpcnfz
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERvilquo
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERuirrhg
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERswkbum
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERrrlibt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERrgzndd
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERpfizni
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERpaqzdq
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERowkpgq
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERobbljy
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C\WA6P\Quar\ERnigjjq
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERmokaas
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERmlrgoc
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERhmtajr
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\WA6P\Quar\ERfgqeqk
00366244 Application/NirCmd.A HackTools No 0 No No F:\Flash_Disinfector.exe[F:\Flash_Disinfector.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\erin marston\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\erin marston\Desktop\Flash_Disinfector.exe][nircmd.exe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ޥ
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ޥ
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002 ޥ
184379 MEDIUM MS08-001 ޥ
182048 HIGH MS07-069 ޥ
182046 HIGH MS07-067 ޥ
182043 HIGH MS07-064 ޥ
179553 HIGH MS07-061 ޥ
176382 HIGH MS07-057 ޥ
176383 HIGH MS07-058 ޥ
170911 HIGH MS07-050 ޥ
170907 HIGH MS07-046 ޥ
170906 HIGH MS07-045 ޥ
170904 HIGH MS07-043 ޥ
164915 HIGH MS07-035 ޥ
164913 HIGH MS07-033 ޥ
164911 HIGH MS07-031 ޥ
160623 HIGH MS07-027 ޥ
;===============================================================================
=================================================================================
===================

I hope that clears things up a bit. After running move it again I was hoping this computer looks clean now? Sorry again for the confusion.

[wyrmrider]

first we had symantic
now antivir?
did you ever run a symantec or antivir scan?

remember what I said about removing symantec
goes ditto for antivir
http://www.avira.com/en/support/antivir_removal_tool.html

after removing Symantec and Antivir run this

http://dl.antivir.de/down/windows/registrycleaner_en.zip

you can run ccleaner to remove the cookies which clutter up your posts

you are still finding malware
MBAM got rid of the 2006 infection
I need to see another AV scan like kaspersky
run superantispyware and/or Spybot search and destroy scans then post up a new HJT  be sure to close all browser windows
do not worry about restore points now

[ahullsb]

first we had symantic
now antivir?
did you ever run a symantec or antivir scan?

remember what I said about removing symantec
goes ditto for antivir
http://www.avira.com/en/support/antivir_removal_tool.html

after removing Symantec and Antivir run this

http://dl.antivir.de/down/windows/registrycleaner_en.zip

you can run ccleaner to remove the cookies which clutter up your posts

you are still finding malware
MBAM got rid of the 2006 infection
I need to see another AV scan like kaspersky
run superantispyware and/or Spybot search and destroy scans then post up a new HJT  be sure to close all browser windows
do not worry about restore points now

She didn't think she had any antivirus program when I installed Avira. I want to install Avast for her because I have recently switched to it on my own machine and like it. I will use avira's uninstall link you recommended and run cc cleaner for her as well. I have run scans with Avira and it did not find anything. What malware is still appearing? Is it the tracking cookies from the last log that you are referring to? I will have access to her computer tomorrow so I will run a kaspersky scan as well, then post that log. Then I will run superantispyware as well if that is what you recommend. I was originally going to install spyware guard and spyware blaster for her, should I use superantispyware instead?

[wyrmrider]

ok clean install of avast
run both the avira uninstall tool and the antivir registry cleaner
super anti spy is a on demand checker/ scanner- like Spybot scanner and MBAM in the free version

I was looking at the winantivirus2006
ccleaner should clean up the tracking cookies- not to worry
SAS and Spybot scans will find them too- -just get them out of the way so they do not clutter up your posts
I just want to make sure nothing else got installed along with winantivirus2006
put in spywareblaster
spywareguard not necessary now- we can talk about that kind of thing later
(how much memory and how fast a system does she have?)

did you run that free kelogger tool that I linked to?
there are two types of keyloggers, the "hook" kind (most of them) and the Kernel type- the real nasties

did you check for rootkits?

Post up a fresh hjt at the end of the day
I'm hoping that one of the HJT experts will look at

[ahullsb]

Thank you for the advice. I will do as you instructed. Unfortunately I will not be able to get her computer until tomorrow. I wanted to let you know that so you aren't checking this thread today/tonight. I have spyware guard and spyware blaster on my own machine, I'd be curious whether I too should get rid of either of them, or use superantispyware instead. For reference I use Comodo (with the malware scanner...oops), although I am about to switch to online armour. I'm using Avast antivirus. Spywareblaster and Spyware Guard are also on my machine. Any advise on whether adding superantispyware would cause conflicts with these other programs would be appreciated, and if so, which from the above list I should remove. I accidentally installed the full version of Comodo with the malware portion and then installed Avast. I realize the possibility of conflicting software now, and that is why I am going to switch Comodo to something that is strictly a firewall. Would it have caused problems with the other software when I installed them, or will switching the firewall program be sufficient to correct the problem?

[wyrmrider]

spyware guard and blaster are Excellent tools and JAvacool is one of the best
leave em alone
nothing wrong with Comodo or Comodo anti malware it's just that it's list is duplicated
the good news is that it is proactive rather than reactive

I do not think that it would conflict with Avast but let's be careful about installing any other real time anti spyware (like t-timer or Spyware terminator or Windows Defender)
I do not see any reason to switch to online armour till the reast of the system gets sorted out
priorities-- anyone else have a comment- several threads on firewalls
I DO THINK THAT YOU/SHE should have real time anti-spyware- question is which one
DavidR uses paid MBAM, I use Paid Counterspy on this machine and free version of Pest Patrol on others
I am on Windows 98SE on most machines  which limits choices or I would try Windows Defender
got a lot of horsepower 
Spyware Doctor (free with Google toolbar- just do not DL the rest of it has good prevention
(AS with Comodo- good while it lasts)

Anyway let's lay the keylogger issue to rest
If you think there might be a Kernal type keylogger then you need to post in a specialist forum for help
we can catch the usual "hook" type

[Lisandro]

Any advise on whether adding superantispyware would cause conflicts with these other programs would be appreciated

No problems.

Would it have caused problems with the other software when I installed them, or will switching the firewall program be sufficient to correct the problem?

HIPS part of Comodo (or any other) does not conflict with avast.

[DavidR]

SpywareGuard hasn't had any development for years and an outdated security application I feel is of little value.

@ wyrmrider
I use the free MBAM (not paid) but SuperAntiSpyware Pro (paid) version for my anti-spyware.

[Lisandro]

SuperAntiSpyware Pro (paid) version for my anti-spyware.

Surprise for me... I didn't noticed that.

[wyrmrider]

sorry
I got it backward-
not to self- check the sig
I do think that one is required if the resources are there
sort of what I think about spywareguard is that the one with the red icon in the taskbar
been a while
still I'd like to suggest a replacement before removing it
It does work
Me
I'd switch to WinPatrol (although not exactly the same)

[Lisandro]

not to self- check the sig

You're right... I almost never look at well-known users signatures.

[ahullsb]

Update- She is coming back over in a few hours so I will be able to get to work on her machine.

Quick question- I am running Vista on my machine, and Windows Defender is built into that I believe. Does that mean I should not be using other real time spyware programs?

[wyrmrider]

Short answer is YES ( you could always disable WD but show me a really good reason first- as of now IT is not conflicting with anything)
Windows Defender should work as well as spywareterminator for real time protection
I have not seen any write ups on this recently and the ones at Spywarewarrior are years old

I would not rely on WD as my primary anti malware scanner- but what's not to like if it finds something
Malware Bytes Anti Malware seems to be the GO TO on demand scanner
(and their Rogue Remover which targets different things)
Then Super Anti Spyware
Spybot Search and Destroy

[ahullsb]

Thank you for the information. I just downloaded the free version of Malwarebytes. 1.025 I believe. There is the Protection tab which asks whether I want to buy and register what I'm assuming is the real time protection. Is that the portion of malwarebytes that you are advising me NOT to run? This portion is being handled by windows defender correct?

[wyrmrider]

Correct DO not run both at the same time
a decision on a change in realtime protection can be deffered till later

update MBAM and run a quickscan
if it finds anything click REMOVE - it will create a backupfile
post the log

mom better bake us some cookies for this