Sign in to follow this  
Followers 0
nexus88

Trojan.Tracur

40 posts in this topic

Hello, long time user of the program, new member. I've been trying to remove this trojan that keep on re-appearing after i delete it with Malwarebyte, and yes, i've updated the program as well, and every time i restart it, and rescan, the same virus appears.

This is where it located, I uploaded a recent scan txt that found it too.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER32 (Trojan.Tracur)

Any suggestion about this?

Doesn't let me edit my post, but here the TXT from the scan.

mbam-log-2011-07-22 (21-42-31).txt

Um anything?...

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

Run by Chris at 1:34:24 on 2011-07-24

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1062 [GMT -7:00]

.

AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011x\avp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011x\avp.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.sbc.com/dsl

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011x\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011x\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011x\avp.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\documents and settings\chris\start menu\programs\startup\PowerReg Scheduler.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011x\klwtbbho.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011x\klwtbbho.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: Interfaces\{B58C6BB7-D7CC-4D2A-87FF-55AABEFC2B71} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\m6k9iapt.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 62323

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\chris\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-7-23 475736]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011x\avp.exe [2010-11-2 365336]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-5-2 24652]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]

S0 rslcy;rslcy;c:\windows\system32\drivers\uptklb.sys --> c:\windows\system32\drivers\uptklb.sys [?]

S2 Browser32;Computer Browser ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Desura Install Service32;Desura Install Service ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 Dnscache32;DNS Client ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 helpsvc32;Help and Support ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 iPod Service32;iPod Service ;c:\windows\system32\msjetoledb4032.exe --> c:\windows\system32\msjetoledb4032.exe [?]

S2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\msexcl4032.exe --> c:\windows\system32\msexcl4032.exe [?]

S2 WmdmPmSN32;Portable Media Serial Number Service ;c:\windows\system32\shell3232.exe --> c:\windows\system32\shell3232.exe [?]

S3 3DRipDriver;3D Ripper monitoring driver;c:\program files\3dripperdx\3DRipDriver.sys [2010-5-2 6656]

S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2011-3-28 128832]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

.

=============== Created Last 30 ================

.

2011-07-24 08:14:05 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files

2011-07-24 08:05:31 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-07-24 08:05:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-24 05:57:24 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-07-24 05:57:24 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-07-24 05:55:11 -------- d-----w- c:\program files\Kaspersky Lab

2011-07-24 05:55:10 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

2011-07-23 20:46:28 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-07-23 03:38:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\PMB Files(2)

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Pando_Temp

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Identities

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\GameSpy

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Chromium

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\0luke0

2011-07-23 01:04:42 -------- d-----w- c:\documents and settings\chris\application data\6B1D3F937C281392BC7AF049F4AF557F

2011-07-23 00:56:39 -------- d-----w- C:\RECYCLER(2)

2011-07-22 12:32:15 98816 ----a-w- c:\windows\sed.exe

2011-07-22 12:32:15 518144 ----a-w- c:\windows\SWREG.exe

2011-07-22 12:32:15 256000 ----a-w- c:\windows\PEV.exe

2011-07-22 12:32:15 208896 ----a-w- c:\windows\MBR.exe

2011-07-16 20:21:06 -------- d-----w- c:\program files\Pando Networks(2)

2011-07-08 21:51:02 -------- d-----w- C:\UDK

2011-07-03 23:52:31 -------- d-----w- c:\program files\GamersFirst

2011-07-03 21:54:41 -------- d-----w- c:\documents and settings\all users\application data\EA Core

2011-07-03 21:54:40 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts

2011-06-30 04:12:32 -------- d-sha-r- C:\cmdcons

2011-06-29 22:14:15 -------- d-----w- c:\program files\AVAST Software

2011-06-29 22:14:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-06-29 21:23:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-29 21:23:29 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-29 21:23:29 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-29 21:23:29 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-29 21:23:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-29 21:23:29 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-29 21:23:29 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-29 21:23:29 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-26 21:53:03 -------- d-----w- c:\documents and settings\chris\application data\spiral

2011-06-25 00:03:51 -------- d-----w- c:\program files\Sony Media Go Install

.

==================== Find3M ====================

.

2011-07-16 03:46:03 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-16 03:45:55 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-16 03:45:55 280768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-16 03:21:19 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-18 11:13:49 0 ---ha-w- c:\documents and settings\chris\vzipsdhujw.tmp

.

============= FINISH: 1:36:02.75 ===============

Here's a DDS scan from it, Please i really like a response about this problem. I would expect some professional to actually look at this...

dds.txt

Some "help"

Groups authorized to help with HJT logs

http://forums.malwarebytes.org/index.php?showtopic=12264

I got infected with tracur/y and tracur/q. I removed them by deleting the browser temporary internet files, running malwarebytes and scanning with MSE. I'm not sure if malwarebytes or MSE got rid if it. I read that tracur hides in the browser cache/temporary internet files.

Where would that be located?

And seriously, no mods or anyone even bothering to help out?

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

We look for post with 0 replies, so when you posted to your own log, we assumed you were being helped.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Open Notepad, click on Format and uncheck Word Wrap.

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Share this post


Link to post
Share on other sites

Where exactly do i Disable Internet Explorer Proxy Settings and Reset TCP/IP? My firefox was already disable from proxxy. And i don't use IE, but do i still have to set those?

Share this post


Link to post
Share on other sites

We won't worry about IE then.

Looks like you've already have Combofix. Did you run it?

Share this post


Link to post
Share on other sites

We won't worry about IE then.

Looks like you've already have Combofix. Did you run it?

Alright so i don't do anything with IE then, i already set up Firefox though.

And i got the .Bat saved with the code box you wanted me to copy into.

I did run combofix once, however, it did not fix the issue, and seem to disable some of my programs, which i had to system restore back before i used combofix. I just posted the log in case.

Share this post


Link to post
Share on other sites

Run tha .bat if you haven't already and let me know how it's running.

Share this post


Link to post
Share on other sites

Run tha .bat if you haven't already and let me know how it's running.

Alright, so i just follow about disabling firefox proxxy only then? making sure i'm following this right. And i have to check this back in a hour, sorry, didn't think i get a reply so soon.

After i set the .bat, i restart the computer, then use Malwarebytes, update it, then quick scan?

Share this post


Link to post
Share on other sites
Alright, so i just follow about disabling firefox proxxy only then? making sure i'm following this right. And i have to check this back in a hour, sorry, didn't think i get a reply so soon.

After i set the .bat, i restart the computer, then use Malwarebytes, update it, then quick scan?

Yes

Share this post


Link to post
Share on other sites

Alright back, i've try using the bat, but there was some error i got

unledarp.jpg

I'm not sure if it worked or not, and i havent restarted at the moment, since it look like an error from it, what do i do?

Share this post


Link to post
Share on other sites

From your DDS scan it showed a proxy server port

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\m6k9iapt.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 62323

FF - prefs.js: network.proxy.type - 0

Run a new DDS scan and post the results

Share this post


Link to post
Share on other sites

Sorry i thought there was an updated ver of it.

Heres the dds results.

dds.txt

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

Run by Chris at 13:23:58 on 2011-07-25

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1314 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

svchost.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Chris\Desktop\steam_chatlog_b4fix\Chat Log.exe

C:\WINDOWS\system32\msiexec.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.sbc.com/dsl

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: Interfaces\{B58C6BB7-D7CC-4D2A-87FF-55AABEFC2B71} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\m6k9iapt.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 62323

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\chris\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl00e1a7ec;MpKsl00e1a7ec;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl00e1a7ec.sys [2011-7-25 28752]

R1 MpKsl35b44083;MpKsl35b44083;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl35b44083.sys [2011-7-25 28752]

R1 MpKsl39706d7e;MpKsl39706d7e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl39706d7e.sys [2011-7-25 28752]

R1 MpKsl678d6582;MpKsl678d6582;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl678d6582.sys [2011-7-25 28752]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-5-2 24652]

R4 KL1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]

R4 kl2;kl2;c:\windows\system32\drivers\kl2.sys --> c:\windows\system32\drivers\kl2.sys [?]

R4 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]

R4 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys --> c:\windows\system32\drivers\klmouflt.sys [?]

S0 rslcy;rslcy;c:\windows\system32\drivers\uptklb.sys --> c:\windows\system32\drivers\uptklb.sys [?]

S2 Browser32;Computer Browser ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Desura Install Service32;Desura Install Service ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 Dnscache32;DNS Client ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 helpsvc32;Help and Support ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]

S2 iPod Service32;iPod Service ;c:\windows\system32\msjetoledb4032.exe --> c:\windows\system32\msjetoledb4032.exe [?]

S2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\msexcl4032.exe --> c:\windows\system32\msexcl4032.exe [?]

S2 WmdmPmSN32;Portable Media Serial Number Service ;c:\windows\system32\shell3232.exe --> c:\windows\system32\shell3232.exe [?]

S3 3DRipDriver;3D Ripper monitoring driver;c:\program files\3dripperdx\3DRipDriver.sys [2010-5-2 6656]

S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2011-3-28 128832]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-17 41272]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

.

=============== Created Last 30 ================

.

2011-07-25 20:22:30 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl39706d7e.sys

2011-07-25 19:47:29 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl00e1a7ec.sys

2011-07-25 19:24:51 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl35b44083.sys

2011-07-25 19:22:29 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\MpKsl678d6582.sys

2011-07-25 04:04:13 -------- d-----w- c:\documents and settings\chris\local settings\application data\Darksiders

2011-07-25 00:22:15 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd5b46f3-0a23-4834-9970-3188e5617d4e}\mpengine.dll

2011-07-25 00:22:08 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-25 00:14:52 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-24 08:05:31 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-07-24 08:05:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-24 05:55:10 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

2011-07-23 20:46:28 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-07-23 03:38:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\PMB Files(2)

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Pando_Temp

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Identities

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\GameSpy

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\Chromium

2011-07-23 01:04:48 -------- d-----w- c:\documents and settings\chris\local settings\application data\0luke0

2011-07-23 01:04:42 -------- d-----w- c:\documents and settings\chris\application data\6B1D3F937C281392BC7AF049F4AF557F

2011-07-23 00:56:39 -------- d-----w- C:\RECYCLER(2)

2011-07-22 12:32:15 98816 ----a-w- c:\windows\sed.exe

2011-07-22 12:32:15 518144 ----a-w- c:\windows\SWREG.exe

2011-07-22 12:32:15 256000 ----a-w- c:\windows\PEV.exe

2011-07-22 12:32:15 208896 ----a-w- c:\windows\MBR.exe

2011-07-16 20:21:06 -------- d-----w- c:\program files\Pando Networks(2)

2011-07-08 21:51:02 -------- d-----w- C:\UDK

2011-07-03 23:52:31 -------- d-----w- c:\program files\GamersFirst

2011-07-03 21:54:41 -------- d-----w- c:\documents and settings\all users\application data\EA Core

2011-07-03 21:54:40 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts

2011-06-30 04:12:32 -------- d-sha-r- C:\cmdcons

2011-06-29 22:14:15 -------- d-----w- c:\program files\AVAST Software

2011-06-29 22:14:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-06-29 21:23:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-29 21:23:29 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-29 21:23:29 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-29 21:23:29 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-29 21:23:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-29 21:23:29 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-29 21:23:29 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-29 21:23:29 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-26 21:53:03 -------- d-----w- c:\documents and settings\chris\application data\spiral

.

==================== Find3M ====================

.

2011-07-16 03:46:03 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-16 03:45:55 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-16 03:45:55 280768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-16 03:21:19 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-18 11:13:49 0 ---ha-w- c:\documents and settings\chris\vzipsdhujw.tmp

.

============= FINISH: 13:24:18.85 ===============

Share this post


Link to post
Share on other sites

That port might be caused by skype.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

Do i need to dl "esetsmartinstaller_enu.exe" to use the scanner?

Share this post


Link to post
Share on other sites

The scan going to take a while, i think it's doing a full scan at the moment, is that the only scan i can do?

Share this post


Link to post
Share on other sites

If that scan doesn't remove the infection the next step would be Combofix

Share this post


Link to post
Share on other sites

I mean is there a quick scan for ESET or do i have to do full scan?

Share this post


Link to post
Share on other sites

Full

Sorry it took so long, the scan took forever.

here's what it got.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\Chris\Application Data\BitTorrent\Update+Crack-ASSII\Update+Crack-ASSII\SKIDROW\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

C:\Documents and Settings\Chris\Desktop\quickbms\bms_unpacker_swtfu_lp\bms_unpacker_swtfu_lp.exe a variant of Win32/Packed.ExeScript.B trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\6B1D3F937C281392BC7AF049F4AF557F\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{88fccda2-3605-4560-9752-fe225803866d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{bfa537c7-0969-4f4c-ae37-9436131a374d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{c2450720-6fd4-43cc-b832-73a41ba5b5e0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{ef137c53-4e8b-452b-a1b8-e7cd8a9b925f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{fce55333-cda0-4846-88d1-501800c96ffa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\SourceSDK\GameCfgMgr.exe probably a variant of Win32/Adware.Agent.NHZBYWN application cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158412.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158413.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158414.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158531.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158532.exe a variant of Win32/Kryptik.QRW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158533.exe Win32/Adware.AntimalwareDoctor.AH application cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158536.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158537.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164441.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164448.exe a variant of Win32/Packed.ExeScript.B trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164774.exe probably a variant of Win32/Adware.Agent.NHZBYWN application cleaned by deleting - quarantined

Attachment, in case.

threats.txt

Share this post


Link to post
Share on other sites

Forgot to get the log one in C:\Program Files\EsetOnlineScanner\log.txt

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=631a2919f7db9b47b2a1b48c454adb2d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-26 06:56:38

# local_time=2011-07-25 11:56:38 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=5891 16776533 42 88 0 8382627 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=556525

# found=21

# cleaned=21

# scan_time=36442

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\Application Data\BitTorrent\Update+Crack-ASSII\Update+Crack-ASSII\SKIDROW\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\Desktop\quickbms\bms_unpacker_swtfu_lp\bms_unpacker_swtfu_lp.exe a variant of Win32/Packed.ExeScript.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\6B1D3F937C281392BC7AF049F4AF557F\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{88fccda2-3605-4560-9752-fe225803866d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{bfa537c7-0969-4f4c-ae37-9436131a374d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{c2450720-6fd4-43cc-b832-73a41ba5b5e0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{ef137c53-4e8b-452b-a1b8-e7cd8a9b925f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6k9iapt.default\extensions\{fce55333-cda0-4846-88d1-501800c96ffa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\SourceSDK\GameCfgMgr.exe probably a variant of Win32/Adware.Agent.NHZBYWN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158412.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158413.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP471\A0158414.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158531.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158532.exe a variant of Win32/Kryptik.QRW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158533.exe Win32/Adware.AntimalwareDoctor.AH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158536.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP473\A0158537.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164441.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164448.exe a variant of Win32/Packed.ExeScript.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D5C21D5B-433B-4895-A74A-50DE3FC76E7B}\RP494\A0164774.exe probably a variant of Win32/Adware.Agent.NHZBYWN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Attachment as well.

log.txt

Share this post


Link to post
Share on other sites

How's it running now?

Seem to be the same, When i rescan them, i still get the same files i scaned the one i posted above, and malwarebytes still finds the same trojan.tracur as well.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.