Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Guard 2012/Win32.Tracur.F cant open MBAM


  • This topic is locked This topic is locked

#31
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Attached File  MBR.zip   577bytes   199 downloads
  • 0

Advertisements


#32
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please run these scans:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#33
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the MBAM log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2011 2:01:23 PM
mbam-log-2011-10-20 (14-01-23).txt

Scan type: Quick scan
Objects scanned: 287206
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\hector nova\start menu\Programs\security guard 2012 (Rogue.SecurityGuard2012) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\hector nova\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\test (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\hector nova\application data\ylobtzp0ysidogasecurity guard 2012.ico (Rogue.SecurityGuard2012) -> Quarantined and deleted successfully.
c:\documents and settings\hector nova\Desktop\security guard 2012.lnk (Rogue.SecurityGuard2012) -> Quarantined and deleted successfully.
c:\documents and settings\hector nova\start menu\Programs\security guard 2012\security guard 2012.lnk (Rogue.SecurityGuard2012) -> Quarantined and deleted successfully.
c:\documents and settings\christopher nova\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#34
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Please post the ESET Online Virus Scanner log when you get a chance.
  • 0

#35
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey sorry about that, I had to leave early yesterday and I may have to leave early today before the ESET scanner finishes running. If I dont post the results in the next 30 minutes then I will have them for you early monday morning.
  • 0

#36
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the ESET Scan Results though it stopped at the 3 out of 4 process but it said scan time 1 hour 6 minutes so I think it was done.




C:\Qoobox\Quarantine\C\Documents and Settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{8bdb928b-a0b9-4254-9c40-f6da5aebae66}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{fe91e39d-3b17-4796-bc52-8eb8ac80b443}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{8bdb928b-a0b9-4254-9c40-f6da5aebae66}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{fe91e39d-3b17-4796-bc52-8eb8ac80b443}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{8bdb928b-a0b9-4254-9c40-f6da5aebae66}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{fe91e39d-3b17-4796-bc52-8eb8ac80b443}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{8bdb928b-a0b9-4254-9c40-f6da5aebae66}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{fe91e39d-3b17-4796-bc52-8eb8ac80b443}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{8bdb928b-a0b9-4254-9c40-f6da5aebae66}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{fe91e39d-3b17-4796-bc52-8eb8ac80b443}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0016830.exe a variant of Win32/Kryptik.TOL trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0016846.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0016847.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\A0016848.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0016884.exe a variant of Win32/Kryptik.TOL trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0016900.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0016901.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0016902.dll a variant of Win32/Kryptik.TXQ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0017948.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0017963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0018963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0019963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0020963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021991.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021992.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021993.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021994.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0021995.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022990.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022991.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022992.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022993.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0022994.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023979.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023980.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023981.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023982.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0023983.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0024963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025980.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025981.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025982.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025983.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0025984.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026980.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026981.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026982.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026983.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0026984.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0027963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0027998.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0027999.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028000.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028001.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028002.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028978.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028979.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028980.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028981.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0028982.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029980.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029981.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029982.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029983.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0029984.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030970.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030986.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030987.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030988.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030989.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0030990.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0031970.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0031976.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0031983.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032003.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032020.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032021.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032022.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032023.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0032024.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033003.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033036.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033037.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033038.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033039.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP64\A0033040.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0033058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0034058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0035058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0036058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0037058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0038058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0039058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0040058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0041058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0042058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0043058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044058.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044146.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044147.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044148.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044165.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0044166.sys Win32/Sirefef.DA trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll a variant of Win32/Kryptik.TXQ trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar JS/Agent.NDJ trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll a variant of Win32/Kryptik.TXQ trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll a variant of Win32/Kryptik.TXQ trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll a variant of Win32/Kryptik.TXQ trojan
C:\_OTL\MovedFiles\10112011_100425\C_Documents and Settings\Christopher Nova\Local Settings\Application Data\Apple\AppleUpdate\Appleupdt32.dll a variant of Win32/Kryptik.TXQ trojan
C:\_OTL\MovedFiles\10112011_100425\C_WINDOWS\system32\GdEEK88gRZ9YXkU.exe a variant of Win32/Kryptik.TOL trojan
  • 0

#37
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Hey sorry about that, I had to leave early yesterday and I may have to leave early today before the ESET scanner finishes running. If I dont post the results in the next 30 minutes then I will have them for you early monday morning.

Okay, thanks for letting me know that. I appreciate it.

I want you to delete the current copy of ComboFix from your computer, and download a fresh copy from one of the links provided below.

You don't happen to have your Windows XP disc do you?

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#38
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sorry been sick the past couple of days, I will have that combofix log for you tomorrow.
  • 0

#39
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No worries! I hope you feel better soon!
  • 0

#40
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, I do have my XP disc and here is the combofix log sorry for the delay.





ComboFix 11-10-27.05 - Christopher Nova 10/27/2011 11:10:08.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.491 [GMT -4:00]
Running from: c:\documents and settings\Christopher Nova\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-11 18:16 . 2011-10-11 18:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-10-11 17:46 . 2011-10-11 17:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-10-07 19:08 . 2011-10-07 19:09 -------- d-----w- c:\documents and settings\Administrator
2011-10-04 16:05 . 2011-10-04 16:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:23 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5a45.tmp
2011-10-11 17:22 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5880.tmp
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 16:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 16:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 16:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 16:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2009-09-23 19:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 16:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-18_16.35.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 14:29 . 2011-10-27 14:29 16384 c:\windows\temp\Perflib_Perfdata_770.dat
+ 2011-10-24 14:12 . 2011-10-24 14:12 45056 c:\windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\ARPPRODUCTICON.exe
+ 2011-10-24 14:12 . 2011-10-24 14:12 361984 c:\windows\Installer\70fa5.msi
+ 2011-10-24 14:12 . 2011-10-24 14:12 953344 c:\windows\Installer\70fa0.msi
+ 2011-10-24 14:12 . 2011-10-24 14:12 102400 c:\windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2011-10-24 14:12 . 2011-10-24 14:12 2348544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{83B34002-FCA8-4E3A-94E9-48B0A0D9C418}\HP Update.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-20 4615552]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-1-19 921707]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-30 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 18:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-05-09 16:16 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ----a-w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 13:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgalry.exe"=
"c:\\Documents and Settings\\Christopher Nova\\Desktop\\nes\\VirtuaNES.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/13/2009 8:48 AM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2011 8:49 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 8:35 AM 116608]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/19/2010 2:27 PM 61529]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/5/2007 11:30 AM 9344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S1 MpKsl348a0138;MpKsl348a0138;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys [?]
S1 MpKsl4a861a9e;MpKsl4a861a9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys [?]
S1 MpKsl587ae904;MpKsl587ae904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys [?]
S1 MpKsl7cd5c4b0;MpKsl7cd5c4b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys [?]
S1 MpKsl8c05965a;MpKsl8c05965a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys [?]
S1 MpKsl995b3c26;MpKsl995b3c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys [?]
S1 MpKsl9a7cda48;MpKsl9a7cda48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys [?]
S1 MpKsla0e20273;MpKsla0e20273;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys [?]
S1 MpKslb4638dd0;MpKslb4638dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys [?]
S1 MpKslf837ab25;MpKslf837ab25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
FF - ProfilePath - c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Christopher Nova\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 11:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\WININET.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-27 11:21:13
ComboFix-quarantined-files.txt 2011-10-27 15:21
ComboFix2.txt 2011-10-18 16:42
ComboFix3.txt 2011-10-12 15:04
ComboFix4.txt 2011-10-11 20:02
ComboFix5.txt 2011-10-27 15:07
.
Pre-Run: 79,281,618,944 bytes free
Post-Run: 79,402,950,656 bytes free
.
- - End Of File - - 287E16459DDDFEE10B43E91A9585FFF4
  • 0

Advertisements


#41
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: c:\windows\Installer\70fa5.msi
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

c:\windows\Installer\70fa0.msi

Please post the results in your next reply


NEXT:




OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    c:\windows\DUMP5a45.tmp
    c:\windows\DUMP5880.tmp
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


What issues are you currently experiencing with your computer?
  • 0

#42
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, there was a problem with the totalvirus scan, when the scan was done and I tried to compact the results a pop up would come up saying "not found" this happened on both files multiple times. However on the results screen it did say 0/40 something on both of them, so I don't know if that helps. The computer seems to be running fine now, I re downloaded MSE and it works. Here is the OTL log





All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\DUMP5a45.tmp moved successfully.
c:\windows\DUMP5880.tmp moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Christopher Nova\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Albania
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Brian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Christine Martinez
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Christopher Nova
->Temp folder emptied: 5637661 bytes
->Temporary Internet Files folder emptied: 62726082 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1432 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Esther Nova
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hector Nova

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2867334 bytes
->Java cache emptied: 28 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 10366 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14195 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116408 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Albania
->Flash cache emptied: 0 bytes

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Christine Martinez
->Flash cache emptied: 0 bytes

User: Christopher Nova
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Esther Nova
->Flash cache emptied: 0 bytes

User: Hector Nova

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 10282011_114607

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\fla3F.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\fla40.tmp not found!
C:\Documents and Settings\Christopher Nova\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFDDCD.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFDDFA.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFDEBC.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFDEDB.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFE00B.tmp not found!
File\Folder C:\Documents and Settings\Christopher Nova\Local Settings\Temp\~DFE019.tmp not found!
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\Y34RRAL4\gnads[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\OUTY4T3L\login_status[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\OUTY4T3L\wrestlezone_com[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\EG5EJIOW\gnads[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\AXEDOCC0\likebox[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\AXEDOCC0\page__st__30[1].htm moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Temporary Internet Files\Content.IE5\30EAZW0I\fastbutton[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...
  • 0

#43
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for that information regarding those files that you submitted to VirusTotal.

What outstanding issues (if any) are you experiencing with your computer?
  • 0

#44
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
There seems to be no issues at all now. Thank you so much for the help!
  • 0

#45
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP