Hello, I recently had Spybot say it found "Perfect Keylogger" on my laptop and after Posting on the Maleware forum and after going through all the steps that the security expert said to do he concluded it was a false positive and said I should post here.
Thanks
RESIDENT Log:
8/26/2010 6:08:51 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/26/2010 6:09:23 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/26/2010 8:41:44 PM (based on ) value "Malwarebytes Anti-Malware (reboot)" (new data: ""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript") in System Startup global entry!
8/26/2010 8:46:02 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "") deleted in System Startup user entry!
8/26/2010 8:46:04 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "") deleted in System Startup user entry!
8/26/2010 8:46:11 PM Allowed (based on authenticode whitelist) value "Adobe ARM" (new data: ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"") added in System Startup global entry!
8/26/2010 8:46:21 PM Allowed (based on lassh blacklist) value "Apoint" (new data: "C:\Program Files\Apoint\Apoint.exe") added in System Startup global entry!
8/26/2010 8:46:31 PM Allowed (based on lassh blacklist) value "ISUSPM Startup" (new data: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup") added in System Startup global entry!
8/26/2010 8:46:44 PM Allowed (based on lassh blacklist) value "ISUSScheduler" (new data: ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start") added in System Startup global entry!
8/26/2010 8:46:57 PM Allowed (based on lassh blacklist) value "Dell QuickSet" (new data: "C:\Program Files\Dell\QuickSet\quickset.exe") added in System Startup global entry!
8/26/2010 8:47:02 PM Encountered and terminated PerfectKeylogger in C:\WINDOWS\system32\lsass.exe!
8/26/2010 8:47:03 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
8/26/2010 8:47:13 PM Allowed (based on lassh blacklist) value "igfxtray" (new data: "C:\WINDOWS\system32\igfxtray.exe") added in System Startup global entry!
8/26/2010 8:47:29 PM Allowed (based on user decision) value "igfxhkcmd" (new data: "C:\WINDOWS\system32\hkcmd.exe") added in System Startup global entry!
8/26/2010 8:47:45 PM Allowed (based on lassh blacklist) value "igfxpers" (new data: "C:\WINDOWS\system32\igfxpers.exe") added in System Startup global entry!
8/26/2010 8:47:55 PM Allowed (based on authenticode whitelist) value "Adobe Reader Speed Launcher" (new data: ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"") added in System Startup global entry!
8/26/2010 8:48:05 PM Allowed (based on user decision) value "AVG9_TRAY" (new data: "C:\PROGRA~1\AVG\AVG9\avgtray.exe") added in System Startup global entry!
8/26/2010 8:48:14 PM Allowed (based on authenticode whitelist) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"") added in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "") deleted in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "") deleted in System Startup global entry!
Thanks
RESIDENT Log:
8/26/2010 6:08:51 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/26/2010 6:09:23 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
8/26/2010 8:41:44 PM (based on ) value "Malwarebytes Anti-Malware (reboot)" (new data: ""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript") in System Startup global entry!
8/26/2010 8:46:02 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "") deleted in System Startup user entry!
8/26/2010 8:46:04 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "") deleted in System Startup user entry!
8/26/2010 8:46:11 PM Allowed (based on authenticode whitelist) value "Adobe ARM" (new data: ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"") added in System Startup global entry!
8/26/2010 8:46:21 PM Allowed (based on lassh blacklist) value "Apoint" (new data: "C:\Program Files\Apoint\Apoint.exe") added in System Startup global entry!
8/26/2010 8:46:31 PM Allowed (based on lassh blacklist) value "ISUSPM Startup" (new data: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup") added in System Startup global entry!
8/26/2010 8:46:44 PM Allowed (based on lassh blacklist) value "ISUSScheduler" (new data: ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start") added in System Startup global entry!
8/26/2010 8:46:57 PM Allowed (based on lassh blacklist) value "Dell QuickSet" (new data: "C:\Program Files\Dell\QuickSet\quickset.exe") added in System Startup global entry!
8/26/2010 8:47:02 PM Encountered and terminated PerfectKeylogger in C:\WINDOWS\system32\lsass.exe!
8/26/2010 8:47:03 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
8/26/2010 8:47:13 PM Allowed (based on lassh blacklist) value "igfxtray" (new data: "C:\WINDOWS\system32\igfxtray.exe") added in System Startup global entry!
8/26/2010 8:47:29 PM Allowed (based on user decision) value "igfxhkcmd" (new data: "C:\WINDOWS\system32\hkcmd.exe") added in System Startup global entry!
8/26/2010 8:47:45 PM Allowed (based on lassh blacklist) value "igfxpers" (new data: "C:\WINDOWS\system32\igfxpers.exe") added in System Startup global entry!
8/26/2010 8:47:55 PM Allowed (based on authenticode whitelist) value "Adobe Reader Speed Launcher" (new data: ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"") added in System Startup global entry!
8/26/2010 8:48:05 PM Allowed (based on user decision) value "AVG9_TRAY" (new data: "C:\PROGRA~1\AVG\AVG9\avgtray.exe") added in System Startup global entry!
8/26/2010 8:48:14 PM Allowed (based on authenticode whitelist) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"") added in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "") deleted in System Startup global entry!
8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "") deleted in System Startup global entry!