Jump to content

Recommended Posts

Hello. First off, I'd like to say that Malwarebytes is awesome! I will be sending in my money!

As with other posts, I can't get rid of the Trojan.BHO (fsharproj). I am including the latest full scan as well as DDS logs, one attached as a zipped file. You'll notice I just upgraded Java today; somehow this got past me. Thinking the problem was with Office 2000, I finally upgraded that recently, too. Everything else seems to be updated. Thanks for your help.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8049

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

11/1/2011 2:02:25 PM

mbam-log-2011-11-01 (14-02-25).txt

Scan type: Full scan (C:\|E:\|F:\|Q:\|S:\|)

Objects scanned: 282326

Time elapsed: 31 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Sally at 12:49:36 on 2011-11-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2325 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ixquick.com/

BHO: {0dce00f6-f750-4657-9afa-0d4f427178d8} - c:\users\sally\appdata\local\TrayCodec.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 71.242.0.12 71.252.0.12

TCP: Interfaces\{9FEDE8AE-A4B0-4B88-B18D-98288EB73A5B} : DhcpNameServer = 71.242.0.12 71.252.0.12

TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\1447C616E647162427561646 : DhcpNameServer = 24.178.162.3 97.81.22.195

TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\355636F6E646F57596E646 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\37C656560796E6E6 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{F9950B95-4C08-42F1-A620-5F1030C85421}\4497E65687 : DhcpNameServer = 192.168.2.1 24.178.162.3 24.177.176.38 24.217.0.5

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sally\appdata\roaming\mozilla\firefox\profiles\oex1tg5b.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-21 49472]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

S1 MpKsl7323877f;MpKsl7323877f;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys [2011-11-1 28752]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-4-3 99896]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]

S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-7 136176]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-21 112128]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-21 97536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

.

=============== Created Last 30 ================

.

2011-11-01 16:39:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-01 16:18:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\MpKsl7323877f.sys

2011-11-01 16:17:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\offreg.dll

2011-11-01 16:17:49 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bfcb019-aeaf-40a4-87b3-018cc11df129}\mpengine.dll

2011-10-29 14:45:19 358912 ----a-w- c:\users\sally\appdata\local\TrayCodec.dll

2011-10-26 00:04:20 -------- d-----w- c:\windows\PCHEALTH

2011-10-25 23:57:23 -------- dc----w- c:\program files\Microsoft Analysis Services

2011-10-25 23:56:20 -------- d-----w- c:\users\sally\appdata\local\Microsoft Help

2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-21 12:40:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-12 16:55:16 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 16:55:16 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 16:55:13 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 16:55:13 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 16:54:59 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 00:32:37 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{787ddc48-1239-463c-98cb-ded7dffb0705}\gapaengine.dll

.

==================== Find3M ====================

.

2011-11-01 16:02:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-30 14:26:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-13 02:31:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 12:50:59.40 ===============

Attach.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.