scan said threat was trojanbho.bb

Computing.Net > Forums > Security and Virus > scan said threat was trojanbho.bb

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

scan said threat was trojanbho.bb

Name: missmysoldier28
Date: March 19, 2008 at 19:48:19 Pacific
OS: not sure
CPU/Ram: not sure
Product: not sure

Comment:

My mom got another virus because she didn't put her firewall back up from last time I helped her fix it. It replaces the desktop with a warning that she has spyware and it keeps popping up with warnings about every ten seconds to download things. At first when you tried to use taskmanager it would say that it was being used by another person and now it says that the administrator won't allow this. Then it pops up anti-spyware websites all the time. I ran hijackthis, combofix, avg scanner, that stinger mcaffee and I can't get rid of it. She had new programs on her computer since last time and I deleted the ones I was sure weren't there before, but I don't know if I got all of them. The scan said found 44 threats and the main high risk was trojanbho.bb. Also there's lots of warnings about trojandownloader.xs on her computer, but I think they're fake warnings from the virus. Sorry about all my posts, I had never read the part that says not to post your hijackthislog. Hope someone can help. Thanks.

Sponsored Link

Ads by Google

Response Number 1

Name: Adii
Date: March 19, 2008 at 22:40:19 Pacific

Reply:

Why are you posting randomly? anyway!
Your computer is infected with Trojan.FakeAlert and some other spywares. Please Post your Hijackthis Log for Analysis.

Response Number 2

Name: VirusDr
Date: March 20, 2008 at 09:39:55 Pacific

Reply:

I had a similar problem and the advise at this site worked in about ten minutes...
http://www.alarural.com/rd/trojan_e...
Hope it works for you to - Kyle

Response Number 3

Name: XpUser4Real
Date: March 20, 2008 at 11:11:21 Pacific

Reply:

>>>I had never read the part that says not to post your hijackthislog.<<<
Hmmm, that is real interesting because as soon as I replied to your last post and suggested checking your HJT log online at:
http://hijackthis.de/
The box informing me TO NOT POST a HJT log popped up right before my eyes.
You must be using some kind of browser that is not alerting you.....STRANGE.....
Again....it is in BOLD letters as soon as I went to confirm this post...
Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Response Number 4

Name: missmysoldier28
Date: March 20, 2008 at 19:51:43 Pacific

Reply:

Hey, thanks so much for helping me. Sorry about all the random posts, I was really confused there for a couple days. XpUser4Real, it was an accident. I've already apoligized like 3 times so please quit attacking me. Thank you so much. Here's the log you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\harold\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
--
End of file - 7056 bytes

Response Number 5

Name: Adii
Date: March 21, 2008 at 00:37:21 Pacific

Reply:

Hi missmysoldier28,
You have a few malware issues showing in the log. Let's start to remove them.
We will use following two free tools to clean this malware.
First:
Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool.
Download link: http://www.malwarebytes.org/mbam/pr...
>DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
>Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
>If an update is found, it will download and install the latest database updates.
>Once the program has loaded, select Perform full scan, then click Scan.
>When the scan is complete, click OK, then Show Results to view the results.
>Be sure that everything is checked, and click Remove Selected.
>When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

THEN:
Scan your computer with ComboFix. I think you already have combofix installed.
Double click combofix.exe & follow the prompts.
Note: (may be) Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.
When it finishes, it ought to
Produce a log for you. ( C:\ComboFix\ComboFix.txt)
IMPORTANT:
Do not use your computer while Combofix is running.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Please post that log for me along with the Malwarebytes AntiMalware log and a fresh HJT log from after the above was run. Let me know if you run into any difficulty.

*Do Safe Computing*

Some handheld records were not copied to your PC. Your computer may be full trend micro uninstall password c 720.nls download	Rev Scan R 48 Ti PROBLEMA HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\8E27C92E-1264 1252.nls
See More

Response Number 6

Name: missmysoldier28
Date: March 21, 2008 at 02:33:03 Pacific

Reply:

Malwarebytes' Anti-Malware 1.09
Database version: 515
Scan type: Full Scan (C:\|)
Objects scanned: 95550
Time elapsed: 35 minute(s), 44 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 84
Memory Processes Infected:
c:\WINDOWS\system32\mgmrwmrv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{5a148cf2-9c7b-4499-8e25-c9383a5e8680} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{daa07812-5c88-4ccc-8d25-10fef65b77b1} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BndFibu7.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\mgmrwmrv.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\mgmrwmrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir (Adware.ISM) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrDrive\QdrDrive12.dll.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrDrive\qdrloader.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule13.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack14.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe.vir (Adware.Comet) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whagent.exe.vir (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\w11\hiba3133.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228280.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228293.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228316.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228320.dll (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228321.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228322.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228323.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228327.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228355.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229292.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229296.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229299.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229301.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\saap.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\sac.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions\sais.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo\seekmohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\cp1041.nls (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\cp1334.nls (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\cp1467.nls (Trojan.Spambot) -> Quarantined and deleted successfully.

ComboFix 08-03-20.5 - harold 2008-03-21 2:20:03.12 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.55 [GMT -7:00]
Running from: C:\Documents and Settings\harold\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\default.htm
C:\WINDOWS\TEMP\salm.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-21 01:02 . 2008-03-21 01:02 <DIR> d-------- C:\Documents and Settings\harold\Application Data\Malwarebytes
2008-03-21 01:01 . 2008-03-21 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 01:01 . 2008-03-21 01:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-18 18:09 . 2008-03-18 18:09 <DIR> d-------- C:\Documents and Settings\harold\Application Data\Grisoft
2008-03-18 18:08 . 2008-03-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-18 18:08 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-18 17:48 . 2008-03-18 18:39 <DIR> d-------- C:\SDFix
2008-03-15 21:17 . 2008-03-15 21:17 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-11 21:31 . 2008-03-11 22:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-10 19:37 . 2008-03-10 19:37 <DIR> d---s---- C:\Documents and Settings\harold\UserData
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-03-10 15:23 . 2008-03-12 23:08 <DIR> d-------- C:\Program Files\CCleaner
2008-03-09 15:05 . 2008-03-09 15:06 <DIR> d-------- C:\ComboFix[1]
2008-03-09 00:46 . 2008-03-09 12:39 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-E1E53A042E\Application Data\Yahoo!
2008-03-08 15:16 . 2008-03-08 19:30 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-08 01:49 . 2008-03-08 19:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-03-07 20:57 . 2008-03-07 20:57 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TeamViewer
2008-03-07 20:53 . 2008-03-07 20:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2008-03-07 20:29 . 2008-03-20 21:35 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-07 20:29 . 2008-03-07 20:29 <DIR> d-------- C:\Documents and Settings\harold\Application Data\TeamViewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 16:07 --------- d-----w C:\Documents and Settings\harold\Application Data\AdobeUM
2008-03-13 05:59 --------- d-----w C:\Program Files\HPQ
2008-03-08 03:56 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2008-03-04 22:53 --------- d-----w C:\Program Files\SiteError Search
2008-03-01 16:41 --------- d-----w C:\Program Files\McAfee AntiSpyware 1.00 Install
2008-02-19 18:58 --------- d-----w C:\Program Files\BroadJump
2008-02-19 18:52 --------- d-----w C:\Program Files\Haunted House Horrors Screen Saver 1.3
2008-02-19 18:51 --------- d-----w C:\Program Files\DivX
2008-01-27 18:21 --------- d-----w C:\Documents and Settings\harold\Application Data\Creative
2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((( snapshot_2008-03-16_19.18.19.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-10 22:14:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-18 20:44:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-10 22:14:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-18 20:44:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-10 22:14:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-18 20:44:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-17 02:02:36 48,230 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 09:20:48 48,230 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-17 02:02:36 328,866 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 09:20:49 328,866 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,736 2006-11-07 15:29:02 C:\Program Files\AIM6\bak\aim6.exe
----a-w 711,272 2006-10-03 03:59:29 C:\Program Files\Common Files\Adobe\ESD\bak\AdobeDownloadManager.exe
----a-w 125,528 2004-11-03 21:03:00 C:\Program Files\Common Files\AOL\1122247261\EE\bak\AOLHostManager.exe
----a-r 34,904 2004-10-20 14:40:04 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe
----a-w 49,152 2003-08-05 00:28:18 C:\Program Files\HP\HP Software Update\bak\HPWuSchd.exe
----a-w 241,664 2003-12-22 15:38:42 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe
----a-w 16,384 2005-08-03 03:10:40 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe
----a-w 188,416 2003-08-29 21:17:26 C:\Program Files\Logitech\Video\bak\ISStart.exe
----a-w 77,824 2003-08-29 21:20:02 C:\Program Files\Logitech\Video\bak\LogiTray.exe
----a-w 98,304 2005-07-24 23:22:49 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 98,304 2007-05-26 02:27:18 C:\Program Files\QuickTime\qttask.exe
----a-w 26,112 2005-07-24 23:22:24 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
----a-w 442,455 2005-08-24 13:51:18 C:\Program Files\SBC Self Support Tool\SmartBridge\bak\MotiveSB.exe
----a-w 536,576 2004-05-26 17:15:16 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 536,576 2004-05-26 17:15:16 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
----a-w 98,304 2004-05-26 17:15:42 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 98,304 2004-05-26 17:15:42 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
----a-w 129,536 2006-07-21 22:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
----a-w 129,536 2006-07-21 23:19:46 C:\Program Files\Yahoo!\browser\ybrwicon.exe
----a-w 4,662,776 2006-10-27 03:21:48 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 10:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 10:15 536576]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 01:46 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 01:33 118784]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 11:28 286720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-25 19:27 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 08:33 286720]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-07 08:11:26 217088]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\NewsFlsh.exe [2007-11-24 15:26:14 261120]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-01-28 23:36:18 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38 54776]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.exe"=
R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 02:25:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?4?4?8??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-21 2:29:11
ComboFix-quarantined-files.txt 2008-03-21 09:29:06
ComboFix2.txt 2008-03-18 21:57:59
ComboFix3.txt 2008-03-17 03:09:56
ComboFix4.txt 2008-03-17 02:19:10
ComboFix5.txt 2008-03-12 06:29:56
.
2008-02-14 11:06:22 --- E O F ---

Thank you so much

Response Number 7

Name: Adii
Date: March 21, 2008 at 12:16:20 Pacific

Reply:

You welcom!
You did not post your Hijackthis Log??
Your system is almost cleaned from 180solution spyware and some other malwares, but not sure to say that your computer is completely cleaned.
Thats why scan your pc with Hijackthis and send fresh Hijackthis Log in your next reply for further check!!

Response Number 8

Name: missmysoldier28
Date: March 21, 2008 at 12:22:02 Pacific

Reply:

The desktop is back to normal now, and it sopped getting warnings and pop ups. Is it completely fixed now? Thanks so much, you guys are great.

Response Number 9

Name: Adii
Date: March 21, 2008 at 21:40:41 Pacific

Reply:

Yes almost fixed now!!
You can continue your work now!

Keep visiting!!
*Do Safe Computing*
!Adii!

Response Number 10

Name: missmysoldier28
Date: March 21, 2008 at 22:36:10 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\harold\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6022 bytes
Here you go, sorry about that

Response Number 11

Name: Adii
Date: March 22, 2008 at 00:25:15 Pacific

Reply:

Logs Looks cleaned!
How are you feeling abt your computer now??
You can continue your work !

Keep visiting!!
*Do Safe Computing*
!Adii!

Response Number 12

Name: missmysoldier28
Date: March 22, 2008 at 00:36:47 Pacific

Reply:

The computer's running great, thank you so much. You guys are wonderful.

Response Number 13

Name: Adii
Date: March 22, 2008 at 02:56:18 Pacific

Reply:

Welcom! :)

Sponsored Link

Ads by Google

Need help with troj_killa...

Delete for Search engines

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: scan said threat was trojanbho.bb

Totally confused JS_EXCEPTION.GEN (again

Summary

www.computing.net/answers/security/totally-confused-jsexceptiongen-again/1333.html

McAfee scan showing adaware????

Summary

www.computing.net/answers/security/mcafee-scan-showing-adaware/11213.html

port scan attack

Summary

www.computing.net/answers/security/port-scan-attack/9049.html

From the Geek Dictionary
moron - A meson like particle that is responsible for holding together the neutron,...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
Connecting an XBOX 360 using a switch

Shared Printer

fax software

Booting Error

Another redirect virus

All Awaiting Reply

Tom's News
Small-Time Company Sues Nintendo, Sony, MSFT

Town Appoints, Pays Resident Tweeter

Amazon: Kindle Outsold Everything in November

Leak Says Google Phone is a "Certainty"

Using Google-Wave to Track A Man-Hunt

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE