Sign In
Create Account
0
Hi,
My girlfriend told me her computer was opening IE whenever she'd open a folder on her HD. For instance if she opened the folder "C:\Test" then it would search Baidu (chinese search engine) for "C:\Test" I figured it was poorly made Spyware so ran Malware which I'd installed on her comp. It came out with a few entries, but removed all but Trojan.BHO which Malware can't remove. When it finds it it gives the following error box: "An Error has occured. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error Code: 731 (0, 6)" This error causes Malware not to recognize the trojan. Here is an example of the log after the trojan is found (doesn't even show up).
I have included a copy of Hijackthis log as well. Please note she is Chinese and so you might not be able to read some of the programs without additional language packs.
She runs the Chinese version of WinXP, from Lenvo. I'm sure (or at least hope) the Trojan is linked to the IE pop ups, so any help would be appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:41:42, on 2009-8-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\lenovo\GUA\GUA.exe
C:\Program Files\lenovo\IGRS\IGRS.exe
C:\Program Files\lenovo\IGRS\Ext\IgrsMonitor.exe
C:\Program Files\lenovo\IGRS\Ext\router.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\lenovo\IGRS\Ext\wmcsvc.exe
C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe
C:\Program Files\lenovo\IGRS EasyShare\FileShare.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QBU\QkOnBtn.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sucop\SecPlugin\SecNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll (file missing)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\新建文件夹\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - E:\easyMule\modules\IE2EM.dll
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\Common Files\System\QvodExtend.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\新建文件夹\ComDlls\xunleiBHO_Now.dll
O2 - BHO: ntFilter - {C2EB616C-BFB0-4361-A02C-588F869A0E97} - C:\Program Files\Sucop\SecPlugin\SecPlugin.dll
O3 - Toolbar: 闪联任意通 - {0C9B3AB9-DEDF-11D8-A2D4-0050FC464B19} - C:\Program Files\lenovo\IGRS EasyShare\IgrsAnywhere.dll
O3 - Toolbar: 畅游巡警 - {B057BF9C-55B4-4AA4-938A-FE78617866B8} - C:\Program Files\Sucop\SecPlugin\SecPlugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QkOnBtn] C:\Program Files\QBU\QkOnBtn.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [MINI_BFYY] C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [搜狐电视机网页版] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "d6d96fcfa7dc8461fb9b42368748714e" "1.0.0.6" ""
O4 - HKLM\..\Run: [SecNotifier] C:\Program Files\Sucop\SecPlugin\SecNotifier.exe
O4 - HKLM\..\Run: [Thunder] "E:\新建文件夹\Thunder.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用暴风下载器下载 - C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: 使用电驴下载 - E:\easyMule\IE2EM.htm
O8 - Extra context menu item: 使用迅雷下载 - E:\新建文件夹\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\新建文件夹\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\新建文件夹\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\新建文件夹\Thunder.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O20 - Winlogon Notify: igrswn - C:\Program Files\lenovo\IGRS\Ext\igrswn.dll
O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe (file missing)
O23 - Service: General Updater/AutoUpdater Service (GUA) - lenovo - C:\Program Files\lenovo\GUA\GUA.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\IGRS.exe
O23 - Service: IGRSFILE - Lenovo Group Limited - C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe
O23 - Service: IgrsFileShare - 联想集团有限公司 - C:\Program Files\lenovo\IGRS EasyShare\FileShare.exe
O23 - Service: IgrsMonitor - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\IgrsMonitor.exe
O23 - Service: MicroGrid DirectRouter (MicroGrid.DirectRouter) - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\router.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMCSVC - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\wmcsvc.exe
--
End of file - 7418 bytes
Malwarebytes' Anti-Malware 1.40
Database version: 2608
Windows 5.1.2600 Service Pack 2
2009-8-12 0:54:06
mbam-log-2009-08-12 (00-54-06).txt
Scan type: Quick Scan
Objects scanned: 16019
Time elapsed: 1 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
This topic is locked
Back to top
#2
Posted 12 August 2009 - 08:56 AM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:
C:\Program Files\Common Files\System\QvodExtend.dll
Select it and click ok:
Then click the Send File button below.
Let me know in this thread once you've uploaded the file
Also, Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Can you also tell me what mbam is exactly detecting as this Trojan.BHO? Because I can't see it in the log here.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:
C:\Program Files\Common Files\System\QvodExtend.dll
Select it and click ok:
Then click the Send File button below.
Let me know in this thread once you've uploaded the file
Also, Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Can you also tell me what mbam is exactly detecting as this Trojan.BHO? Because I can't see it in the log here.
#3
Posted 12 August 2009 - 11:21 PM
-
- Members
-
- 3 posts
New Member
I uploaded the file as you asked.
I can'tbe sure, exactly. When Mbam gets the error I listed above, the show result page just has "Trojan.BHO" as the name and nothing else. I can opt to remove it, but it just generates that blank log I showed (I mainly listed that to show the version) and doesn't remove it. When it is scanning, it pauses when it hits the error, which is (I think) the same time it finds the Trojan.BHO file. The scan pauses on the following "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping" and then it will continue scanning after I hit Ok on the error.
The following is the uninstall list:
3ivx MPEG-4 5.0 Decoder (remove only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 6.0 - Chinese Simplified
Agere Systems AC'97 Modem
Audio Browser
Broadcom 440x 10/100 Integrated Controller
Combined Community Codec Pack 2008-09-21 16:18
Cool Edit Pro 2.0
easyMule
EnergyCut
HC PC-Camera
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Software Update
HP Solution Center 7.0
Intel® Graphics Media Accelerator Driver for Mobile
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee Plugin 1.0
Nero OEM
PowerDVD
Powerword 2005
PPS网络电视
QQ2007II 正式版
QuickOn Button ( WinXP )
QuickStroke
RealPlayer
Realtek AC'97 Audio
SecureW2 TTLS Client 3.3.3 for Windows
Spybot - Search & Destroy
SupportSoft Assisted Service
Symantec AntiVirus Client
Synaptics Pointing Device Driver
Tencent Media Player by Viewpoint
Texas Instruments PCIxx21/x515 drivers.
Tom - Skype (BETA)
Trillian
TVAnts 1.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 安全更新 (KB938127)
Windows Internet Explorer 7 安全更新 (KB942615)
Windows Internet Explorer 7 安全更新 (KB944533)
Windows Internet Explorer 7 安全更新 (KB950759)
Windows Internet Explorer 7 安全更新 (KB953838)
Windows Internet Explorer 7 安全更新 (KB956390)
Windows Internet Explorer 7 安全更新 (KB958215)
Windows Internet Explorer 7 安全更新 (KB960714)
Windows Internet Explorer 7 安全更新 (KB961260)
Windows Internet Explorer 7 安全更新 (KB963027)
Windows Internet Explorer 7 安全更新 (KB969897)
Windows Internet Explorer 7 安全更新 (KB972260)
Windows Internet Explorer 7 修补程序 (KB947864)
Windows Live Messenger
Windows Media Player (KB911564) 安全更新
Windows Media Player (KB952069) 安全更新
Windows Media Player (KB973540) 安全更新
Windows Media Player 6.4 (KB925398) 安全更新
Windows Media Player 9 (KB917734) 安全更新
Windows Media Player 9 (KB936782) 安全更新
Windows XP (KB923689) 安全更新
Windows XP (KB941569) 安全更新
Windows XP 安全更新 (KB890046)
Windows XP 安全更新 (KB893756)
Windows XP 安全更新 (KB896358)
Windows XP 安全更新 (KB896422)
Windows XP 安全更新 (KB896423)
Windows XP 安全更新 (KB896424)
Windows XP 安全更新 (KB896428)
Windows XP 安全更新 (KB899587)
Windows XP 安全更新 (KB899588)
Windows XP 安全更新 (KB899591)
Windows XP 安全更新 (KB900725)
Windows XP 安全更新 (KB901017)
Windows XP 安全更新 (KB901190)
Windows XP 安全更新 (KB901214)
Windows XP 安全更新 (KB902400)
Windows XP 安全更新 (KB903235)
Windows XP 安全更新 (KB904706)
Windows XP 安全更新 (KB905414)
Windows XP 安全更新 (KB905749)
Windows XP 安全更新 (KB908519)
Windows XP 安全更新 (KB911562)
Windows XP 安全更新 (KB911567)
Windows XP 安全更新 (KB911927)
Windows XP 安全更新 (KB912919)
Windows XP 安全更新 (KB913580)
Windows XP 安全更新 (KB914388)
Windows XP 安全更新 (KB914389)
Windows XP 安全更新 (KB916281)
Windows XP 安全更新 (KB917159)
Windows XP 安全更新 (KB917344)
Windows XP 安全更新 (KB917422)
Windows XP 安全更新 (KB917953)
Windows XP 安全更新 (KB918118)
Windows XP 安全更新 (KB918439)
Windows XP 安全更新 (KB918899)
Windows XP 安全更新 (KB919007)
Windows XP 安全更新 (KB920213)
Windows XP 安全更新 (KB920214)
Windows XP 安全更新 (KB920670)
Windows XP 安全更新 (KB920683)
Windows XP 安全更新 (KB920685)
Windows XP 安全更新 (KB921398)
Windows XP 安全更新 (KB921503)
Windows XP 安全更新 (KB921883)
Windows XP 安全更新 (KB922616)
Windows XP 安全更新 (KB922760)
Windows XP 安全更新 (KB922819)
Windows XP 安全更新 (KB923191)
Windows XP 安全更新 (KB923414)
Windows XP 安全更新 (KB923561)
Windows XP 安全更新 (KB923694)
Windows XP 安全更新 (KB923980)
Windows XP 安全更新 (KB924191)
Windows XP 安全更新 (KB924270)
Windows XP 安全更新 (KB924496)
Windows XP 安全更新 (KB924667)
Windows XP 安全更新 (KB925454)
Windows XP 安全更新 (KB925486)
Windows XP 安全更新 (KB925902)
Windows XP 安全更新 (KB926255)
Windows XP 安全更新 (KB926436)
Windows XP 安全更新 (KB927779)
Windows XP 安全更新 (KB927802)
Windows XP 安全更新 (KB928090)
Windows XP 安全更新 (KB928255)
Windows XP 安全更新 (KB928843)
Windows XP 安全更新 (KB929123)
Windows XP 安全更新 (KB929969)
Windows XP 安全更新 (KB930178)
Windows XP 安全更新 (KB931261)
Windows XP 安全更新 (KB931768)
Windows XP 安全更新 (KB931784)
Windows XP 安全更新 (KB932168)
Windows XP 安全更新 (KB933566)
Windows XP 安全更新 (KB933729)
Windows XP 安全更新 (KB935839)
Windows XP 安全更新 (KB935840)
Windows XP 安全更新 (KB936021)
Windows XP 安全更新 (KB937143)
Windows XP 安全更新 (KB938127)
Windows XP 安全更新 (KB938464)
Windows XP 安全更新 (KB938829)
Windows XP 安全更新 (KB939653)
Windows XP 安全更新 (KB941202)
Windows XP 安全更新 (KB941568)
Windows XP 安全更新 (KB941644)
Windows XP 安全更新 (KB941693)
Windows XP 安全更新 (KB942615)
Windows XP 安全更新 (KB943055)
Windows XP 安全更新 (KB943460)
Windows XP 安全更新 (KB943485)
Windows XP 安全更新 (KB944533)
Windows XP 安全更新 (KB944653)
Windows XP 安全更新 (KB945553)
Windows XP 安全更新 (KB946026)
Windows XP 安全更新 (KB946648)
Windows XP 安全更新 (KB948590)
Windows XP 安全更新 (KB948881)
Windows XP 安全更新 (KB950749)
Windows XP 安全更新 (KB950760)
Windows XP 安全更新 (KB950762)
Windows XP 安全更新 (KB950974)
Windows XP 安全更新 (KB951066)
Windows XP 安全更新 (KB951376)
Windows XP 安全更新 (KB951376-v2)
Windows XP 安全更新 (KB951698)
Windows XP 安全更新 (KB951748)
Windows XP 安全更新 (KB952004)
Windows XP 安全更新 (KB952954)
Windows XP 安全更新 (KB953839)
Windows XP 安全更新 (KB954211)
Windows XP 安全更新 (KB954600)
Windows XP 安全更新 (KB955069)
Windows XP 安全更新 (KB956391)
Windows XP 安全更新 (KB956572)
Windows XP 安全更新 (KB956802)
Windows XP 安全更新 (KB956803)
Windows XP 安全更新 (KB956841)
Windows XP 安全更新 (KB957095)
Windows XP 安全更新 (KB957097)
Windows XP 安全更新 (KB958470)
Windows XP 安全更新 (KB958644)
Windows XP 安全更新 (KB958687)
Windows XP 安全更新 (KB958690)
Windows XP 安全更新 (KB959426)
Windows XP 安全更新 (KB960225)
Windows XP 安全更新 (KB960715)
Windows XP 安全更新 (KB960803)
Windows XP 安全更新 (KB960859)
Windows XP 安全更新 (KB961371)
Windows XP 安全更新 (KB961373)
Windows XP 安全更新 (KB961501)
Windows XP 安全更新 (KB968537)
Windows XP 安全更新 (KB969898)
Windows XP 安全更新 (KB970238)
Windows XP 安全更新 (KB971557)
Windows XP 安全更新 (KB971633)
Windows XP 安全更新 (KB971657)
Windows XP 安全更新 (KB973346)
Windows XP 安全更新 (KB973354)
Windows XP 安全更新 (KB973507)
Windows XP 安全更新 (KB973869)
Windows XP 更新 (KB894391)
Windows XP 更新 (KB896727)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB904942)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB929338)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB931836)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB933360)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB942763)
Windows XP 更新 (KB942840)
Windows XP 更新 (KB946627)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB973815)
Windows XP 修补程序 (KB914440)
Windows XP 修补程序 (KB952287)
Windows XP 修补程序包 - KB834707
Windows XP 修补程序包 - KB867282
Windows XP 修补程序包 - KB873333
Windows XP 修补程序包 - KB873339
Windows XP 修补程序包 - KB885250
Windows XP 修补程序包 - KB885835
Windows XP 修补程序包 - KB885836
Windows XP 修补程序包 - KB886185
Windows XP 修补程序包 - KB886677
Windows XP 修补程序包 - KB887472
Windows XP 修补程序包 - KB887742
Windows XP 修补程序包 - KB888113
Windows XP 修补程序包 - KB888302
Windows XP 修补程序包 - KB890047
Windows XP 修补程序包 - KB890175
Windows XP 修补程序包 - KB890859
Windows XP 修补程序包 - KB891781
Windows XP 修补程序包 - KB894194
WinRAR 压缩文件管理器
暴风下载器
暴风影音
畅游巡警 1.1.0.2 VeryCD专版
金山打字通 2008
金山打字游戏 2008
闪联任意通
闪联通用自动更新
闪联文件交互智能应用框架
闪联运行支撑平台
文件备份
迅雷5
miekiemoes, on Aug 12 2009, 04:56 AM, said:
Can you also tell me what mbam is exactly detecting as this Trojan.BHO? Because I can't see it in the log here.
I can'tbe sure, exactly. When Mbam gets the error I listed above, the show result page just has "Trojan.BHO" as the name and nothing else. I can opt to remove it, but it just generates that blank log I showed (I mainly listed that to show the version) and doesn't remove it. When it is scanning, it pauses when it hits the error, which is (I think) the same time it finds the Trojan.BHO file. The scan pauses on the following "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping" and then it will continue scanning after I hit Ok on the error.
The following is the uninstall list:
3ivx MPEG-4 5.0 Decoder (remove only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 6.0 - Chinese Simplified
Agere Systems AC'97 Modem
Audio Browser
Broadcom 440x 10/100 Integrated Controller
Combined Community Codec Pack 2008-09-21 16:18
Cool Edit Pro 2.0
easyMule
EnergyCut
HC PC-Camera
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Software Update
HP Solution Center 7.0
Intel® Graphics Media Accelerator Driver for Mobile
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee Plugin 1.0
Nero OEM
PowerDVD
Powerword 2005
PPS网络电视
QQ2007II 正式版
QuickOn Button ( WinXP )
QuickStroke
RealPlayer
Realtek AC'97 Audio
SecureW2 TTLS Client 3.3.3 for Windows
Spybot - Search & Destroy
SupportSoft Assisted Service
Symantec AntiVirus Client
Synaptics Pointing Device Driver
Tencent Media Player by Viewpoint
Texas Instruments PCIxx21/x515 drivers.
Tom - Skype (BETA)
Trillian
TVAnts 1.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 安全更新 (KB938127)
Windows Internet Explorer 7 安全更新 (KB942615)
Windows Internet Explorer 7 安全更新 (KB944533)
Windows Internet Explorer 7 安全更新 (KB950759)
Windows Internet Explorer 7 安全更新 (KB953838)
Windows Internet Explorer 7 安全更新 (KB956390)
Windows Internet Explorer 7 安全更新 (KB958215)
Windows Internet Explorer 7 安全更新 (KB960714)
Windows Internet Explorer 7 安全更新 (KB961260)
Windows Internet Explorer 7 安全更新 (KB963027)
Windows Internet Explorer 7 安全更新 (KB969897)
Windows Internet Explorer 7 安全更新 (KB972260)
Windows Internet Explorer 7 修补程序 (KB947864)
Windows Live Messenger
Windows Media Player (KB911564) 安全更新
Windows Media Player (KB952069) 安全更新
Windows Media Player (KB973540) 安全更新
Windows Media Player 6.4 (KB925398) 安全更新
Windows Media Player 9 (KB917734) 安全更新
Windows Media Player 9 (KB936782) 安全更新
Windows XP (KB923689) 安全更新
Windows XP (KB941569) 安全更新
Windows XP 安全更新 (KB890046)
Windows XP 安全更新 (KB893756)
Windows XP 安全更新 (KB896358)
Windows XP 安全更新 (KB896422)
Windows XP 安全更新 (KB896423)
Windows XP 安全更新 (KB896424)
Windows XP 安全更新 (KB896428)
Windows XP 安全更新 (KB899587)
Windows XP 安全更新 (KB899588)
Windows XP 安全更新 (KB899591)
Windows XP 安全更新 (KB900725)
Windows XP 安全更新 (KB901017)
Windows XP 安全更新 (KB901190)
Windows XP 安全更新 (KB901214)
Windows XP 安全更新 (KB902400)
Windows XP 安全更新 (KB903235)
Windows XP 安全更新 (KB904706)
Windows XP 安全更新 (KB905414)
Windows XP 安全更新 (KB905749)
Windows XP 安全更新 (KB908519)
Windows XP 安全更新 (KB911562)
Windows XP 安全更新 (KB911567)
Windows XP 安全更新 (KB911927)
Windows XP 安全更新 (KB912919)
Windows XP 安全更新 (KB913580)
Windows XP 安全更新 (KB914388)
Windows XP 安全更新 (KB914389)
Windows XP 安全更新 (KB916281)
Windows XP 安全更新 (KB917159)
Windows XP 安全更新 (KB917344)
Windows XP 安全更新 (KB917422)
Windows XP 安全更新 (KB917953)
Windows XP 安全更新 (KB918118)
Windows XP 安全更新 (KB918439)
Windows XP 安全更新 (KB918899)
Windows XP 安全更新 (KB919007)
Windows XP 安全更新 (KB920213)
Windows XP 安全更新 (KB920214)
Windows XP 安全更新 (KB920670)
Windows XP 安全更新 (KB920683)
Windows XP 安全更新 (KB920685)
Windows XP 安全更新 (KB921398)
Windows XP 安全更新 (KB921503)
Windows XP 安全更新 (KB921883)
Windows XP 安全更新 (KB922616)
Windows XP 安全更新 (KB922760)
Windows XP 安全更新 (KB922819)
Windows XP 安全更新 (KB923191)
Windows XP 安全更新 (KB923414)
Windows XP 安全更新 (KB923561)
Windows XP 安全更新 (KB923694)
Windows XP 安全更新 (KB923980)
Windows XP 安全更新 (KB924191)
Windows XP 安全更新 (KB924270)
Windows XP 安全更新 (KB924496)
Windows XP 安全更新 (KB924667)
Windows XP 安全更新 (KB925454)
Windows XP 安全更新 (KB925486)
Windows XP 安全更新 (KB925902)
Windows XP 安全更新 (KB926255)
Windows XP 安全更新 (KB926436)
Windows XP 安全更新 (KB927779)
Windows XP 安全更新 (KB927802)
Windows XP 安全更新 (KB928090)
Windows XP 安全更新 (KB928255)
Windows XP 安全更新 (KB928843)
Windows XP 安全更新 (KB929123)
Windows XP 安全更新 (KB929969)
Windows XP 安全更新 (KB930178)
Windows XP 安全更新 (KB931261)
Windows XP 安全更新 (KB931768)
Windows XP 安全更新 (KB931784)
Windows XP 安全更新 (KB932168)
Windows XP 安全更新 (KB933566)
Windows XP 安全更新 (KB933729)
Windows XP 安全更新 (KB935839)
Windows XP 安全更新 (KB935840)
Windows XP 安全更新 (KB936021)
Windows XP 安全更新 (KB937143)
Windows XP 安全更新 (KB938127)
Windows XP 安全更新 (KB938464)
Windows XP 安全更新 (KB938829)
Windows XP 安全更新 (KB939653)
Windows XP 安全更新 (KB941202)
Windows XP 安全更新 (KB941568)
Windows XP 安全更新 (KB941644)
Windows XP 安全更新 (KB941693)
Windows XP 安全更新 (KB942615)
Windows XP 安全更新 (KB943055)
Windows XP 安全更新 (KB943460)
Windows XP 安全更新 (KB943485)
Windows XP 安全更新 (KB944533)
Windows XP 安全更新 (KB944653)
Windows XP 安全更新 (KB945553)
Windows XP 安全更新 (KB946026)
Windows XP 安全更新 (KB946648)
Windows XP 安全更新 (KB948590)
Windows XP 安全更新 (KB948881)
Windows XP 安全更新 (KB950749)
Windows XP 安全更新 (KB950760)
Windows XP 安全更新 (KB950762)
Windows XP 安全更新 (KB950974)
Windows XP 安全更新 (KB951066)
Windows XP 安全更新 (KB951376)
Windows XP 安全更新 (KB951376-v2)
Windows XP 安全更新 (KB951698)
Windows XP 安全更新 (KB951748)
Windows XP 安全更新 (KB952004)
Windows XP 安全更新 (KB952954)
Windows XP 安全更新 (KB953839)
Windows XP 安全更新 (KB954211)
Windows XP 安全更新 (KB954600)
Windows XP 安全更新 (KB955069)
Windows XP 安全更新 (KB956391)
Windows XP 安全更新 (KB956572)
Windows XP 安全更新 (KB956802)
Windows XP 安全更新 (KB956803)
Windows XP 安全更新 (KB956841)
Windows XP 安全更新 (KB957095)
Windows XP 安全更新 (KB957097)
Windows XP 安全更新 (KB958470)
Windows XP 安全更新 (KB958644)
Windows XP 安全更新 (KB958687)
Windows XP 安全更新 (KB958690)
Windows XP 安全更新 (KB959426)
Windows XP 安全更新 (KB960225)
Windows XP 安全更新 (KB960715)
Windows XP 安全更新 (KB960803)
Windows XP 安全更新 (KB960859)
Windows XP 安全更新 (KB961371)
Windows XP 安全更新 (KB961373)
Windows XP 安全更新 (KB961501)
Windows XP 安全更新 (KB968537)
Windows XP 安全更新 (KB969898)
Windows XP 安全更新 (KB970238)
Windows XP 安全更新 (KB971557)
Windows XP 安全更新 (KB971633)
Windows XP 安全更新 (KB971657)
Windows XP 安全更新 (KB973346)
Windows XP 安全更新 (KB973354)
Windows XP 安全更新 (KB973507)
Windows XP 安全更新 (KB973869)
Windows XP 更新 (KB894391)
Windows XP 更新 (KB896727)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB904942)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB929338)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB931836)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB933360)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB942763)
Windows XP 更新 (KB942840)
Windows XP 更新 (KB946627)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB973815)
Windows XP 修补程序 (KB914440)
Windows XP 修补程序 (KB952287)
Windows XP 修补程序包 - KB834707
Windows XP 修补程序包 - KB867282
Windows XP 修补程序包 - KB873333
Windows XP 修补程序包 - KB873339
Windows XP 修补程序包 - KB885250
Windows XP 修补程序包 - KB885835
Windows XP 修补程序包 - KB885836
Windows XP 修补程序包 - KB886185
Windows XP 修补程序包 - KB886677
Windows XP 修补程序包 - KB887472
Windows XP 修补程序包 - KB887742
Windows XP 修补程序包 - KB888113
Windows XP 修补程序包 - KB888302
Windows XP 修补程序包 - KB890047
Windows XP 修补程序包 - KB890175
Windows XP 修补程序包 - KB890859
Windows XP 修补程序包 - KB891781
Windows XP 修补程序包 - KB894194
WinRAR 压缩文件管理器
暴风下载器
暴风影音
畅游巡警 1.1.0.2 VeryCD专版
金山打字通 2008
金山打字游戏 2008
闪联任意通
闪联通用自动更新
闪联文件交互智能应用框架
闪联运行支撑平台
文件备份
迅雷5
#4
Posted 13 August 2009 - 07:30 AM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
That's strange about mbam. Could be a read error though. Can you try to run in developers mode?
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
Also, I can't read some of the Chinese characters here, but is there qvod listed anywhere? If so, please uninstall it. I want to see if it's somewhere related with it.
The following programs are not really recommended either since they have a questionable reputation:
easyMule
Tencent Media Player by Viewpoint
QQ2007II 正式版
Then,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O9 - Extra button: ???? - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: ???? - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - (no file)
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Also, * Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
That's strange about mbam. Could be a read error though. Can you try to run in developers mode?
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
Also, I can't read some of the Chinese characters here, but is there qvod listed anywhere? If so, please uninstall it. I want to see if it's somewhere related with it.
The following programs are not really recommended either since they have a questionable reputation:
easyMule
Tencent Media Player by Viewpoint
QQ2007II 正式版
Then,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O9 - Extra button: ???? - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: ???? - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all...ge/url.asp?id=1 (file missing)
O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - (no file)
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Also, * Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
#5
Posted 14 August 2009 - 04:09 AM
-
- Members
-
- 3 posts
New Member
I ran Mbam in developer mode. Exact same result. Same error code, the logs show as clean, same as the one I posted above.
I removed those files with Hijack and nothing happened. I didn't get that qvod until I asked my gf and she told me that was the name of the movie player that she installed/deleted right before the problem. I went into safe mode and navigated to the .dll and deleted it (normal mode it was in use) and now the computer is working fine. IE: When I open "C:\Test" it simply goes there. It does not open IE to baidu and search for "C:\Test" anymore. So the main problem is fixed apparently.
I got ComboFix and disabled her Symantec and windows firewall, but the program wouldn't run. It would get to where it was trying to make a registry back up, but hung indefinitely after showing the 2 bars as it prepared the system. ComboFix picked up on the native chinese and the text was in Chinese, but she told me it would either hang at "Preparing to make a registry back up" or "Making registry back up." From what I read on the site it shouldn't take over 10 minutes to make the backup, so I don't think it is working for some reason.
I'm a bit at a loss, the computer -seems- to be working fine. If it wasn't for mbam giving that mystery file I'd say it was all fixed. Unless you think there is something still hiding, all the problems seem to be fixed.
She did mention she was worried the QBU folder in her program files (contains QkOnBtn.exe) might be some kind of malware. I looked around and didn't see any evidence one way or another. This post was actually 7th from the top on results. I'm not sure what it does and am not about to run the .exe and the program has a add/remove entry. I'm not sure if it is appropriate I ask in this thread or if I should ask in general help.
Thanks for all of your help.
I removed those files with Hijack and nothing happened. I didn't get that qvod until I asked my gf and she told me that was the name of the movie player that she installed/deleted right before the problem. I went into safe mode and navigated to the .dll and deleted it (normal mode it was in use) and now the computer is working fine. IE: When I open "C:\Test" it simply goes there. It does not open IE to baidu and search for "C:\Test" anymore. So the main problem is fixed apparently.
I got ComboFix and disabled her Symantec and windows firewall, but the program wouldn't run. It would get to where it was trying to make a registry back up, but hung indefinitely after showing the 2 bars as it prepared the system. ComboFix picked up on the native chinese and the text was in Chinese, but she told me it would either hang at "Preparing to make a registry back up" or "Making registry back up." From what I read on the site it shouldn't take over 10 minutes to make the backup, so I don't think it is working for some reason.
I'm a bit at a loss, the computer -seems- to be working fine. If it wasn't for mbam giving that mystery file I'd say it was all fixed. Unless you think there is something still hiding, all the problems seem to be fixed.
She did mention she was worried the QBU folder in her program files (contains QkOnBtn.exe) might be some kind of malware. I looked around and didn't see any evidence one way or another. This post was actually 7th from the top on results. I'm not sure what it does and am not about to run the .exe and the program has a add/remove entry. I'm not sure if it is appropriate I ask in this thread or if I should ask in general help.
Thanks for all of your help.
#6
Posted 14 August 2009 - 08:58 AM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
QkOnBtn.exe is from QuickOn Button ( WinXP ) which is installed here, so it's fine.
Yes, I already though qvod was the main problem here, that's why I asked if this reference was in add/remove programs as well to uninstall since a lot of them are in chinese
The error/detection in mbam may be a read detection, same as why Combofix doesn't want to proceed with the scan and hangs when backing up the registry.
You can still try to run Combofix from Windows safe mode - but since the main problem is resolved here, I wouldn't worry about the rest. I'm pretty sure it's just a read error in mbam, same as it's for Combofix.
QkOnBtn.exe is from QuickOn Button ( WinXP ) which is installed here, so it's fine.
Yes, I already though qvod was the main problem here, that's why I asked if this reference was in add/remove programs as well to uninstall since a lot of them are in chinese
The error/detection in mbam may be a read detection, same as why Combofix doesn't want to proceed with the scan and hangs when backing up the registry.
You can still try to run Combofix from Windows safe mode - but since the main problem is resolved here, I wouldn't worry about the rest. I'm pretty sure it's just a read error in mbam, same as it's for Combofix.
#7
Posted 18 August 2009 - 11:56 AM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
