Keylogged (I think)

I don't think you did everything in the Tutorial. If you had, there would be a TrendMicro entry in you HijackThis log and also you would not be using an outdated version of HijackThis. You need to make sure you use what we give you not what you get from someplace else. Do not assume that you have the version in our links. Always click on the links and verify!

You have a few trojans in that log. Please run the TrendMicro scan and then run the below:
http://www.bitdefender.com/scan/licence.php
http://www.ravantivirus.com/scan/ <--- Select AutoClean and the click Scan My PC
http://www.windowsecurity.com/trojanscan/
http://www.majorgeeks.com/download4063.html

Questions: What do you know about the two items below?
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [Locksskip] C:\PROGRA~1\SPAMUS~1\64 pile dale.exe

Did you download and install each of these? The first one seems like it is probably okay but the 2nd one I believe is a possible trojan screen saver.

This line is a trojan:
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

But I want to see if the above scans fix it. If not, run Task Manager (CTRL-ALT-DEL) and select processes and end KHost.exe.
Then use HJT to fix:
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

Then reboot in safe mode and delete the C:\WINDOWS\kdx\KHost.exe

Do the same for C:\PROGRA~1\SPAMUS~1\64 pile dale.exe and
O4 - HKLM\..\Run: [Locksskip] C:\PROGRA~1\SPAMUS~1\64 pile dale.exe

if you do not know what it is.

Then post a new log as a .txt file attachment but use the correct version of HijackThis.
There are no problems upload files with a dot txt extension like hjtlog.txt but note you cannot upload the same filename twice. So you would have to rename the file on each subsequent upload.

 

Looks to me like some one installed Perfect Keylogger Lite. It is not hidden and is not a malware program. Here is the process:

C:\Program Files\Perfect Keylogger Lite\bpk.exe

And here is where it loads:
O4 - HKCU\..\Run: [BPK] C:\Program Files\Perfect Keylogger Lite\bpk.exe

But if you did not install this, the question is who did? Is this your own PC? Is it shared with anyone else? Are your parents keeping an eye on you?

You most likely can just uninstall it from Add/Remove programs. Here is a link on this application:

http://www.blazingtools.com/bpk.html

There are other things in you system that require fixing we can work on those after you decide what to do with Perfect Keylogger.

It does not look like you fixed a couple of the O16 lines I gave you in a previous message. Or if you did fix them they came back because you keep going to all those online gaming sites. By the way using any form of Kazaa, is asking for trouble.

You also appear to have two download accelerator packages installed and running. This may not be a good idea either. You have both SpeedOptimizer and FlashGet.

 

Ooops! My mistake. I was going on memory from your previous log. I forgot to add those in to my previous post. I'll put some stuff below. I don't use applications like Kazaa but I have seen others make references to using Emule which is here on MG's: http://www.majorgeeks.com/download.php?det=4302


Run HijackThis and put checks on the following lines but DO NOT CLICK FIX until all Internet Explorer sessions are exited:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: 01idol - {D975DBC0-B742-3FFA-7146-3AF431AC5CD7} - C:\PROGRA~1\INTRAM~1\1bash.dll (file missing)
O3 - Toolbar: nurb soap bike - {8E975BF5-D9D8-6FE9-EAC4-0CA1C713A67E} - C:\PROGRA~1\INTRAM~1\1bash.dll (file missing)
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

 

Other than Kazaa Lite and the two download accelerator packages installed and running. Your log looks good. Any problems?

 

From all visible info in your log you look okay (other than using Kazaa, I don't consider it to be safe). You should not be at risk if you did not open or download the .exe file. As far as I know, double clicking a .png, which is not an executable itself, should only try to open whatever graphics program you have associated with it in order to display it. This in itself would not be expected to cause a problem. What program do you have associated with .png files?

 

You should take a look at this: Flaws in Graphics Library Could Bring Attacks

Read some of the links there too!

 

Cool! We're done!!

 

You're welcome!