Hard to remove spammin' trojan

Hi,
I'm Cesare from Rome, Italy (really)
My PC has been affected,
after downloading a false codec

VideoCodec3_05b_9.exe

to see a posted video,
by a trojan called from Kaspersky

Trojan-Clicker.Win32.Bomka.a

Done all as shown in your knowledge database
(all but antivirus: usually I use Norton, but it didn't detect it, then
after a cleaning I installed a trial version of kaspersky, but occurred too many conflicts, at least I can post an HJT scanLOG with Kasp installed, but now I propose to reinstall NAV)

Manually removed: ietools.exe, gcac.exe, kaboom.dll, gtrack.dll, from WINDOWS\system32 and many little executables recently created by this trojan who clones himself in *\Temp folder
and tries to connect to net (stopped by DialerControl and Zone Alarm)

Now I remain hopely without the trojan (I'm not so sure),
and with some conflicts due to registry-keys removal (was not so clever..)
and more, can't restore!

I'll try to reinstall all internet-related programs to recover conflicts due to keys' missing (I suppose) and
hope in a little help from my friends (Joe Cocker said...)
See U and help me please!

 

Welcome to MGs!

Did you install this Dialer Control program yourself to protect from porn dialers?
O4 - HKLM\..\Run: [Dialer Control] C:\PROGRA~1\DIALER~1\dc.exe

YES

We need HJT logs to be posted from normal boot mode not safe mode. This is covered in step 7 of the READ & RUN ME.

Also you need to complete the online scans and attach their logs. This is covered in step 6 of the READ & RUN ME.

DONE BUT NOT PANDA TOO MUCH TIME (3 H. PREVISION)

I will attempt to give you a fix below but somethings may be wrong or not work since the HJT log was not from normal boot. Also I need the output from the online scanners.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll (file missing)
O2 - BHO: (no name) - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - (no file)
O2 - BHO: (no name) - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - (no file)
O4 - HKLM\..\Run: [gCac] C:\WINDOWS\gcac.exe
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\msx.dll
C:\WINDOWS\gcac.exe
C:\WINDOWS\system32\icqchk.exe

DONE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

IT DIDN'T HAPPEN

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

DONE, NOW PC SEEMS ALLRIGHT

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

THANKS CHAS

 

forgot to attach logs, sorry
here they are
thanks

 

P.S.:
during Bit Defender scanning, Dialer Control stopped my dial-up connection cause of a connecting request from
C\WINDOWS\system32\rasautou.exe
..is it a service or...?
never happened before...
Thanks Chas

 

any answer?
thanks anyway

 

Nice shot my friend

You really helped me!
Thanks

Cesare

 

please can help me with CCleaner?
I've posted another thread
thanks a lot