6 Replies Latest reply on Mar 1, 2009 8:01 AM by HennoKeers

    bo:heap

      I also came across this bo:heap virus...I run the VirusScan Enterprise and i just ran HijackThis and this is the log that it showed me. Can someone please help me so that i could remove this pesky virus...Thank you.

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\IPSSVC.EXE
      C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
      C:\WINDOWS\Help\aolconf.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\rpcnet.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      c:\program files\lenovo\system update\suservice.exe
      C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
      C:\WINDOWS\System32\TPHDEXLG.EXE
      C:\WINDOWS\system32\TpKmpSVC.exe
      C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
      C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
      C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
      C:\WINDOWS\Explorer.exe
      C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
      C:\Program Files\Network Associates\Common Framework\McTray.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
      C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
      C:\WINDOWS\system32\TpShocks.exe
      C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
      C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
      C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\TpScrLk.exe
      C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\AOL\1196217291\ee\AOLSoftware.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
      C:\WINDOWS\system32\vc.exe
      C:\Program Files\AIM6\aim6.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\AIM6\aolsoftware.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\AOL\Loader\aolload.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cpprod.stjohns.edu/cp/home/displaylogin
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by St. John's University
      F2 - REG:system.ini: Shell=Explorer.exe
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\system32\nsmss.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
      O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
      O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
      O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
      O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
        • 1. bo:heap cont'd
          O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
          O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
          O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
          O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
          O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
          O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
          O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S99.tmp" /EF "HKLM"
          O4 - HKLM\..\Run: [xf] C:\WINDOWS\system32\xf.exe
          O4 - HKLM\..\Run: [mzrsrvwbo] C:\WINDOWS\system32\mzrsrvwbo.exe
          O4 - HKLM\..\Run: [h] C:\WINDOWS\system32\h.exe
          O4 - HKLM\..\Run: [kchiov] C:\WINDOWS\system32\kchiov.exe
          O4 - HKLM\..\Run: [lsdup] C:\WINDOWS\system32\lsdup.exe
          O4 - HKLM\..\Run: [unietjjg] C:\WINDOWS\system32\unietjjg.exe
          O4 - HKLM\..\Run: [ekybfjt] C:\WINDOWS\system32\ekybfjt.exe
          O4 - HKLM\..\Run: [orup] C:\WINDOWS\system32\orup.exe
          O4 - HKLM\..\Run: [rgbqprpptw] C:\WINDOWS\system32\rgbqprpptw.exe
          O4 - HKLM\..\Run: [bbhu] C:\WINDOWS\system32\bbhu.exe
          O4 - HKLM\..\Run: [jc] C:\WINDOWS\system32\jc.exe
          O4 - HKLM\..\Run: [m] C:\WINDOWS\system32\m.exe
          O4 - HKLM\..\Run: [rkcciyt] C:\WINDOWS\system32\rkcciyt.exe
          O4 - HKLM\..\Run: [tvmtqbuzvj] C:\WINDOWS\system32\tvmtqbuzvj.exe
          O4 - HKLM\..\Run: [shhzcqkcskw] C:\WINDOWS\system32\shhzcqkcskw.exe
          O4 - HKLM\..\Run: [qrvp] C:\WINDOWS\system32\qrvp.exe
          O4 - HKLM\..\Run: [cuky] C:\WINDOWS\system32\cuky.exe
          O4 - HKLM\..\Run: [quzdnvgaunjk] C:\WINDOWS\system32\quzdnvgaunjk.exe
          O4 - HKLM\..\Run: [ukvcqcsnd] C:\WINDOWS\system32\ukvcqcsnd.exe
          O4 - HKLM\..\Run: [vap] C:\WINDOWS\system32\vap.exe
          O4 - HKLM\..\Run: [odnlryynz] C:\WINDOWS\system32\odnlryynz.exe
          O4 - HKLM\..\Run: [o] C:\WINDOWS\system32\o.exe
          O4 - HKLM\..\Run: [civimgg] C:\WINDOWS\system32\civimgg.exe
          O4 - HKLM\..\Run: [zdhslojdvrvy] C:\WINDOWS\system32\zdhslojdvrvy.exe
          O4 - HKLM\..\Run: [iwwr] C:\WINDOWS\system32\iwwr.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [jrhujkwm] C:\WINDOWS\system32\jrhujkwm.exe
          O4 - HKLM\..\Run: [pzqillgbpe] C:\WINDOWS\system32\pzqillgbpe.exe
          O4 - HKLM\..\Run: [rcgyxfrwg] C:\WINDOWS\system32\rcgyxfrwg.exe
          O4 - HKLM\..\Run: [pp] C:\WINDOWS\system32\pp.exe
          O4 - HKLM\..\Run: [hd] C:\WINDOWS\system32\hd.exe
          O4 - HKLM\..\Run: [kbaifmxkm] C:\WINDOWS\system32\kbaifmxkm.exe
          O4 - HKLM\..\Run: [um] C:\WINDOWS\system32\um.exe
          O4 - HKLM\..\Run: [hyjoyuti] C:\WINDOWS\system32\hyjoyuti.exe
          O4 - HKLM\..\Run: [aiczsa] C:\WINDOWS\system32\aiczsa.exe
          O4 - HKLM\..\Run: [ifspcag] C:\WINDOWS\system32\ifspcag.exe
          O4 - HKLM\..\Run: [d] C:\WINDOWS\system32\d.exe
          O4 - HKLM\..\Run: [ygjbpkgiikkx] C:\WINDOWS\system32\ygjbpkgiikkx.exe
          O4 - HKLM\..\Run: [ctwocok] C:\WINDOWS\system32\ctwocok.exe
          O4 - HKLM\..\Run: [umymrqxx] C:\WINDOWS\system32\umymrqxx.exe
          O4 - HKLM\..\Run: [nqbsnaprjck] C:\WINDOWS\system32\nqbsnaprjck.exe
          O4 - HKLM\..\Run: [bjzofvlgxi] C:\WINDOWS\system32\bjzofvlgxi.exe
          O4 - HKLM\..\Run: [pedvwhkz] C:\WINDOWS\system32\pedvwhkz.exe
          O4 - HKLM\..\Run: [juaaw] C:\WINDOWS\system32\juaaw.exe
          O4 - HKLM\..\Run: [fb] C:\WINDOWS\system32\fb.exe
          O4 - HKLM\..\Run: [gbgy] C:\WINDOWS\system32\gbgy.exe
          O4 - HKLM\..\Run: [adur] C:\WINDOWS\system32\adur.exe
          O4 - HKLM\..\Run: [vpgxcjz] C:\WINDOWS\system32\vpgxcjz.exe
          O4 - HKLM\..\Run: [tpdzdlc] C:\WINDOWS\system32\tpdzdlc.exe
          O4 - HKLM\..\Run: [jtun] C:\WINDOWS\system32\jtun.exe
          O4 - HKLM\..\Run: [nmp] C:\WINDOWS\system32\nmp.exe
          O4 - HKLM\..\Run: [dueyfs] C:\WINDOWS\system32\dueyfs.exe
          O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196217291\ee\AOLSoftware.exe
          O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\winbooter.exe
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
          O4 - HKLM\..\Run: [vc] C:\WINDOWS\system32\vc.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
          O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
          O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Digital Line Detect.lnk = ?
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          • 2. bo:heap cont'd 3
            O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - https://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab
            O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1120763170514
            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1147371192171
            O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Testoc Control) - http://facpub.stjohns.edu/~laptop/R52Security/testoc.cab
            O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\ibmegath.cab
            O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://remote.bessemer.com/remote/msrdp.cab
            O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\AcpControl.cab
            O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
            O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
            O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
            O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
            O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
            O23 - Service: AOL Configuration Utility (AOL_Conf) - Unknown owner - C:\WINDOWS\Help\aolconf.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
            O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
            O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
            O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
            O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
            O23 - Service: Print Spooler Service (oieiyixa5y5ew) - Unknown owner - C:\WINDOWS\system32\vc.exe
            O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
            O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\system32\rpcnet.exe
            O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
            O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
            O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
            O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
            O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
            O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
            O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
            O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
            O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
            • 3. RE: bo:heap cont'd 3
              Hopefully you know that we DON'T interpret HijackThis logs so I'm curious why you flooded the forum with one of the longest HJT logs I've seen... If you want to post such a log, you'll need to visit a specialized forum for such interpretations. See the links below:

              http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

              http://www.bleepingcomputer.com/forums/forum22.html

              http://forums.spywareinfo.com/index.php?showforum=18

              That said, the "Bo:Heap" detection is NOT a virus.. although there is a possibility it could be the representative of a virus or malware. Still, most of these types of errors are issues with the way McAfee is detecting a legitimate program while running.. Unfortunately, you didn't give us any information about your computer such as the operating system, then version of McAfee Enerprise you're running AND the EXACT Bo:Heap error that's being displayed.. Which patch number do you have installed on your VS Enterprise program. The newest patches fix most of the Bo: Heap errors.

              Hope this helps.

              Grif
              • 4. Help!  I've done these steps and can't get rid of it!
                Grif,

                I've followed your steps outlined below, except I've updated to the latest versions of Java and XP sp3. I have Corporate Virus Scan 8.0.0 and patch 10. I can't seem to get rid of the thing. It showed up on my system a couple of days ago. What steps can or should I take now. bo:heap keeps locking up my system and causing me to have to do a manual shut down.

                I've tried to do a system restore to a previous date and the restore won't run. I would appreciate any help you or anyone else can give to help me get rid of this thing.

                Thanks,
                SK9098


                • 5. RE: Help!  I've done these steps and can't get rid of it!
                  Peter M
                  You are posting in a thread that is long since dead (from 2006) and for a product that is obsolete.

                  We also do not analyse Hijackthis logs here. Please post them on one of the following forums for expert help:


                  Do not post the log here, we can't help!

                  DOWNLOAD HIJACKTHIS

                  Post the logs at a specialist Forum:

                  AUMHA FORUM

                  BLEEPING COMPUTER FORUM

                  GEEKS TO GO FORUM

                  MAJOR GEEKS FORUM

                  MALWAREBYTES FORUM

                  MALWARE REMOVAL FORUM

                  SPYWAREHAMMER FORUM

                  SPYWARE INFO FORUM

                  WHAT THE TECH FORUM

                  Be sure to read all the sticky announcements/instructions at the top of each malware forum!

                  Moved to Desktop & Server for VirusScan Enterprise support.
                  • 6. RE: Help!  I've done these steps and can't get rid of it!


                    The message comes from the fact that VSE 8.0 with any patch is not supported with IE7.
                    Upgrade/migrate to 8.5 or 8.7 with the latest Common Framework and you will not see the BO:Heaps anymore.

                    reg, Henno.