pistachios

Hello. First off, I'd like to say that Malwarebytes is awesome! I will be sending in my money! As with other posts, I can't get rid of the Trojan.BHO (fsharproj). I am including the latest full scan as well as DDS logs, one attached as a zipped file. You'll notice I just upgraded Java today; somehow this got past me. Thinking the problem was with Office 2000, I finally upgraded that recently, too. Everything else seems to be updated. Thanks for your help. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8049 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 11/1/2011 2:02:25 PM mbam-log-2011-11-01 (14-02-25).txt Scan type: Full scan (C:\|E:\|F:\|Q:\|S:\|) Objects scanned: 282326 Time elapsed: 31 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Sally at 12:49:36 on 2011-11-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2325 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ixquick.com/ BHO: {0dce00f6-f750-4657-9afa-0d4f427178d8} - c:\users\sally\appdata\local\TrayCodec.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 71.242.0.12 71.252.0.12 TCP: Interfaces\{9FEDE8AE-A4B0-4B88-B18D-98288EB73A5B} : DhcpNameServer = 71.242.0.12 71.252.0.12 TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\1447C616E647162427561646 : DhcpNameServer = 24.178.162.3 97.81.22.195 TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\355636F6E646F57596E646 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\37C656560796E6E6 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\4497E65687 : DhcpNameServer = 192.168.2.1 24.178.162.3 24.177.176.38 24.217.0.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\sally\appdata\roaming\mozilla\firefox\profiles\oex1tg5b.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-21 49472] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] S1 MpKsl7323877f;MpKsl7323877f;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys [2011-11-1 28752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-4-3 99896] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368] S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-21 112128] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-21 97536] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400] . =============== Created Last 30 ================ . 2011-11-01 16:39:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-11-01 16:18:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys 2011-11-01 16:17:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\offreg.dll 2011-11-01 16:17:49 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\mpengine.dll 2011-10-29 14:45:19 358912 ----a-w- c:\users\sally\appdata\local\TrayCodec.dll 2011-10-26 00:04:20 -------- d-----w- c:\windows\PCHEALTH 2011-10-25 23:57:23 -------- dc----w- c:\program files\Microsoft Analysis Services 2011-10-25 23:56:20 -------- d-----w- c:\users\sally\appdata\local\Microsoft Help 2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-21 12:40:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-12 16:55:16 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 16:55:16 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 16:55:13 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 16:55:13 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 16:54:59 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 00:32:37 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{787ddc48-1239-463c-98cb-ded7dffb0705}\gapaengine.dll . ==================== Find3M ==================== . 2011-11-01 16:02:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-30 14:26:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-10-13 02:31:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 12:50:59.40 =============== Attach.zip

Thanks. I just got back from picking up my cleaned computer from a pro. Hopefully, the virus will not come back! S.

Hello, The other day I got a Google Redirect Virus that also posted a few fake warnings to clean my computer. (Ignored them.) In the past four days, Microsoft Security Essentials picked up two viruses, Trojan: Win32/Meredrop (two days) and TrojanDownloader:Win32.Tracur.Q. Spybot didn’t find much. I then downloaded Hitman Pro and it found a bunch of stuff. I also downloaded and ran Malwarebytes. The quick scan found Trojan:BHO in the Registry Key, but the complete scan gets hung up about ½ hour into the scan, somewhere around the 110,000 file. I’m still getting the redirects. I'm running a Lenovo laptop and don't know how to run things in Safe Mode, should that be necessary. So how do we get Malwarebytes to run the full scan and proceed from there to get rid of this problem? Thanks. S