HELP ME REMOVE WIN32:BHD-KD[TRJ]

system · January 11, 2008, 11:03am

File Name: c:\windows\system32\dciman3.dll[UPX]
Malware Name: Win32:BHO-KD [trj]
Malware Type: Trojan Horse
VPS Version: 080110-0, 01/10/2008

i cant delete it / move or rename / move to chest because it is on system32 windows…
i also tried a boot time scan and i still cant do anything…

what can i do to remove this?..
nid heLp… ???

essexboy · January 11, 2008, 11:30am

Here we go again

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

system · January 11, 2008, 12:47pm

ComboFix 08-01-10.2 - Cherry Lynn 2008-01-11 21:00:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.257 [GMT 8:00]
Running from: C:\Documents and Settings\Cherry Lynn\Desktop\ComboFix.exe

Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dciman3.dll
C:\WINDOWS\system32\drivers\mtuxnmtf.dat
C:\WINDOWS\system32\nhatquanglan22.exe
C:\WINDOWS\system32\scvshosts.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\test3.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CIIHYSIV
-------\ciihysiv

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 20:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 20:52 . 2008-01-11 20:52 d-------- C:\Program Files\Common Files\Stardock
2008-01-11 20:52 . 2008-01-11 20:52 162,176 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-01-11 20:45 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 20:45 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 20:45 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 20:45 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 20:45 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 20:45 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 20:44 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 20:44 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 20:40 . 2008-01-11 20:40 d-------- C:\Program Files\MSgames
2008-01-11 19:42 . 2008-01-11 19:42 d–h----- C:\WINDOWS\PIF
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 19:41 . 2008-01-11 19:41 d-------- C:\Program Files\Common Files\Scanner
2008-01-11 19:41 . 2008-01-11 19:41 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 00:46 . 2008-01-11 20:52 d-------- C:\Program Files\WinCustomize
2008-01-10 15:56 . 2003-01-01 00:07 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2008-01-10 15:53 . 2008-01-11 20:37 d-------- C:\Program Files\ScanSoft(2)
2008-01-10 15:53 . 2008-01-11 20:37 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-10 15:51 . 2008-01-10 15:51 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 20:34 . 2008-01-11 20:38 d-------- C:\Documents and Settings\Cherry Lynn\Application Data\uTorrent
2008-01-03 22:01 . 2008-01-11 20:38 d-------- C:\Program Files\Gravity(2)
2007-12-31 00:30 . 2007-12-31 00:30 d-------- C:\Program Files\Stardock
2007-12-22 08:39 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 08:10 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 09:10 . 2007-12-19 09:10 d-------- C:\Program Files\e-Games
2007-12-19 07:41 . 2008-01-11 19:42 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-12-19 07:41 . 2008-01-11 19:42 d-------- C:\Documents and Settings\Cherry Lynn\Application Data\Roxio
2007-12-19 07:40 . 2007-12-19 07:40 59 --a------ C:\WINDOWS\WININIT.INI
2007-12-19 07:39 . 2007-12-19 07:39 d-------- C:\Program Files\Sonic
2007-12-19 07:38 . 2002-09-21 12:44 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-12-19 07:37 . 2007-12-19 07:37 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 07:30 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-12-19 07:27 . 2007-12-19 07:39 d-------- C:\Program Files\Roxio
2007-12-19 07:27 . 2008-01-11 19:40 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-13 18:20 . 2008-01-11 19:41 d-------- C:\Program Files\CCleaner
2007-12-13 18:14 . 2007-12-13 18:14 d-------- C:\Program Files\Alwil Software
2007-12-12 18:17 . 2007-12-12 18:17 d-------- C:\Documents and Settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 12:59 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 12:51 --------- d-----w C:\Program Files\LimeWire
2008-01-11 12:37 --------- d–h–w C:\Program Files\InstallShield Installation Information
2008-01-11 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-16 16:19 --------- d-----w C:\Program Files\Yahoo!
2007-12-12 01:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 08:10 --------- d-----w C:\Program Files\Java
2007-12-08 07:38 --------- d-----w C:\Program Files\NetGames
2007-12-06 04:10 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Symantec
2007-11-30 12:13 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-26 12:45 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Orbit
2007-11-26 12:31 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\FMZilla
2007-11-05 14:29 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-11-04 11:23 558,142 ----a-w C:\WINDOWS\java\Packages\EK5J53XZ.ZIP
2007-11-04 11:23 155,995 ----a-w C:\WINDOWS\java\Packages\YS6Y06AR.ZIP
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [2007-08-30 17:43 4670704]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2002-08-20 15:08 1511453]
“ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2002-08-29 18:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2004-10-29 16:50 4620288]
“nwiz”=“nwiz.exe” [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2004-10-29 16:50 86016]
“SoundMan”=“SOUNDMAN.EXE” [2004-09-16 20:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
“RoxioDragToDisc”=“C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe” [2005-09-20 07:53 1687552]
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe” [2005-09-20 07:29 163840]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 21:00 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\W700bus.sys [2007-11-04 19:57]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [2007-11-04 19:57]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\W700mdm.sys [2007-11-04 19:57]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\W700mgmt.sys [2007-11-04 19:57]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\W700obex.sys [2007-11-04 19:57]

Newly Created Service - ALG
Newly Created Service - BOOTSCREEN
Newly Created Service - IPNAT
.

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 21:04:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-11 21:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 13:05:53

system · January 11, 2008, 12:49pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:01 PM, on 1/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cherry Lynn\Desktop\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe”
O4 - HKLM..\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

–
End of file - 7055 bytes

system · January 11, 2008, 12:50pm

s0, i did what u said… what to do next?..
i reaLy have no cLue how t0 rem0ve this virus…
i reaLy nid ur heLp… thx ph0…

system · January 11, 2008, 12:53pm

i aLready tried to do a system rest0re… but the virus is stiLL there… i aLs0 tried to d0 a windows repair…
it aLso didnt w0rk… i tried sfc /Scannow and it aLso didnt work…

oldman960 · January 11, 2008, 1:57pm

Please don’t try anything else. Wait for essexboy to reply. dciman3.dll
was removed once all ready.

essexboy · January 11, 2008, 2:33pm

If you did a system restore you have now replaced the trojan that was deleted

Please open Notepad
[*] Click Start , then Run[*]Type notepad .exe in the Run Box.
Now copy/paste the entire content of the codebox below into the Notepad window:

Save the above as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
[*]Combofix.txt [*]A new HijackThis log.

system · January 12, 2008, 10:45am

ComboFix 08-01-10.2 - Cherry Lynn 2008-01-12 8:26:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.306 [GMT 8:00]
Running from: C:\Documents and Settings\Cherry Lynn\Desktop\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cherry Lynn\Desktop\ComboFix\CFScript.txt

Created a new restore point

FILE
C:\WINDOWS\java\Packages\EK5J53XZ.ZIP
C:\WINDOWS\java\Packages\YS6Y06AR.ZIP
C:\WINDOWS\system32\BRIDF04A.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\java\Packages\EK5J53XZ.ZIP
C:\WINDOWS\java\Packages\YS6Y06AR.ZIP
C:\WINDOWS\system32\BRIDF04A.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 20:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 20:52 . 2008-01-11 20:52 d-------- C:\Program Files\Common Files\Stardock
2008-01-11 20:52 . 2008-01-11 20:52 162,176 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-01-11 20:45 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 20:45 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 20:45 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 20:45 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 20:45 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 20:45 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 20:44 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 20:44 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 20:40 . 2008-01-11 20:40 d-------- C:\Program Files\MSgames
2008-01-11 19:42 . 2008-01-11 19:42 d–h----- C:\WINDOWS\PIF
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 19:42 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 19:41 . 2008-01-11 19:41 d-------- C:\Program Files\Common Files\Scanner
2008-01-11 19:41 . 2008-01-11 19:41 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 00:46 . 2008-01-11 20:52 d-------- C:\Program Files\WinCustomize
2008-01-10 15:53 . 2008-01-11 20:37 d-------- C:\Program Files\ScanSoft(2)
2008-01-10 15:53 . 2008-01-11 20:37 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-10 15:51 . 2008-01-10 15:51 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 20:34 . 2008-01-11 20:38 d-------- C:\Documents and Settings\Cherry Lynn\Application Data\uTorrent
2008-01-03 22:01 . 2008-01-11 20:38 d-------- C:\Program Files\Gravity(2)
2007-12-31 00:30 . 2007-12-31 00:30 d-------- C:\Program Files\Stardock
2007-12-22 08:39 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 08:10 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 09:10 . 2007-12-19 09:10 d-------- C:\Program Files\e-Games
2007-12-19 07:41 . 2008-01-11 19:42 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-12-19 07:41 . 2008-01-11 19:42 d-------- C:\Documents and Settings\Cherry Lynn\Application Data\Roxio
2007-12-19 07:40 . 2007-12-19 07:40 59 --a------ C:\WINDOWS\WININIT.INI
2007-12-19 07:39 . 2007-12-19 07:39 d-------- C:\Program Files\Sonic
2007-12-19 07:38 . 2002-09-21 12:44 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-12-19 07:37 . 2007-12-19 07:37 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 07:30 . 2008-01-11 19:42 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-12-19 07:27 . 2007-12-19 07:39 d-------- C:\Program Files\Roxio
2007-12-19 07:27 . 2008-01-11 19:40 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-13 18:20 . 2008-01-11 19:41 d-------- C:\Program Files\CCleaner
2007-12-13 18:14 . 2007-12-13 18:14 d-------- C:\Program Files\Alwil Software
2007-12-12 18:17 . 2007-12-12 18:17 d-------- C:\Documents and Settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 14:30 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 12:51 --------- d-----w C:\Program Files\LimeWire
2008-01-11 12:37 --------- d–h–w C:\Program Files\InstallShield Installation Information
2008-01-11 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-16 16:19 --------- d-----w C:\Program Files\Yahoo!
2007-12-12 01:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 08:10 --------- d-----w C:\Program Files\Java
2007-12-08 07:38 --------- d-----w C:\Program Files\NetGames
2007-12-06 04:10 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Symantec
2007-11-30 12:13 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-26 12:45 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Orbit
2007-11-26 12:31 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\FMZilla
2007-11-05 14:29 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

system · January 12, 2008, 10:46am

((((((((((((((((((((((((((((( snapshot@2008-01-11_21.05.42.32 )))))))))))))))))))))))))))))))))))))))))
.

2008-01-11 12:59:49 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT

2008-01-12 00:25:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT

2008-01-11 12:59:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat

2008-01-12 00:25:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat

2008-01-11 12:59:49 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT

2008-01-12 00:25:54 4,128,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\ntuser.dat

2008-01-11 12:59:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat

2008-01-12 00:25:54 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat

2008-01-11 12:59:49 4,116,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\ntuser.dat

2008-01-12 00:25:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT

2008-01-11 12:59:49 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat

2008-01-12 00:25:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat

2008-01-11 12:59:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat

2008-01-12 00:26:01 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

2007-10-06 19:04:40 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

2008-01-11 17:58:42 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

2007-11-04 21:07:43 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-01-11 13:05:27 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat

2007-11-04 21:07:43 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-01-11 13:05:28 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
2008-01-11 16:01:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [2007-12-17 17:13 3810544]
“ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2002-08-29 18:41 13312]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2002-08-20 15:08 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2004-10-29 16:50 4620288]
“nwiz”=“nwiz.exe” [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2004-10-29 16:50 86016]
“SoundMan”=“SOUNDMAN.EXE” [2004-09-16 20:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
“RoxioDragToDisc”=“C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe” [2005-09-20 07:53 1687552]
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe” [2005-09-20 07:29 163840]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 21:00 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-08-20 15:08 1511453 C:\Program Files\Messenger\msmsgs.exe

S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\W700bus.sys [2007-11-04 19:57]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [2007-11-04 19:57]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\W700mdm.sys [2007-11-04 19:57]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\W700mgmt.sys [2007-11-04 19:57]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\W700obex.sys [2007-11-04 19:57]

.

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 08:27:37
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-12 8:28:13
ComboFix-quarantined-files.txt 2008-01-12 00:27:59

system · January 12, 2008, 10:46am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:31 AM, on 1/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cherry Lynn\Desktop\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe”
O4 - HKLM..\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

–
End of file - 7026 bytes

system · January 12, 2008, 10:47am

there, i did what u asked me to do… so what to do next?..
can u tell me what other applications i can use to make my pc spyware free?..

Lisandro · January 12, 2008, 11:00am

SUPERantispyware
AVG Antispyware
Spyware Terminator
a-squared
anti-rootkit applications like AVG or Trend Micro RootkitBuster.

FreewheelinFrank · January 12, 2008, 11:12am

Seems DrWeb CureIT! will fix it:

http://forum.avast.com/index.php?topic=32612.0

essexboy · January 12, 2008, 5:23pm

Your log now appears clean are you experiencing any more problems ?

system · January 13, 2008, 5:29am

i tied to scan my pc with avast and avg and i didnt find anymore virus trojan or worms…
thanks so much for your help… is eset nod32 a good application to use?..

Lisandro · January 13, 2008, 2:42pm

Yes, it is.
But it’s not free and you can’t use it side-by-side with other antivirus, like avast. They’re not compatible.

essexboy · January 13, 2008, 4:32pm

All AV’s are being caught by this latest variant so switching won’t really help

Now the best part of the day ----- Your log now appears clean

Time for some housekeeping
[*] Click START then RUN
[*] Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

[*]
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

[*] When shown the disclaimer, Select “2”

The above procedure will:
[] Delete the following:
[] ComboFix and its associated files and folders.
[] VundoFix backups, if present
[] The C:\Deckard folder, if present
[*] The C:_OtMoveIt folder, if present

[] Reset the clock settings.
[] Hide file extensions, if required.
[] Hide System/Hidden files, if required.
[] Set a new, clean Restore Point.

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
[*]SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe

HELP ME REMOVE WIN32:BHD-KD[TRJ]

Announcements