Thread: Suspected trojan.bho
View Single Post
Join Date: Jul 2008
Posts: 2,806
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 160
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: Suspected trojan.bho

 
0
  #4
Aug 8th, 2008
Hi Ixidor,
First of all, you are running TWO antivirus programs, AVG8 and Symantec/Norton. This is an absolute NO-NO. Presuming that the AVG8 is the free version, go to Add/Remove and Uninstall it. Then do a file search on the computer for anything AVG and delete it. IF you paid for both programs then you choose...whichever one you want to keep, keep it, but UNINSTALL the other one completely immediately. You also show you are running Zone Alarm Firewall which is fine, as long as it is the ONLY ONE firewall you are running. If you are also using the Windows Firewall, turn it off. Same rule applies to firewalls....ONLY ONE.

Now one reason Malwarebytes Anti-Malware may not have been able to remove all files, the database is out of date, current one is 1032 and yours shows 1012. I know you had to download it on another machine and then copy it to yours so that is probably the reason. Once you did have it installed did you attempt to update it? Now Malwarebytes does show it removed the files, and in fact the second log shows fewer than the first one and the ones it found are actually not exactly the same files in all cases. The two antivirus programs running also probably played a big part in this also and you need to close all unnecessary programs, including browser and Spysweeper from running while these removal programs are running.

Please re-enable System Restore if possible. One thing we prefer here is You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved. An infected System Restore is better than NO system restore. Plus a program like Malwarebytes WILL clean out infected files from System Restore.

Do you have the SDFix logs?

Please run HJT again and place a checkmark next to the following entries;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.72.196.70:6588
(this traces to kornet.net) Is this your ISP? If NOT place a checkmark next to this one.

O2 - BHO: (no name) - {44576619-5BBB-426D-AE84-E791329A97CD} - C:\WINDOWS\system32\mlJBUKdC.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan and post the log here.
Reply With Quote