Have Virus I believe is a backdoor

I think I just got this virus today downloaded a file thought it was legit and it looks like it was not. Ran malware bytes and found 2 registry keys which I deleted, but it keeps coming back… really need any help to get rid of this. These are the two file names I found HKCU\SOFTWARE\CYBER (Backdoor.Trace), and HKCU\Software\Cyber|FirstExecution (Backdoor.Trace)

Thanks in advance.

Files are attached

you are using a very old and not updated version of malwarebytes
version 1.60 have been out for months.
always click the update button before you start a scan

update program, update signatures and then scan again

Essexboy is notified and will check your logs when he arrive

Not a great deal evident there, I see you are using Kaspersky. So on completion of this I would like you to do an analysis run for me. Upload the resultant zip file to mediafire and post the sharing link here

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Follow the directions on this page to create the analysis log

http://support.kaspersky.com/kis2011/error?qid=208282257

http://www.mediafire.com/?42lqa475scaqj2v

Thanks alot for your help I will await your response

[*]Re-run Kaspersky as before
[*]Select Execute AVZ script
[*]Where it states Insert text script in the following box copy the below script and press Run script
[*]Copy from Begin until End

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpscript.gif

[*]Then run script

begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\Windows\system32\user.exe','');
 DeleteFile('C:\Windows\system32\user.exe');
 BC_DeleteFile('C:\Windows\system32\user.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

[]Your system will reboot on completion, if it does not please do so yourself
[
]On completion please run another analysis scan and attach the zip file

Done here is new upload

http://www.mediafire.com/?4wx28wgao5i4p1d

OK there it is gone… How is the computer behaving at the moment ?

good… I did a scan with malware bytes and it looks clean going to run a full scan again just to make sure but I believe its gone…

Thanks so Much

Let me know when you are happy and I will remove my tools

I just had one question about my Otl Log, I don’t recognize these sites should I worry about getting rid of these?

O1 HOSTS File: ([2012/01/23 13:13:25 | 000,436,154 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15009 more lines…

O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com

The 127.0.0.1 is a loopback to your computer, it is part of spybots immunisation feature… However if you have IE9 it is a redundant feature

But is not a concern

ah ok… It looks like everything is working fine other than the problems I had with WMP but I got it working now…

I really appreciate your help in resolving this issue.

Run OTL and hit the cleanup button to remove it ;D