for raymond & experts

[syracuse]

help on security.

[dredge]

do u download crackwarez? Perhaps you can try malwarebytes and Superantispyware to do a malware scan .Weirdly, this two always detect malicious codes that are not detected by many antiviruses. If you like and since you already detected the process id, you can try killbox to terminate the process then forcefully delete it from your computer. you can download killbox from softpedia, it's free. Besides, you can try too virus effect remover that will scan vulnerabilities of your registry and fix it.But aware of those tools above as it could end up damage your system.

[sujay]

Kaspersky always detected my touchpad driver as keylogger..PDM.Keylogger kernel mode memory patch..
@syracuse: you need to dig into the advanced reports to see what is the name of that file that is detected as keylogger.

[Alboguy]

Post a HijackThis log and you might consider sujays answer!

[dredge]

like what sujay said, it's a very normal thing happens in KIS and KAV. I used to have this problem and the way I solved it is to run a registry cleaner like Glary utilities or Advanced System Care.just try this.Furthermore, this won't harm your pc.if this couldn't help, just post a hijackthis log here. I believe the others like leofelix,hellnoire will likely to help u.

[sujay]

@dredge: no registry cleaners please. It will remove many valid things as well....

[acr]

I agree with the above statements about you being careful as KAV/KIS can throw up a false positive, especially in regards to keyloggers. If I were you I would go to the kaspersky forum and make a post about your issue. There is usually a fairly fast response to questions. If you think you have a rootkit, I would download and scan with Prevx free version as they will remove some rootkits free of charge.

[hellnoire]

Code:

O17 - HKLM\System\CCS\Services\Tcpip\..\{428c6eeb-3fc3-4109-b19f-108e177721ac}: NameServer = 158.43.240.4  4.2.2.3	
O17 - HKLM\System\CCS\Services\Tcpip\..\{70A724C1-EA21-41A5-88D4-B5F866D2B40A}: NameServer = 158.43.240.4,4.2.2.3 
O17 - HKLM\System\CS1\Services\Tcpip\..\{428c6eeb-3fc3-4109-b19f-108e177721ac}: NameServer = 158.43.240.4 4.2.2.3

if you don't know those IPs I'd do something about that, otherwise, looks clean to me. You might want to report a FP to Kaspersky. If you don't use any warez or anything like that, and your stuff is all legal, it should be nothing more then a false positive. However, I know EvilFantasy would like to see a different log... but I forget what it's called that looks for rootkits.'

EDIT: I just noticed you had a second post, one I had to manually approve... that is very odd. It sounds like a rootkit infection, but I forget how he was able to tackle them. It would be best to wait for him if you can, or if you can't and need to have an urgent fix, you could do the classic "nuke and install"... but that's overkill and I'm sure he'd be able to solve your issue without going that far.

[dredge]

perhaps you should run GMER or rootkit revealer to post a scan log here, so that we would know what rootkit that is running on your system. Besides, icesword is a great tool to terminate the process and delete the said file, but I couldn't find anything to indicate that it supports windows 7.

[hellnoire]

If you used a keygen or patch, there's not much we can tell you: chances are good it's infected.

This is why you shouldn't use warez, because there are a lot out there that will infect you if you don't know what you're doing. This is why we have the rules against warez.

Now that you've admitted to using warez, there's even less we can do now. Not because of the rules but because it's hardcoded into your programs. That patch and keygen are probably infected to the teeth.