Ok its scanning. I'm going to go to bed for like 4-5 hours and let it run while I sleep, will post when I wake up. Trogan, I just wanted to say, that if this does come up clean, I can not express how thankful I am to you right now, If you didn't live thousands of miles away in London i'd give you the biggest hug in the world. But ok, before I start saying my thank you lets make sure im 100% clean =P
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 02, 2006 5:16:47 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/11/2006
Kaspersky Anti-Virus database records: 237328
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 56927
Number of viruses found 9
Number of infected objects 16 / 0
Number of suspicious objects 0
Duration of the scan process 00:54:33
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\AOLdial.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkun.exe Infected: not-a-virus:Monitor.Win32.Perflogger.an skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkvw.exe Infected: not-a-virus:Monitor.Win32.Perflogger.an skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/Setup.exe Infected: not-a-virus:Monitor.Win32.Perflogger.af skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkwb.dll Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkr.exe Infected: Trojan.Win32.KillAV.dt skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe RAR: infected - 7 skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\MSHist012006110220061103\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010004.ci Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010001.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
In regards to the bpk file, like I said earlier thats a program I usto use to try and keylog people like over 2 years ago, so its no threat. I did however just delete my entire "AiM STuFF" folder, so the bpk files are all deleted now. Thing is that virus scan may come up with some weird stuff, but Like i said 2 years ago i was experimenting with some harmless to me keylogging programs. Like that "macro.exe" file,that came up in the scan, was also a file I made about 2 years ago, with 1 of the keylogging programs i was experimenting with, and is no threat to the current issue.
Logfile of HijackThis v1.99.1
Scan saved at 5:23:34 AM, on 11/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Kaspersky found some infected emails. You should delete them.
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 4 skipped
_____________________
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
I'll update Java and post another hijack this log in a bit, but do we know 100% that my computer is keylogger free now? I'm still paranoid about typing my passwords in on here, so much That i still haven't started typing passwords in on here.... :-( When can i start going about my normal business and entering passwords, personal info, whatever on my comp?
This morning I put in my friends account information into world of warcraft, username and password, and about 5 hours later somebody got access to his account and took all his items. The computer is still 100% keylogged... what to do!?!?
My computer.. I basically was 2 scared to put in my information into the computer, even though you said it was clean, So i used my friends account as a guiniee pig (however u spell it) and sure enough he got hacked 3 hours later (someone got onto his world of warcraft account), I feel horrible for him but thank god i didnt get hacked again...
My computer is obviously still infected... 100%...
LeonardoWake up and smell the glaciersEagle River, AlaskaIcrontian
edited November 2006
what do i do man..
Reformat your hard drive - everything, and reinstall everything from scratch. Do not resume general computer use again until you have:
- Windows XP Service Packs 1 and 2 plus all WinXP updates; Windows XP set for automatic updates
- good anti-malware, updated, running, and set for auto updates
- good anti-virus, updated, running, and set for auto-scans and updates
- good firewall running
OK, I don't know if it will come to that, but it sounds like your computer has been severely, heavily penetrated. Let Trogan decide.
My computer.. I basically was 2 scared to put in my information into the computer, even though you said it was clean, So i used my friends account as a guiniee pig (however u spell it) and sure enough he got hacked 3 hours later (someone got onto his world of warcraft account), I feel horrible for him but thank god i didnt get hacked again...
My computer is obviously still infected... 100%...
Are you sure it wasn't your friend who logged in after three hours? :o
I agree with Leo. In situations like this, its best to reformat and reinstall everything; thats the only certain way to trust your computer. Let me know if you want to do this.
No trogan, im 100% sure man it was not my friend, a hacker got on his account and took all his items , a couple hours after he put his password in on my computer... my computer is still keylogged somehow, 100%. give me a day or 2 to think about reformating, I might have a friend irl try and come over tomorrow to see if he can maybe figure out what is going on... if you have any other ideas let me know, maybe this keylogger just isnt showing up in hijack this
But trogan, how am i keylogged still and its not showing up in hijack this or virus scans, i just dont understand, i'm probably going to have to reformat, and true, i can 100% trust it then
True, I just can't believe we can't find the infection. My friend told me it may be because i use internet explorer and to get firefox... anyway,i'm going to reformat tomorrow, if you want to post some directions that would be awesome. My computer is stock except for a nvadia geforce fx 5200 video card, and I added a second harddrive as im sure you saw in all my scans.
same way i did yesterday... some custom exploit on one of hundreds webpages.
found that thing thanks to outpost firewall, as it reports any component changes (new dlls/processes). did some "background search" and then removed trojan manually...
0
LeonardoWake up and smell the glaciersEagle River, AlaskaIcrontian
edited November 2006
Mike, I recommend that the only time you spend online at all until you have protections installed is downloading the protection. The following are freeware and are generally supported by those in the know concerning protection computer files and OS:
AV - AVG free edition
Anti-Spyware/Malware - Spybot, Ad-Aware Personal; AVG anti-spyware also has a free edition now
Do a search here at Short-Media for firewalls and you'll find several recommended. One of the most popular is Zone Alarm.
Leonardo is right, but while up-to-date antivirus and firewall will offer good protection against many "common" malware, good custom exploit can bypass it with ease
the following is several ways to protect and secure your computer mike (hope these tips help):
[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
[*]Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
[*]Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
[*]Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
[*]Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
[*]Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
[/list]Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad<=IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file<=The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar<=Get the free google toolbar to help stop pop up windows.
same way i did yesterday... some custom exploit on one of hundreds webpages.
found that thing thanks to outpost firewall, as it reports any component changes (new dlls/processes). did some "background search" and then removed trojan manually...
Whats a "custom exploit"? and yeah, Wish I knew what website...
Thanks jmoney for those tips
0
LeonardoWake up and smell the glaciersEagle River, AlaskaIcrontian
edited November 2006
No matter what protection you have, good preventive practices are as follows:
- stay away from porn sites
- stay away from gambling sites
- stay away from hacking sites
- NEVER go to a free screensaver/desktop site
- Kazaa and Limewire - RUN AWAY (if you must, use Kazaa Lite)
- do NOT open attachments in chat messages
- if you get strange links or attachments in chat messages, remove the sender from your buddies/allowed list
- do NOT click on links in chat messages
- never open an email from someone you do not know or to an entity for which you never requested mailings or are not subscribed
- regularly check for and install Windows updates
- for Internet browsing, use Mozilla Firefox or Internet Explorer 7
Whats a "custom exploit"? and yeah, Wish I knew what website...
Thanks jmoney for those tips
no problem mike, a custom exploit is simply put when a type of malware (spyware,virus,trojan etc) gain entry/access to your computer by exploiting or using an opening in your operation system (windows) to infect you
btw all these programs and tips are nice and all but not 100% safe obviously, as I was keylogged by that "ou6sound.dll" file or "custom exploit" as u guys put it, and it came up clean on every single scan until yesterday when someone posted here it now comes up as a keylogger... so basically... you're always at risk =( ... I'll be very careful with what sites I go to ....
However atm... I do have
Mozilla Firefox for web browsing
AVG Anti Virus (Fully Updated, Set to scan once a week)
Zone Alarm Firewall (High Security)
Ad-Aware SE (Fully Updated, set to scan once a week)
btw all these programs and tips are nice and all but not 100% safe obviously, as I was keylogged by that "ou6sound.dll" file or "custom exploit" as u guys put it, and it came up clean on every single scan until yesterday when someone posted here it now comes up as a keylogger... so basically... you're always at risk =( ... I'll be very careful with what sites I go to ....
However atm... I do have
Mozilla Firefox for web browsing
AVG Anti Virus (Fully Updated, Set to scan once a week)
Zone Alarm Firewall (High Security)
Ad-Aware SE (Fully Updated, set to scan once a week)
If theres anything else I should have let me know
correct mike..unfortunately everything has risks, nothings 100% guranteed..just like surgery ..even minor one's always have risks..just as surfing the 'net with even the most advanced up-to date security software..there's always that 1% (or smaller) of risk:sad2:
Comments
Thursday, November 02, 2006 5:16:47 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/11/2006
Kaspersky Anti-Virus database records: 237328
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 56927
Number of viruses found 9
Number of infected objects 16 / 0
Number of suspicious objects 0
Duration of the scan process 00:54:33
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\AOLdial.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkun.exe Infected: not-a-virus:Monitor.Win32.Perflogger.an skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkvw.exe Infected: not-a-virus:Monitor.Win32.Perflogger.an skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/Setup.exe Infected: not-a-virus:Monitor.Win32.Perflogger.af skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkwb.dll Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe/bpkr.exe Infected: Trojan.Win32.KillAV.dt skipped
C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe RAR: infected - 7 skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\MSHist012006110220061103\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010004.ci Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010001.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0092297.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0092297.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0092297.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\D1M7TQ21.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT03d81.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03d84.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\change.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 5:23:34 AM, on 11/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1102897905\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102897905\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou6sound.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou6sound.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134677080139
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161991097409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Kaspersky found some infected emails. You should delete them.
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Wed, 3 Aug 2005 21:41:36 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED/macro.exe Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx/[From "MITCHELL KESSLER" ][Date Thu, 4 Aug 2005 10:33:14 -0400]/UNNAMED Infected: Trojan-Spy.Win32.SCKeyLog.o skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 4 skipped
_____________________
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Post one more HijackThis log and let me know how things are please.
This morning I put in my friends account information into world of warcraft, username and password, and about 5 hours later somebody got access to his account and took all his items. The computer is still 100% keylogged... what to do!?!?
My computer is obviously still infected... 100%...
- Windows XP Service Packs 1 and 2 plus all WinXP updates; Windows XP set for automatic updates
- good anti-malware, updated, running, and set for auto updates
- good anti-virus, updated, running, and set for auto-scans and updates
- good firewall running
OK, I don't know if it will come to that, but it sounds like your computer has been severely, heavily penetrated. Let Trogan decide.
I agree with Leo. In situations like this, its best to reformat and reinstall everything; thats the only certain way to trust your computer. Let me know if you want to do this.
http://spyware-free.us/tutorials/reformat/
Good luck!
kaspersky antivirus now detects ou6sound.dll as
Backdoor.Win32.Agent.ahn
anyway, be careful next time, man
also you can use that to check suspicious file
http://www.virustotal.com/en/indexf.html
IT'S NEVER TOO LATE.
I still want answers.
Backdoor.Win32.Agent.ahn
? Is it confirmed to be a keylogger?
How could I of got it?
same way i did yesterday... some custom exploit on one of hundreds webpages.
found that thing thanks to outpost firewall, as it reports any component changes (new dlls/processes). did some "background search" and then removed trojan manually...
AV - AVG free edition
Anti-Spyware/Malware - Spybot, Ad-Aware Personal; AVG anti-spyware also has a free edition now
Do a search here at Short-Media for firewalls and you'll find several recommended. One of the most popular is Zone Alarm.
[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
[*]Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
[*]Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
[*]Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
[*]Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
[*]Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
[/list]Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
Using Winpatrol to protect your computer from malicious software
Whats a "custom exploit"? and yeah, Wish I knew what website...
Thanks jmoney for those tips
- stay away from porn sites
- stay away from gambling sites
- stay away from hacking sites
- NEVER go to a free screensaver/desktop site
- Kazaa and Limewire - RUN AWAY (if you must, use Kazaa Lite)
- do NOT open attachments in chat messages
- if you get strange links or attachments in chat messages, remove the sender from your buddies/allowed list
- do NOT click on links in chat messages
- never open an email from someone you do not know or to an entity for which you never requested mailings or are not subscribed
- regularly check for and install Windows updates
- for Internet browsing, use Mozilla Firefox or Internet Explorer 7
However atm... I do have
Mozilla Firefox for web browsing
AVG Anti Virus (Fully Updated, Set to scan once a week)
Zone Alarm Firewall (High Security)
Ad-Aware SE (Fully Updated, set to scan once a week)
If theres anything else I should have let me know