Jump to content

pistachios

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by pistachios

    another fsharproj trojan.bho problem

    in Resolved Malware Removal Logs

    Posted

    Hello. First off, I'd like to say that Malwarebytes is awesome! I will be sending in my money!

    As with other posts, I can't get rid of the Trojan.BHO (fsharproj). I am including the latest full scan as well as DDS logs, one attached as a zipped file. You'll notice I just upgraded Java today; somehow this got past me. Thinking the problem was with Office 2000, I finally upgraded that recently, too. Everything else seems to be updated. Thanks for your help.

    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Database version: 8049

    Windows 6.1.7601 Service Pack 1 (Safe Mode)

    Internet Explorer 9.0.8112.16421

    11/1/2011 2:02:25 PM

    mbam-log-2011-11-01 (14-02-25).txt

    Scan type: Full scan (C:\|E:\|F:\|Q:\|S:\|)

    Objects scanned: 282326

    Time elapsed: 31 minute(s), 5 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 1

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    .

    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

    Run by Sally at 12:49:36 on 2011-11-01

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2325 [GMT -4:00]

    .

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\Explorer.EXE

    C:\Windows\system32\ctfmon.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://ixquick.com/

    BHO: {0dce00f6-f750-4657-9afa-0d4f427178d8} - c:\users\sally\appdata\local\TrayCodec.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

    BHO: 1 (0x1) - No File

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

    mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe

    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

    mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"

    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

    mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c

    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

    mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe

    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

    mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE

    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    TCP: DhcpNameServer = 71.242.0.12 71.252.0.12

    TCP: Interfaces\{9FEDE8AE-A4B0-4B88-B18D-98288EB73A5B} : DhcpNameServer = 71.242.0.12 71.252.0.12

    TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421} : DhcpNameServer = 10.0.0.1

    TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\1447C616E647162427561646 : DhcpNameServer = 24.178.162.3 97.81.22.195

    TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\355636F6E646F57596E646 : DhcpNameServer = 192.168.0.1

    TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\37C656560796E6E6 : DhcpNameServer = 10.0.0.1

    TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\4497E65687 : DhcpNameServer = 192.168.2.1 24.178.162.3 24.177.176.38 24.217.0.5

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Notify: igfxcui - igfxdev.dll

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\sally\appdata\roaming\mozilla\firefox\profiles\oex1tg5b.default\

    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

    FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/

    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

    S1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-21 49472]

    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

    S1 MpKsl7323877f;MpKsl7323877f;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys [2011-11-1 28752]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]

    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-4-3 99896]

    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]

    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]

    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]

    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]

    S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]

    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]

    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]

    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-21 112128]

    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-21 97536]

    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]

    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224]

    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

    .

    =============== Created Last 30 ================

    .

    2011-11-01 16:39:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2011-11-01 16:18:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys

    2011-11-01 16:17:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\offreg.dll

    2011-11-01 16:17:49 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\mpengine.dll

    2011-10-29 14:45:19 358912 ----a-w- c:\users\sally\appdata\local\TrayCodec.dll

    2011-10-26 00:04:20 -------- d-----w- c:\windows\PCHEALTH

    2011-10-25 23:57:23 -------- dc----w- c:\program files\Microsoft Analysis Services

    2011-10-25 23:56:20 -------- d-----w- c:\users\sally\appdata\local\Microsoft Help

    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2011-10-21 12:40:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-10-12 16:55:16 75776 ----a-w- c:\windows\system32\psisrndr.ax

    2011-10-12 16:55:16 465408 ----a-w- c:\windows\system32\psisdecd.dll

    2011-10-12 16:55:13 571904 ----a-w- c:\windows\system32\oleaut32.dll

    2011-10-12 16:55:13 233472 ----a-w- c:\windows\system32\oleacc.dll

    2011-10-12 16:54:59 2334720 ----a-w- c:\windows\system32\win32k.sys

    2011-10-12 00:32:37 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{787ddc48-1239-463c-98cb-ded7dffb0705}\gapaengine.dll

    .

    ==================== Find3M ====================

    .

    2011-11-01 16:02:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2011-10-30 14:26:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

    2011-10-13 02:31:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    .

    ============= FINISH: 12:50:59.40 ===============

    Attach.zip

    Malwarebytes incompleting full scan

    in Resolved Malware Removal Logs

    Posted

    Hi and welcome to Malwarebytes.

    Please update MBAM, run a Quick Scan, and post its log.

    Next, download DDS by sUBs and save it to your Desktop.

    Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

    Thanks. I just got back from picking up my cleaned computer from a pro. Hopefully, the virus will not come back! S.

    Malwarebytes incompleting full scan

    in Resolved Malware Removal Logs

    Posted

    Hello,

    The other day I got a Google Redirect Virus that also posted a few fake warnings to clean my computer. (Ignored them.) In the past four days, Microsoft Security Essentials picked up two viruses, Trojan: Win32/Meredrop (two days) and TrojanDownloader:Win32.Tracur.Q. Spybot didn’t find much. I then downloaded Hitman Pro and it found a bunch of stuff. I also downloaded and ran Malwarebytes. The quick scan found Trojan:BHO in the Registry Key, but the complete scan gets hung up about ½ hour into the scan, somewhere around the 110,000 file. I’m still getting the redirects. I'm running a Lenovo laptop and don't know how to run things in Safe Mode, should that be necessary. So how do we get Malwarebytes to run the full scan and proceed from there to get rid of this problem? Thanks. S

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.