Hi there. Yes, I've got the BDS/Small.iuj thing going on here. I've read some of the topics here regarding this and I believe it's not that simple to get rid of. I got infected two weeks ago, it erased my explorer.exe. I was was able to perform a system restore. After system restore, I uninstalled Avira and proceeded to DL Malwarebytes, ran a full scan and showed up nothing. I then got ComboFix and also ran a full scan. After running the full scan, I reinstalled Avira just to see if it'll give the same warning. Unfortunately, Avira says it's still there. I once again uninstalled my Avira just to get rid of the annoying warnings. Anyways, here's my combofix log:

ComboFix 10-02-28.02 - scs 03/01/2010 16:52:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.287 [GMT 8:00]
Running from: c:\documents and settings\scs\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\LOG.TXT
c:\windows.0\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\documents and settings\scs\Application Data\Malwarebytes
2010-02-16 06:43 . 2010-01-07 08:07 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2010-02-16 06:43 . 2010-01-07 08:07 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-02-16 06:00 . 2010-02-16 06:00 -------- d-----w- c:\windows.0\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 16:03 . 2007-07-26 17:06 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2010-02-25 15:12 . 2007-07-25 12:09 -------- d-----w- c:\program files\QLEDR05
2010-02-11 12:14 . 2007-10-12 09:46 -------- d-----w- c:\documents and settings\scs\Application Data\uTorrent
2010-01-12 18:36 . 2010-01-12 18:18 -------- d-----w- c:\program files\AutoHotkey
2009-12-31 04:58 . 2007-07-26 09:13 57 ----a-w- c:\windows.0\popcinfo.dat
2009-12-08 13:29 . 2009-12-02 03:59 56816 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
2009-02-11 00:30 . 2009-01-27 01:08 2485 ----a-w- c:\program files\Proofer_Tool_Purge_Log.txt
2009-11-25 04:53 . 2009-02-23 08:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows.0\system32\drivers\tcpip.sys

[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows.0\system32\ntoskrnl.exe

[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows.0\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-16 11:07 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2007-12-02 1183744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"snpstd3"="c:\windows.0\vsnpstd3.exe" [2005-09-05 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-25 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Program Files\\Blackdialer\\easy-rsa\\blackdialer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\scs\\Desktop\\PT8-1.exe"=
"c:\\Documents and Settings\\scs\\Desktop\\PT8-2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data

R3 tap0801;TAP-Win32 Adapter V8;c:\windows.0\system32\drivers\tap0801.sys [10/2/2006 4:07 PM 26624]
S2 dtdtxjgpa;Update Universal;c:\windows.0\system32\svchost.exe -k netsvcs [1/13/2006 9:38 AM 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/23/2009 4:13 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dtdtxjgpa
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r320=1245772600
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dell.com\webmail
FF - ProfilePath - c:\documents and settings\scs\Application Data\Mozilla\Firefox\Profiles\5xtyzkil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dtdtxjgpa]
"ServiceDll"="c:\windows.0\system32\jqnmp.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]
"Path"="c:\\WINDOWS.0\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2980)
c:\windows.0\system32\msi.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows.0\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows.0\system32\wscntfy.exe
c:\windows.0\RTHDCPL.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\docume~1\scs\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-03-01 17:06:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 09:06

Pre-Run: 12,120,498,176 bytes free
Post-Run: 12,271,124,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2E81A002CA6ADAD4D318C422BF1760B5

Thank you in advance and thank you for helping us who are probably just better off with a damn typewriter

Mabuhay.

Hello. We need to do some diagnostics to get started.

1. Please download Rooter and Save it to your desktop

• Double click it to start the tool.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download LockSearch to your desktop

• A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  
• A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply
  

3. Please download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks.

Talk about a quick reply , here are the logs you requested

Rooter:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 14 Stepping 8, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:39 Go - Free:11 Go )
D:\ [Fixed-NTFS] .. ( Total:35 Go - Free:12 Go )
E:\ [CD_Rom]
.
Scan : 23:40.14
Path : C:\Documents and Settings\scs\Desktop\MALWARE DIAGNOSTICS\Rooter.exe
User : scs ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1060)
______ \??\C:\WINDOWS.0\system32\csrss.exe (1148)
______ \??\C:\WINDOWS.0\system32\winlogon.exe (1172)
______ C:\WINDOWS.0\system32\services.exe (1216)
______ C:\WINDOWS.0\system32\lsass.exe (1228)
______ C:\WINDOWS.0\system32\svchost.exe (1384)
______ C:\WINDOWS.0\system32\svchost.exe (1452)
______ C:\WINDOWS.0\System32\svchost.exe (1592)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1628)
______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1712)
______ C:\WINDOWS.0\system32\svchost.exe (1756)
______ C:\WINDOWS.0\system32\svchost.exe (2032)
______ C:\WINDOWS.0\system32\spoolsv.exe (452)
______ C:\WINDOWS.0\Explorer.EXE (732)
______ C:\WINDOWS.0\RTHDCPL.EXE (952)
______ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (1004)
______ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (1012)
______ C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (1044)
______ C:\Program Files\Java\jre6\bin\jusched.exe (112)
______ C:\WINDOWS.0\vsnpstd3.exe (1096)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (1128)
______ C:\Program Files\Quicknote\quicknote.exe (1408)
______ C:\DOCUME~1\scs\LOCALS~1\Temp\RtkBtMnt.exe (1868)
______ C:\Program Files\Hotspot Shield\bin\openvpnas.exe (2004)
______ C:\WINDOWS.0\system32\svchost.exe (200)
______ C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (216)
______ C:\Program Files\Java\jre6\bin\jqs.exe (244)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (292)
______ C:\WINDOWS.0\system32\svchost.exe (388)
______ C:\WINDOWS.0\system32\wdfmgr.exe (888)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (988)
______ C:\WINDOWS.0\system32\wscntfy.exe (2824)
______ C:\WINDOWS.0\System32\alg.exe (2984)
______ C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe (3724)
______ C:\WINDOWS.0\system32\ctfmon.exe (3100)
______ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (3504)
______ C:\WINDOWS.0\system32\wbem\wmiprvse.exe (3304)
______ C:\Program Files\Mozilla Firefox\firefox.exe (1116)
______ C:\Documents and Settings\scs\Desktop\MALWARE DIAGNOSTICS\Rooter.exe (2288)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:41940670464)
\Device\Harddisk0\Partition0 (Start_Offset:41940702720 | Length:38083046400)
\Device\Harddisk0\Partition2 (Start_Offset:41940734976 | Length:38083014144)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS.0\Tasks\desktop.ini
C:\WINDOWS.0\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\scs\Application Data\uTorrent\Adobe_Illustrator_CS3-keygen.zip.torrent
C:\DOCUME~1\scs\Application Data\uTorrent\Cyberlink_PowerDVD6_Deluxe_keygen.exe.torrent
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 23:40.24
.
C:\Rooter$\Rooter_1.txt - (01/03/2010 | 23:40.24).c

LockSearch:

LockSearch by jpshortstuff (05.11.09.1)
Log created at 23:41 on 01/03/2010 (scs)
Scanning C:\


C:\pagefile.sys
-------------------------

-=E.O.F=-

CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11
----- EOF -----

Cheetah:

Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 03/01/2010 - Time: 23:45:53 - Arch.: x86


-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
Unlocker


-- Known infection --



Extra message: Detection only.


EOF

Again, lots of thanks.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

As requested, here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/2/2010 8:23:53 AM
mbam-log-2010-03-02 (08-23-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 244069
Time elapsed: 56 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Here is the ESET log as requested:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9c3b33e4fd2e2b468e8291984f916482
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-02 06:09:42
# local_time=2010-03-02 02:09:42 (+0800, Taipei Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77893
# found=1
# cleaned=1
# scan_time=2303
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Thanks.

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Here's the requested log

Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 03/02/2010 - Time: 17:35:54 - Arch.: x86


-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
Unlocker


-- Known infection --



Extra message: Detection only.


EOF

Thanks.

Hi again. I saw that you registered for GeekPolice Academy. In order to get fully signed up, please register for the site at GeekPolice.net using the Register button.

Once done, let me know here, and I can add you to the GeekPolice Group. After that, you will receive a Personal Message at GeekPolice, with instructions on how to get started.

=====

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hi there. I'm pretty much swamped with work right now and I don't think I can post the log you requested, not until after a day or two. Probably during the weekends I'll go ahead and do everything. Thanks for being patient man.

By the way, I just finished with the registration over at geekpolice.net. Thanks again!

Hi there. Here's the Security Check log as requested:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner (remove only)
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


Thanks!

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

====

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Hi there. I'll definitely go ahead and do everything you have asked me to. I actually have the free version of Avira and I uninstalled it for the moment as the pop-up warning for BDS/Small.iuj has become quite annoying. I will go ahead and reinstall it. I will be updating you if the warning still exists. I just want to know more about this BDS/Small.iuj thing, what type of malware is it? I've got a couple other friends with the same problem and I've recommended this site for them to look at. I'll definitely update you on anything.

Once again, thanks for all the help. More power.