BrianR

I'm infected with Trojan.Tracur.SGen..can someone help me with removal?

3 posts in this topic

Hi everyone. I've been getting these annoying redirects with my browser. I followed all the instructions on the "I'm infected" sticky post. I ran malwarebytes quick scan and it found some entries. I deleted them but it didn't correct the issue. I turned off system restore, rebooted in safe mode, and ran a full scan. It found nothing. I'm posting the malwarebytes log file of the first scan which found things and the dds.txt file. Attached is a zip of the attach.txt and ark.txt file as instructed.

I'd greatly appreciated anyone who can help me resolve this issue. Thank you.

---------------------------------------------------------------------------

Copy/paste of Malwarebytes log file:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7279

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

7/26/2011 2:07:30 AM

mbam-log-2011-07-26 (02-07-30).txt

Scan type: Quick scan

Objects scanned: 172006

Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

c:\Windows\SysWOW64\KBDFI32.exe (Trojan.Tracur.SGen) -> 2004 -> Unloaded process successfully.

c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe (Trojan.Tracur.SGen) -> 1560 ->

Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0D407D49-4931-499A-9448-01097D5D656f} (Trojan.Tracur.XGen) ->

Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{0D407D49-4931-499A-9448-01097D5D656F} (Trojan.Tracur.XGen) -> Quarantined and deleted

successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\SysWOW64\KBDFI32.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.

c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe (Trojan.Tracur.SGen) -> Quarantined and

deleted successfully.

c:\Windows\System32\KBDFI32.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.XGen) ->

Quarantined and deleted successfully.

c:\Windows\System32\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.XGen) ->

Quarantined and deleted successfully.

Copy/paste of DDS.txt:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Brian at 13:09:54 on 2011-07-26

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.2514 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe

C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe

C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Windows\splwow64.exe

C:\Windows\system32\spool\DRIVERS\x64\3\E_IAMTFFA.EXE

C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNFFA.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512200038.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Windows\TEMP\E_SD3E4.tmp" /EF "HKCU"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AE5A55F-B7CC-4BF4-BDDF-7E5962493B23} : DhcpNameServer = 192.168.0.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512200038.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\67rc1v5z.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-25 13336]

R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-5-25 1919504]

R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-8 1919504]

R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-6-11 1919504]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-28 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-28 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-28 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-25 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-25 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-10-25 149032]

R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-30 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-25 705856]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]

R3 MBOXMINI;Service for Avid Mbox Mini;C:\Windows\system32\DRIVERS\AvidMboxMini.sys --> C:\Windows\system32\DRIVERS\AvidMboxMini.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 Browser32;Computer Browser ;C:\Windows\system32\KBDFI32.exe --> C:\Windows\system32\KBDFI32.exe [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 136176]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-25 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-25 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-28 355440]

.

=============== Created Last 30 ================

.

2011-07-26 16:57:30 388096 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-26 16:57:29 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-07-26 15:47:17 -------- d-----w- C:\Users\Brian\AppData\Local\ElevatedDiagnostics

2011-07-26 06:00:11 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes

2011-07-26 06:00:01 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-26 06:00:01 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-26 05:59:57 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-26 05:59:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-26 01:33:18 -------- d-----w- C:\Program Files (x86)\thinkTDA

2011-07-21 03:03:44 -------- d-----w- C:\Program Files\iPod

2011-07-21 03:03:43 -------- d-----w- C:\Program Files\iTunes

2011-07-21 03:03:43 -------- d-----w- C:\Program Files (x86)\iTunes

2011-07-21 03:02:18 -------- d-----w- C:\Program Files\Bonjour

2011-07-21 03:02:18 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-06-29 02:34:21 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-06-29 02:34:21 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-06-29 02:34:21 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-06-29 02:34:21 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-06-29 02:34:21 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

.

==================== Find3M ====================

.

2011-06-18 04:26:29 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-14 07:41:52 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-05-14 07:41:52 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-05-14 07:41:52 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-05-14 07:41:26 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-05-14 07:39:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-05-14 07:32:18 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-05-14 06:35:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-05-14 06:34:06 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-05-14 06:33:45 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-05-14 06:32:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-05-14 04:29:25 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-05-14 04:29:25 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll

2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

.

============= FINISH: 13:10:45.75 ===============

attach.zip

Share this post


Link to post
Share on other sites

Hello Brianr,

Sorry to hear you were hit with that trojan. As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

You can follow the directions below and someone will assist you with running scans on your system to see if they can detect and remove any infections.

First, try the directions within exile360's FAQ Here. Afterwards, Please print out, read and follow the Directions HERE, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thank you very much.

Share this post


Link to post
Share on other sites

You could also check the Malwarebytes Facebook Page. An ingenious soul fixed it himself, and I believe there is a link in that post for manual removal, provided you can follow directions. The post name mentions TRACUR.Y Virus, and by now, should be a couple of pages into the older posts.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.