pistachios
-
Posts
3 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by pistachios
-
-
Hi and welcome to Malwarebytes.
Please update MBAM, run a Quick Scan, and post its log.
Next, download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Thanks. I just got back from picking up my cleaned computer from a pro. Hopefully, the virus will not come back! S.
-
Hello,
The other day I got a Google Redirect Virus that also posted a few fake warnings to clean my computer. (Ignored them.) In the past four days, Microsoft Security Essentials picked up two viruses, Trojan: Win32/Meredrop (two days) and TrojanDownloader:Win32.Tracur.Q. Spybot didn’t find much. I then downloaded Hitman Pro and it found a bunch of stuff. I also downloaded and ran Malwarebytes. The quick scan found Trojan:BHO in the Registry Key, but the complete scan gets hung up about ½ hour into the scan, somewhere around the 110,000 file. I’m still getting the redirects. I'm running a Lenovo laptop and don't know how to run things in Safe Mode, should that be necessary. So how do we get Malwarebytes to run the full scan and proceed from there to get rid of this problem? Thanks. S
another fsharproj trojan.bho problem
in Resolved Malware Removal Logs
Posted
Hello. First off, I'd like to say that Malwarebytes is awesome! I will be sending in my money!
As with other posts, I can't get rid of the Trojan.BHO (fsharproj). I am including the latest full scan as well as DDS logs, one attached as a zipped file. You'll notice I just upgraded Java today; somehow this got past me. Thinking the problem was with Office 2000, I finally upgraded that recently, too. Everything else seems to be updated. Thanks for your help.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8049
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
11/1/2011 2:02:25 PM
mbam-log-2011-11-01 (14-02-25).txt
Scan type: Full scan (C:\|E:\|F:\|Q:\|S:\|)
Objects scanned: 282326
Time elapsed: 31 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Sally at 12:49:36 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2325 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ixquick.com/
BHO: {0dce00f6-f750-4657-9afa-0d4f427178d8} - c:\users\sally\appdata\local\TrayCodec.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{9FEDE8AE-A4B0-4B88-B18D-98288EB73A5B} : DhcpNameServer = 71.242.0.12 71.252.0.12
TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\1447C616E647162427561646 : DhcpNameServer = 24.178.162.3 97.81.22.195
TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\355636F6E646F57596E646 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\37C656560796E6E6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\4497E65687 : DhcpNameServer = 192.168.2.1 24.178.162.3 24.177.176.38 24.217.0.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sally\appdata\roaming\mozilla\firefox\profiles\oex1tg5b.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-21 49472]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
S1 MpKsl7323877f;MpKsl7323877f;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys [2011-11-1 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-4-3 99896]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-21 112128]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-21 97536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
.
=============== Created Last 30 ================
.
2011-11-01 16:39:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-01 16:18:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys
2011-11-01 16:17:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\offreg.dll
2011-11-01 16:17:49 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\mpengine.dll
2011-10-29 14:45:19 358912 ----a-w- c:\users\sally\appdata\local\TrayCodec.dll
2011-10-26 00:04:20 -------- d-----w- c:\windows\PCHEALTH
2011-10-25 23:57:23 -------- dc----w- c:\program files\Microsoft Analysis Services
2011-10-25 23:56:20 -------- d-----w- c:\users\sally\appdata\local\Microsoft Help
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 12:40:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 16:55:16 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 16:55:16 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 16:55:13 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:55:13 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:54:59 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 00:32:37 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{787ddc48-1239-463c-98cb-ded7dffb0705}\gapaengine.dll
.
==================== Find3M ====================
.
2011-11-01 16:02:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-30 14:26:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-13 02:31:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:50:59.40 ===============
Attach.zip