Hi,
Glad that everything went smoothly.
Just some leftovers to clean up.
BitComet is installed on your computer. While BitComet is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.
A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.
The risks of using a P2P program are stated in this Sourceforge website and Information Week article.
Please also read this sticky.
____________________
Disable Kaspersky Antivirus temporarily
Please disable Kaspersky Antivirus temporarily as it may interfere with the fixes. Remember to re-enable it back before posting the logs!
Please navigate to the system tray on the bottom right hand corner and look for a sign.
- Right click it and select Pause Protection.
- Click on By User Request
- A popup will claim that protection is now disabled and a sign like this: will now be shown.
____________________
Please open Notepad and copy and paste the following in the Code box into Notepad:
Code:
http://forums.spybot.info/showthread.php?t=29593
Collect::
C:\WINDOWS\system32\khfDwuSM.dll_old
File::
C:\WINDOWS\system32\faaafacfeb3_z.ocx
C:\WINDOWS\system32\baccafdd4_z.dll
Suspect::
C:\WINDOWS\appletAFirma.dll
FileLook::
C:\WINDOWS\appletAFirma.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E77DB68-7C9E-46EA-9C99-18AC81363A0B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA0B46C5-7DD5-4434-9F91-23542AC91B8D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C05BD701-32F1-4007-8353-5F18F0E06B58}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E39AD9C9-1488-476F-89A8-4F45F23FB077}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMe38e67e3"=-
Driver::
pfsvgae
Warning: The above script is just for Sleawer. If you are not Sleawer, please do not use this script as it may damage the workings of your system.
Click on File > Save As....
In the File Name field, copy and paste in CFScript.txt. Do not change the file name.
Click Save.
Referring to the picture below, drag CFScript into Combofix.
Combofix will start running. When done, a log will be produced. Please post this log in your next reply.
In addition, it will prompt you to submit some files for analyzing.
Click OK.
Copy and paste the file path into the text box next to the Browse button (boxed up in red).
Click on Send File.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Upload a file for scanning
Please go to Virus Total or Jotti and upload C:\WINDOWS\appletAFirma.dll for scanning.
For Virus Total
- Please copy and paste C:\WINDOWS\appletAFirma.dll in the text box next to the Browse button.
- Click on Send File.
For Jotti
- Please copy and paste C:\WINDOWS\appletAFirma.dll in the text box next to the Browse button.
- Click on Submit.
In your next reply, please post:
- Combofix log (C:\Combofix.txt)
- A new HijackThis log
- Virus Total or Jotti's scan results of the file