HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) [Archive]

Brost

2011-07-21, 08:42

It seems my laptop can't seem to shake this file that I posted in the subject heading. I've ran MalwareBytes several times, and it keeps turning up this result, deleting it, but then always finding it again. Also, today I've noticed that YouTube videos are freezing my browser, and also Winamp is being frozen when I try to play music. Now, sounds are no longer playing. I don't know if this is coincidental or related to this bug, but it's very annoying.

Anywho, here's my report:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Keith at 1:23:57 on 2011-07-21
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
BHO: {03ee0ac1-f59c-466d-a525-74f5ab5ac177} - c:\windows\system32\atioglxx32.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? MBAMSwissArmy;MBAMSwissArmy
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? FontCache;Windows Font Cache Service
S? Lavasoft Kernexplorer;Lavasoft helper driver
S? Lbd;Lbd
S? O2MDRDR;O2MDRDR
S? O2SDRDR;O2SDRDR
S? UxSms32;Desktop Window Manager Session Manager
.
=============== Created Last 30 ================
.
2011-07-21 04:01:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 03:40:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-21 03:36:27 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-21 03:36:05 -------- d-----w- c:\program files\Lavasoft
2011-07-20 01:32:58 569344 ----a-w- c:\windows\system32\yA
2011-07-20 01:32:57 569344 ----a-w- c:\windows\system32\tapisrv32.exe
2011-07-20 01:32:56 356864 ----a-w- c:\windows\system32\atioglxx32.dll
2011-07-19 06:46:48 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4530828-eb90-49c3-8e70-fe54dce4946a}\mpengine.dll
2011-07-18 12:32:06 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-18 12:30:56 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-18 12:30:55 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-11 01:56:27 -------- d-----w- c:\users\keith\appdata\local\{E0EE62EF-C2B7-472E-9DBE-C292FD89AE28}
2011-07-10 13:37:30 -------- d-----w- c:\users\keith\appdata\local\{0C0556F8-AD73-4325-9275-9333F49F80D0}
2011-07-10 01:36:40 -------- d-----w- c:\users\keith\appdata\local\{0B4D311D-992C-4E21-A3A9-9E7448730BDE}
2011-07-09 20:29:18 -------- d-----w- c:\users\keith\appdata\local\{E78E6B06-D1C3-43C7-9278-16322DF10084}
2011-07-09 00:51:57 -------- d-----w- c:\users\keith\appdata\local\{25D4B406-D3D6-4DF2-8E14-67ED7FD766CD}
2011-07-07 09:29:56 -------- d-----w- c:\users\keith\appdata\local\{BE3437DD-C329-4B76-8E71-C15B40335C54}
2011-07-06 21:09:46 -------- d-----w- c:\users\keith\appdata\local\{CB9CAE6D-A1B1-4F12-8495-00CBC1329245}
2011-07-06 09:08:54 -------- d-----w- c:\users\keith\appdata\local\{B96C405A-E7FE-4937-8FD2-A56BD60950E0}
2011-07-02 06:47:26 -------- d-----w- C:\ZSNES
2011-06-29 20:13:19 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-27 07:03:29 -------- d-----w- c:\users\keith\appdata\local\{C207CD0C-DEA4-427C-A7A5-DDA5BA9FE7D8}
2011-06-26 19:02:31 -------- d-----w- c:\users\keith\appdata\local\{2CF93A9D-3C18-4733-8BFE-60566D33B5A4}
2011-06-25 22:37:14 -------- d-----w- c:\users\keith\appdata\local\{B0CE96A6-067A-487E-B982-4FFF6485CD64}
2011-06-25 09:50:41 -------- d-----w- c:\users\keith\appdata\local\{332D8593-AFEA-4E83-B2EE-B935E705827E}
2011-06-24 21:49:33 -------- d-----w- c:\users\keith\appdata\local\{E16564C1-A915-4ED6-B6BD-4872F2CB6C8B}
2011-06-24 08:19:36 -------- d-----w- c:\users\keith\appdata\local\{555B5FA1-F975-4B9E-B030-8181126A0EA7}
2011-06-23 20:18:29 -------- d-----w- c:\users\keith\appdata\local\{631CBB11-F6A6-4D86-9692-4443450736E7}
2011-06-23 08:17:23 -------- d-----w- c:\users\keith\appdata\local\{422EDA1E-64D6-4EDB-AA96-DF53EC310720}
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-14 03:46:01 0 ---ha-w- c:\windows\system32\inyrbagwob.tmp
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 1:26:28.57 ===============

I'm currently running Spybot, and I will post those results as soon as it finishes. Thanks for any and all help.