Jump to content

Trojan.Trascur.SGen/Pup/ Trojan downloader, etc


Recommended Posts

Hi Can you guys please help me, My computer is extremely slow and infected, and I was wondering if you guys can please help me remove these dreadful viruses

 

Here is the log for Malwarebytes scanned. Approximately 250 threats found! =(

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.30.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Haidery :: HAIDERY-PC [administrator]

Protection: Enabled

9/30/2013 9:08:20 PM
mbam-log-2013-09-30 (21-08-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195723
Time elapsed: 13 minute(s), 16 second(s)

Memory Processes Detected: 3
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1500 -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 1564 -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 2624 -> Delete on reboot.

Memory Modules Detected: 1
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot.

Registry Keys Detected: 39
HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{01F2D720-ECFC-47BF-8302-14D4AE13419b} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Delete on reboot.
HKLM\SOFTWARE\FunWebProducts\Installer (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {6A1806CD-94D4-4689-BA73-E35EA1EA9990} -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Data: C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.PerformerSoft.A) -> Bad: (c:\progra~2\bitguard\261673~1.238\{eab34~1\bitguard.dll) Good: () -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN38106534801900495&UM=2&ctid=CT3300237) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 15
C:\Program Files\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Users\Haidery\AppData\Local\Temp\ct3287307 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

Files Detected: 189
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Windows\System32\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\ProgramData\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
C:\ProgramData\AF71E23D9BC987D2A5B7293E05E2D9C5\b\binm1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\7213.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\7473.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\751F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\8381.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\E86C.tmp (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsf942C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsiFC24.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsnA480.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsx181.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\8E35.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\A12F.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsc4EC3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\FlashPlayer_V.115078011c.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\gimp_31.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall (1).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall (2).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (5).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (7).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG (1).exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG (2).exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\TVSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\VeohWebPlayerSetup_us.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\WhiteSmokeInstaller_9147.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\JewelQuest3SDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\MahjonggMysteriesSDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280 (1).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280 (2).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_1193.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (6).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (7).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Babylon8_setup.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Quarantined and deleted successfully.
C:\Windows\apisetschemawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\chkwudrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\inetcommwow.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\KBDARMWwow.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\KBDHU1wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\QSVRMGMTwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\slwgawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\termsrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\WsmReswow.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\WWanHCwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\wwansvcwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\msvidc32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\odfox32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\dxppswow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i0.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i1.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i10.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i11.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i12.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i13.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i14.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i15.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i2.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i3.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i4.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i5.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i6.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i7.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i8.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i9.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt0.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt0.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt1.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt1.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt10.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt10.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt11.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt11.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt12.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt12.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt13.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt13.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt14.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt14.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt15.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt15.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt2.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt2.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt3.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt3.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt4.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt4.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt5.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt5.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt6.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt6.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt7.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt7.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt8.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt8.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt9.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt9.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bl (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\dm (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\CT3300237.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

(end)
 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.