I hope you could help me remove Win32:BHO-KD. I tried all the steps in this forum including using Spyware Terminator and Anti-root kit (AVG) but none of them work so I’ve decided to post my Combofix log and HJT log. Thanks!
Log from Combofix:
ComboFix 08-01-20.1 - doben 2008-01-21 18:01:33.1 - NTFSx86
Running from: C:\Documents and Settings\doben\Desktop\ComboFix.exe
- Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\doben\Application Data\ultra
C:\Documents and Settings\doben\Application Data\ultra\uninstall.bat
C:\WINDOWS\dwatson.dll
C:\WINDOWS\system_sv_CMD_
C:\WINDOWS\system32\appmgmt.dll
C:\WINDOWS\system32\drivers\fqyknmyd.dat
C:\WINDOWS\system32\vovfffmh.dllbox
C:\WINDOWS\winndm32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_YGTBXDDU
-------\nm
-------\ygtbxddu
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.
2008-01-21 17:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 21:10 . 2008-01-09 21:10 269,334 --a–c— C:\WINDOWS\system32\filsnat.bmp
2008-01-08 07:56 . 2008-01-08 07:56 269,334 --a–c— C:\WINDOWS\system32\iporqtsr.bmp
2008-01-08 07:39 . 2008-01-08 07:39 269,334 --a–c— C:\WINDOWS\system32\bahsnadkrqh.bmp
2008-01-08 07:28 . 2008-01-08 07:28 269,334 --a–c— C:\WINDOWS\system32\tcnadojqpcnmd.bmp
2008-01-07 19:26 . 2008-01-07 19:26 269,334 --a–c— C:\WINDOWS\system32\nalcb.bmp
2008-01-07 19:19 . 2008-01-07 19:19 269,334 --a–c— C:\WINDOWS\system32\jmdonelkfml.bmp
2008-01-07 18:51 . 2008-01-07 18:51 269,334 --a–c— C:\WINDOWS\system32\dsbilsjap.bmp
2008-01-07 18:37 . 2008-01-07 18:37 269,334 --a–c— C:\WINDOWS\system32\pkfadkfqpsf.bmp
2008-01-06 15:51 . 2008-01-06 15:51 269,334 --a–c— C:\WINDOWS\system32\mdsfqlsj.bmp
2008-01-06 14:04 . 2008-01-06 14:04 269,334 --a–c— C:\WINDOWS\system32\cfqdkfitcn.bmp
2008-01-06 09:35 . 2008-01-06 09:35 269,334 --a–c— C:\WINDOWS\system32\etonmpsrapobmt.bmp
2008-01-06 00:06 . 2008-01-06 00:06 269,334 --a–c— C:\WINDOWS\system32\cbipgbel.bmp
2008-01-05 09:06 . 2008-01-05 09:06 269,334 --a–c— C:\WINDOWS\system32\qlkfap.bmp
2008-01-04 20:22 . 2008-01-04 20:22 269,334 --a–c— C:\WINDOWS\system32\dcnmh.bmp
2008-01-03 07:10 . 2008-01-03 07:10 269,334 --a–c— C:\WINDOWS\system32\nidgfatknql.bmp
2008-01-03 07:05 . 2008-01-03 07:05 269,334 --a–c— C:\WINDOWS\system32\nmpcredcned.bmp
2008-01-02 16:27 . 2008-01-02 16:27 269,334 --a–c— C:\WINDOWS\system32\ojalgjmpcn.bmp
2007-12-30 10:03 . 2007-12-30 10:03 269,334 --a–c— C:\WINDOWS\system32\tcbatkn.bmp
2007-12-30 08:25 . 2007-12-30 08:25 269,334 --a–c— C:\WINDOWS\system32\elkfmdknal.bmp
2007-12-28 23:11 . 2007-12-28 23:11 269,334 --a–c— C:\WINDOWS\system32\qhgjmdgfatkr.bmp
2007-12-27 15:57 . 2007-12-27 15:57 269,334 --a–c— C:\WINDOWS\system32\nilcrmhsfedon.bmp
2007-12-27 14:09 . 2007-12-27 14:09 269,334 --a–c— C:\WINDOWS\system32\ipcbqtgbapknmd.bmp
2007-12-26 20:35 . 2007-12-26 20:35 269,334 --a–c— C:\WINDOWS\system32\mdgnmlsjmhgjqt.bmp
2007-12-26 10:09 . 2007-12-26 10:09 269,334 --a–c— C:\WINDOWS\system32\horilsfqhonid.bmp
2007-12-26 09:55 . 2007-12-26 09:55 269,334 --a–c— C:\WINDOWS\system32\pkjqpsnmp.bmp
2007-12-26 08:58 . 2007-12-26 08:58 269,334 --a–c— C:\WINDOWS\system32\kbelonel.bmp
2007-12-25 20:05 . 2007-12-25 20:05 269,334 --a–c— C:\WINDOWS\system32\gbehknat.bmp
2007-12-25 14:40 . 2007-12-25 14:40 269,334 --a–c— C:\WINDOWS\system32\fetgfihon.bmp
2007-12-24 20:58 . 2007-12-24 20:58 269,334 --a–c— C:\WINDOWS\system32\lkralsf.bmp
2007-12-24 20:10 . 2007-12-24 20:10 269,334 --a–c— C:\WINDOWS\system32\hgnelgridkfid.bmp
2007-12-24 16:08 . 2007-12-24 16:08 269,334 --a–c— C:\WINDOWS\system32\dgrelcb.bmp
2007-12-24 15:55 . 2007-12-24 15:55 269,334 --a–c— C:\WINDOWS\system32\balgfqd.bmp
2007-12-24 03:24 . 2007-12-24 03:24 269,334 --a–c— C:\WINDOWS\system32\cjadofmt.bmp
2007-12-24 02:53 . 2007-12-24 02:53 269,334 --a–c— C:\WINDOWS\system32\rqhof.bmp
2007-12-24 02:04 . 2007-12-24 02:04 269,334 --a–c— C:\WINDOWS\system32\tobqdgbed.bmp
2007-12-23 15:08 . 2007-12-23 15:08 269,334 --a–c— C:\WINDOWS\system32\sfqpgbah.bmp
2007-12-22 11:04 . 2007-12-22 11:04 269,334 --a–c— C:\WINDOWS\system32\filsfilofqdsb.bmp
2007-12-21 22:10 . 2007-12-21 22:10 269,334 --a–c— C:\WINDOWS\system32\tonmpcfmpkn.bmp
2007-12-21 22:07 . 2007-12-21 22:07 d-------- C:\Documents and Settings\doben\Application Data\Anti-Virus-Pro.com
2007-12-21 22:06 . 2007-12-22 11:03 d-------- C:\Program Files\AntiVirusPro
2007-12-21 22:05 . 2007-12-21 22:05 269,334 --a------ C:\WINDOWS\system32\snmpkbidobeh.bmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 11:44 --------- d-----w C:\Documents and Settings\doben\Application Data\uTorrent
2008-01-06 06:58 --------- d–h–w C:\Program Files\InstallShield Installation Information
2008-01-06 06:56 --------- d-----w C:\Program Files\DirectVobSub
2008-01-06 06:52 --------- d-----w C:\Program Files\FinePixViewer
2007-12-21 14:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 13:12 --------- d-----w C:\Program Files\Autodesk(2)
2007-12-01 13:12 --------- d-----w C:\Program Files\AutoCAD LT 2008
2007-08-18 23:35 920 ----a-w C:\Program Files\INSTALL.LOG
2006-09-11 15:00 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-16 13:21 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
2005-05-13 09:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 03:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 13:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 11:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 04:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 07:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 14:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 16:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-12-22 12:23 816,640 --sha-r C:\WINDOWS\system32\smab.dll
2005-02-28 05:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 16:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [2004-02-04 05:42 401491]
“Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [2007-03-27 15:22 4670968]
“uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2002-01-01 00:25 219952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-17 14:25 57393]
“IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-17 14:45 40960]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2005-09-24 13:30 483328]
“PrintSpooler”=“C:\WINDOWS\system32\CSpool\lass.exe” [2007-09-30 01:40 4620288]
“ControlCenter2.0”=“C:\Program Files\Brother\ControlCenter2\brctrcen.exe” [2005-05-17 17:42 933888]
“VirtualDrive”=“C:\Program Files\FarStone\VirtualDrive\VDTask.exe” [2002-03-21 13:31 204800]
“vcdplayx”=“C:\WINDOWS\vcdplayx.exe” [2002-03-18 16:31 57344]
“anvshell”=“anvshell.exe” [2001-04-10 15:36 323584 C:\WINDOWS\anvshell.exe]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 06:56 110592 C:\WINDOWS\system32\bthprops.cpl]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-11 23:02 282624]
“NWEReboot”=“”
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40 155648]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06 40048]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 21:00 79224]
“SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2002-01-01 01:17 2834432]
“@”=“”
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2001-05-10 13:00]
R1 ANVOSDNT;ASUS Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\anvosdnt.sys [2006-08-16 14:45]
R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-01-01 01:22]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 18:00]
