[Hemul14]

HELPHELPHELP anyone please, i was running spybot (search and destroy) which discovered that i have perfect keylogger installed. i have looked online for a solution and even programs to unistall it but its still there. i followed instructions online to delete registry strings but it keeps coming back!!!

please anyone with any knowledge on this matter your help will be very much appreciated.

[evilfantasy]

This is a commercial keylogger and hard to remove. Have you downloaded anything lately like a p2p program? Limewire for example.

[evilfantasy]

Also
Download HijackThis . http://www.trendsecure.com/portal/en...hijackthis.php
Once you have it downloaded install/save it to it's own folder.
For example C:\program files\hijackthis
Once installed open the program and select Do a system scan and save logfile.
Save the log as a .txt file.
In the next post click Go Advanced.
Scroll down to manage attachments and add the log as an attachment.

[Hemul14]

i hope that i have done everything right, the file should be attached. i did download from a p2p site i downloaded Nero Smartsuite from mininova.

many thx

[evilfantasy]

You got the log OK but didn't install HijackThis to it's own folder. If you run it from the desktop it will not create the proper backups when doing repairs. Please do this and run a new scan.

[Hemul14]

I have made a folder in C:\program files called hijackthis and then downloaded the program again to this folder and run it. attached is the log file that it created.

thx

[Hemul14]

I dont know if it helps but when i was looking online for a way to deleted or unistall this there where instruction on deleting registry strings and ending processes but none of the mentioned process or registry strings existed. spybot found other registry strings and two files in C:\windows\system32, one called bpk.dat and the other pk.bin i have deleted these files but the keep reappearing.

[evilfantasy]

Your log is fairly clean. You can remove the online scanners if you choose.
And this entry. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Like I stated earlier this is a particularly hard keylogger to remove.
I will assume your copy of Nero is legit.
If not then whatever warez/keygen you used is now turned on you.

You can try this as it may remove the problem.
http://free.grisoft.com/doc/download.../frt/0?prd=asf

Let us know and I will look for more information.

[evilfantasy]

Since you removed registry entries and files already you may have removed the un-installer.
Check your add/remove programs to make sure it isn't there. You may have to look for BPK to identify it.
The sorce file is C:\WINDOWS\system32\bpk.exe make sure this is deleted also.

[Hemul14]

i currently scanning the system with the avg antispyware i will post a report for you to look at when it is finished