Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

scan said threat was trojanbho.bb

Original Message
Name: missmysoldier28
Date: March 19, 2008 at 19:48:19 Pacific
Subject: scan said threat was trojanbho.bb
OS: not sure
CPU/Ram: not sure
Model/Manufacturer: not sure
Comment:
My mom got another virus because she didn't put her firewall back up from last time I helped her fix it. It replaces the desktop with a warning that she has spyware and it keeps popping up with warnings about every ten seconds to download things. At first when you tried to use taskmanager it would say that it was being used by another person and now it says that the administrator won't allow this. Then it pops up anti-spyware websites all the time. I ran hijackthis, combofix, avg scanner, that stinger mcaffee and I can't get rid of it. She had new programs on her computer since last time and I deleted the ones I was sure weren't there before, but I don't know if I got all of them. The scan said found 44 threats and the main high risk was trojanbho.bb. Also there's lots of warnings about trojandownloader.xs on her computer, but I think they're fake warnings from the virus. Sorry about all my posts, I had never read the part that says not to post your hijackthislog. Hope someone can help. Thanks.

Report Offensive Message For Removal


Response Number 1
Name: Adii
Date: March 19, 2008 at 22:40:19 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Why are you posting randomly? anyway!
Your computer is infected with Trojan.FakeAlert and some other spywares. Please Post your Hijackthis Log for Analysis.

Report Offensive Follow Up For Removal

Response Number 2
Name: VirusDr
Date: March 20, 2008 at 09:39:55 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
I had a similar problem and the advise at this site worked in about ten minutes...

http://www.alarural.com/rd/trojan_e...

Hope it works for you to - Kyle


Report Offensive Follow Up For Removal

Response Number 3
Name: XpUser4Real
Date: March 20, 2008 at 11:11:21 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
>>>I had never read the part that says not to post your hijackthislog.<<<

Hmmm, that is real interesting because as soon as I replied to your last post and suggested checking your HJT log online at:
http://hijackthis.de/
The box informing me TO NOT POST a HJT log popped up right before my eyes.
You must be using some kind of browser that is not alerting you.....STRANGE.....

Again....it is in BOLD letters as soon as I went to confirm this post...

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!


Report Offensive Follow Up For Removal

Response Number 4
Name: missmysoldier28
Date: March 20, 2008 at 19:51:43 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Hey, thanks so much for helping me. Sorry about all the random posts, I was really confused there for a couple days. XpUser4Real, it was an accident. I've already apoligized like 3 times so please quit attacking me. Thank you so much. Here's the log you requested.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\harold\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7056 bytes


Report Offensive Follow Up For Removal

Response Number 5
Name: Adii
Date: March 21, 2008 at 00:37:21 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Hi missmysoldier28,
You have a few malware issues showing in the log. Let's start to remove them.

We will use following two free tools to clean this malware.

First:

Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool.

Download link: http://www.malwarebytes.org/mbam/pr...

>DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
>Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
>If an update is found, it will download and install the latest database updates.
>Once the program has loaded, select Perform full scan, then click Scan.
>When the scan is complete, click OK, then Show Results to view the results.
>Be sure that everything is checked, and click Remove Selected.
>When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt


THEN:

Scan your computer with ComboFix. I think you already have combofix installed.

Double click combofix.exe & follow the prompts.

Note: (may be) Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

Produce a log for you. ( C:\ComboFix\ComboFix.txt)

IMPORTANT:
Do not use your computer while Combofix is running.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.


Please post that log for me along with the Malwarebytes AntiMalware log and a fresh HJT log from after the above was run. Let me know if you run into any difficulty.


*Do Safe Computing*


Report Offensive Follow Up For Removal


Response Number 6
Name: missmysoldier28
Date: March 21, 2008 at 02:33:03 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Malwarebytes' Anti-Malware 1.09
Database version: 515

Scan type: Full Scan (C:\|)
Objects scanned: 95550
Time elapsed: 35 minute(s), 44 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 84

Memory Processes Infected:
c:\WINDOWS\system32\mgmrwmrv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{5a148cf2-9c7b-4499-8e25-c9383a5e8680} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{daa07812-5c88-4ccc-8d25-10fef65b77b1} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BndFibu7.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.Band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BndFibu7.BHO.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\mgmrwmrv.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\mgmrwmrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir (Adware.ISM) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrDrive\QdrDrive12.dll.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrDrive\qdrloader.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule13.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack14.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe.vir (Adware.Comet) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whagent.exe.vir (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\w11\hiba3133.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228280.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228293.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228316.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228320.dll (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228321.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228322.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228323.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228327.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0228355.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229292.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229296.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229299.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B0A89D19-2B15-4A0B-82B1-8C933D660F35}\RP226\A0229301.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\saap.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\sac.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions\sais.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo\seekmohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\cp1041.nls (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\cp1334.nls (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\cp1467.nls (Trojan.Spambot) -> Quarantined and deleted successfully.


ComboFix 08-03-20.5 - harold 2008-03-21 2:20:03.12 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.55 [GMT -7:00]
Running from: C:\Documents and Settings\harold\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\default.htm
C:\WINDOWS\TEMP\salm.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 01:02 . 2008-03-21 01:02 <DIR> d-------- C:\Documents and Settings\harold\Application Data\Malwarebytes
2008-03-21 01:01 . 2008-03-21 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 01:01 . 2008-03-21 01:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-18 18:09 . 2008-03-18 18:09 <DIR> d-------- C:\Documents and Settings\harold\Application Data\Grisoft
2008-03-18 18:08 . 2008-03-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-18 18:08 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-18 17:48 . 2008-03-18 18:39 <DIR> d-------- C:\SDFix
2008-03-15 21:17 . 2008-03-15 21:17 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-11 21:31 . 2008-03-11 22:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-10 19:37 . 2008-03-10 19:37 <DIR> d---s---- C:\Documents and Settings\harold\UserData
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-03-10 15:23 . 2008-03-12 23:08 <DIR> d-------- C:\Program Files\CCleaner
2008-03-09 15:05 . 2008-03-09 15:06 <DIR> d-------- C:\ComboFix[1]
2008-03-09 00:46 . 2008-03-09 12:39 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-E1E53A042E\Application Data\Yahoo!
2008-03-08 15:16 . 2008-03-08 19:30 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-08 01:49 . 2008-03-08 19:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-03-07 20:57 . 2008-03-07 20:57 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TeamViewer
2008-03-07 20:53 . 2008-03-07 20:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-03-07 20:29 . 2008-03-20 21:35 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-07 20:29 . 2008-03-07 20:29 <DIR> d-------- C:\Documents and Settings\harold\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 16:07 --------- d-----w C:\Documents and Settings\harold\Application Data\AdobeUM
2008-03-13 05:59 --------- d-----w C:\Program Files\HPQ
2008-03-08 03:56 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2008-03-04 22:53 --------- d-----w C:\Program Files\SiteError Search
2008-03-01 16:41 --------- d-----w C:\Program Files\McAfee AntiSpyware 1.00 Install
2008-02-19 18:58 --------- d-----w C:\Program Files\BroadJump
2008-02-19 18:52 --------- d-----w C:\Program Files\Haunted House Horrors Screen Saver 1.3
2008-02-19 18:51 --------- d-----w C:\Program Files\DivX
2008-01-27 18:21 --------- d-----w C:\Documents and Settings\harold\Application Data\Creative
2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((( snapshot_2008-03-16_19.18.19.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-10 22:14:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-18 20:44:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-10 22:14:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-18 20:44:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-10 22:14:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-18 20:44:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-17 02:02:36 48,230 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 09:20:48 48,230 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-17 02:02:36 328,866 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 09:20:49 328,866 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,736 2006-11-07 15:29:02 C:\Program Files\AIM6\bak\aim6.exe

----a-w 711,272 2006-10-03 03:59:29 C:\Program Files\Common Files\Adobe\ESD\bak\AdobeDownloadManager.exe

----a-w 125,528 2004-11-03 21:03:00 C:\Program Files\Common Files\AOL\1122247261\EE\bak\AOLHostManager.exe

----a-r 34,904 2004-10-20 14:40:04 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe

----a-w 49,152 2003-08-05 00:28:18 C:\Program Files\HP\HP Software Update\bak\HPWuSchd.exe

----a-w 241,664 2003-12-22 15:38:42 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

----a-w 16,384 2005-08-03 03:10:40 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe

----a-w 188,416 2003-08-29 21:17:26 C:\Program Files\Logitech\Video\bak\ISStart.exe

----a-w 77,824 2003-08-29 21:20:02 C:\Program Files\Logitech\Video\bak\LogiTray.exe

----a-w 98,304 2005-07-24 23:22:49 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 98,304 2007-05-26 02:27:18 C:\Program Files\QuickTime\qttask.exe

----a-w 26,112 2005-07-24 23:22:24 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 442,455 2005-08-24 13:51:18 C:\Program Files\SBC Self Support Tool\SmartBridge\bak\MotiveSB.exe

----a-w 536,576 2004-05-26 17:15:16 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 536,576 2004-05-26 17:15:16 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

----a-w 98,304 2004-05-26 17:15:42 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 98,304 2004-05-26 17:15:42 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

----a-w 129,536 2006-07-21 22:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
----a-w 129,536 2006-07-21 23:19:46 C:\Program Files\Yahoo!\browser\ybrwicon.exe

----a-w 4,662,776 2006-10-27 03:21:48 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 10:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 10:15 536576]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 01:46 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 01:33 118784]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 11:28 286720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-25 19:27 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 08:33 286720]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-07 08:11:26 217088]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\NewsFlsh.exe [2007-11-24 15:26:14 261120]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-01-28 23:36:18 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38 54776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 02:25:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?4?4?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 2:29:11
ComboFix-quarantined-files.txt 2008-03-21 09:29:06
ComboFix2.txt 2008-03-18 21:57:59
ComboFix3.txt 2008-03-17 03:09:56
ComboFix4.txt 2008-03-17 02:19:10
ComboFix5.txt 2008-03-12 06:29:56
.
2008-02-14 11:06:22 --- E O F ---


Thank you so much


Report Offensive Follow Up For Removal

Response Number 7
Name: Adii
Date: March 21, 2008 at 12:16:20 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
You welcom!

You did not post your Hijackthis Log??

Your system is almost cleaned from 180solution spyware and some other malwares, but not sure to say that your computer is completely cleaned.
Thats why scan your pc with Hijackthis and send fresh Hijackthis Log in your next reply for further check!!


Report Offensive Follow Up For Removal

Response Number 8
Name: missmysoldier28
Date: March 21, 2008 at 12:22:02 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
The desktop is back to normal now, and it sopped getting warnings and pop ups. Is it completely fixed now? Thanks so much, you guys are great.

Report Offensive Follow Up For Removal

Response Number 9
Name: Adii
Date: March 21, 2008 at 21:40:41 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Yes almost fixed now!!

You can continue your work now!


Keep visiting!!

*Do Safe Computing*
!Adii!


Report Offensive Follow Up For Removal

Response Number 10
Name: missmysoldier28
Date: March 21, 2008 at 22:36:10 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\harold\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 6022 bytes

Here you go, sorry about that


Report Offensive Follow Up For Removal

Response Number 11
Name: Adii
Date: March 22, 2008 at 00:25:15 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Logs Looks cleaned!

How are you feeling abt your computer now??

You can continue your work !


Keep visiting!!

*Do Safe Computing*
!Adii!



Report Offensive Follow Up For Removal

Response Number 12
Name: missmysoldier28
Date: March 22, 2008 at 00:36:47 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
The computer's running great, thank you so much. You guys are wonderful.

Report Offensive Follow Up For Removal

Response Number 13
Name: Adii
Date: March 22, 2008 at 02:56:18 Pacific
Subject: scan said threat was trojanbho.bb
Reply: (edit)
Welcom! :)

Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: scan said threat was trojanbho.bb

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Video/Graphics problem

Ping on DOS 6.22

netgear, onelevel

Ping on DOS 6.22

Sony handycam dcr-sr42

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC