WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Win32:Trogan-Gen

2 posters

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen16th August 2012, 9:40 am

more_horiz
Malwarebytes Anti-Malware is now scanning will paste results when its complete.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sean :: SEAN-LAPTOP [administrator]

Protection: Enabled

16/08/2012 10:37:46
mbam-log-2012-08-16 (10-37-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391750
Time elapsed: 1 hour(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The 2 main infections that Avast is still reporting are the Win32:Malware-gen & Win32:Trojan-gen. it seems to put the infections into chest and then a new version gets reported.

Last edited by pfensome@virginmedia.com on 16th August 2012, 11:00 am; edited 1 time in total (Reason for editing : Updated information)

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen17th August 2012, 12:13 am

more_horiz
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Win32:Trogan-Gen - Page 1 NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Win32:Trogan-Gen - Page 1 NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Win32:Trogan-Gen - Page 1 RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Win32:Trogan-Gen - Page 1 Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen17th August 2012, 6:59 am

more_horiz
Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Eusing Free Registry Cleaner
Java(TM) 6 Update 34
Java 7 Update 6
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 afwServ.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen17th August 2012, 1:27 pm

more_horiz
ComboFix 12-08-17.01 - Sean 17/08/2012 14:03:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3933.2653 [GMT 1:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sean\AppData\Local\Minibar
c:\users\Sean\AppData\Local\Minibar\chrome\background.html
c:\users\Sean\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Sean\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Sean\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Sean\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Sean\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Sean\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Sean\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Sean\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Sean\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Sean\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Sean\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Sean\AppData\Local\Minibar\chrome\main.js
c:\users\Sean\AppData\Local\Minibar\chrome\manifest.json
c:\users\Sean\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Sean\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Sean\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Sean\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Sean\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Sean\AppData\Local\Minibar\chrome\popup.html
c:\users\Sean\AppData\Local\Minibar\chrome\popup.js
c:\users\Sean\AppData\Local\Minibar\chrome\tab.html
c:\users\Sean\AppData\Local\Minibar\chrome\tab.js
c:\users\Sean\AppData\Local\Minibar\chrome_installer.js
c:\users\Sean\AppData\Local\Minibar\common.js
c:\users\Sean\AppData\Local\Minibar\install.json
c:\users\Sean\AppData\Local\Minibar\minibar.crx
c:\users\Sean\AppData\Local\Minibar\sqlite3.exe
c:\users\Sean\AppData\Local\Minibar\Uninstall.exe
c:\windows\Installer\{cda97497-7a1d-0ba3-745e-4ac60da609b7}\@
c:\windows\Installer\{cda97497-7a1d-0ba3-745e-4ac60da609b7}\U\80000000.@
c:\windows\Installer\{cda97497-7a1d-0ba3-745e-4ac60da609b7}\U\800000cb.@
D:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 13:11 . 2012-08-17 13:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-17 13:11 . 2012-08-17 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 13:11 . 2012-08-17 13:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-16 09:35 . 2012-08-16 09:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 09:32 . 2012-08-16 09:32 -------- d-----w- C:\_OTL
2012-08-16 07:41 . 2012-08-16 07:41 -------- d-----w- c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com
2012-08-16 07:41 . 2012-08-16 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-16 07:41 . 2012-08-16 07:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-16 07:26 . 2012-08-16 07:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-16 07:24 . 2012-08-16 07:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-16 07:24 . 2012-08-16 07:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-12 10:17 . 2012-08-12 10:17 -------- d-----w- c:\users\Sean\AppData\Roaming\SpeedyPC Software
2012-08-12 10:17 . 2012-08-12 10:17 -------- d-----w- c:\users\Sean\AppData\Roaming\DriverCure
2012-08-12 10:16 . 2012-08-12 10:37 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-11 15:59 . 2012-08-11 16:26 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-08-11 15:50 . 2012-08-11 16:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-11 15:50 . 2012-08-11 15:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-11 15:48 . 2012-08-11 15:48 -------- d-----w- c:\users\Sean\AppData\Local\AVG Secure Search
2012-08-11 15:48 . 2012-08-11 15:48 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-11 15:48 . 2012-08-11 15:48 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-11 15:48 . 2012-08-11 15:48 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-11 15:48 . 2012-08-11 15:48 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-11 15:48 . 2012-08-11 15:48 -------- d--h--w- c:\programdata\Common Files
2012-08-11 15:41 . 2012-08-11 15:41 -------- d-----w- c:\program files\Enigma Software Group
2012-08-11 15:41 . 2012-08-12 10:06 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-11 02:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-11 02:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-11 02:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-11 01:59 . 2012-08-11 01:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-11 01:56 . 2012-08-11 04:38 -------- d-----w- c:\programdata\0C1CFB130009915F59DB45F4F875F002
2012-08-11 00:55 . 2012-08-11 04:38 -------- d-----w- c:\users\Sean\AppData\Roaming\Amse
2012-08-11 00:55 . 2012-08-11 00:57 -------- d-----w- c:\users\Sean\AppData\Roaming\Qyun
2012-08-10 10:25 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BFACE73-3A7F-4A67-9538-5C8D12CF7A4F}\mpengine.dll
2012-07-23 08:56 . 2012-07-23 08:56 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:24 . 2011-12-05 15:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 15:53 . 2012-04-05 12:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 15:53 . 2011-05-13 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:33 . 2010-12-26 14:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-02-27 22:48 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-07-16 21:32 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-01-19 08:52 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-01-19 08:52 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-01-19 08:52 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-01-19 08:52 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-01-19 08:51 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-01-19 08:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-19 08:52 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 12:46 . 2011-05-13 11:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-12 05:37 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 14:54 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 14:54 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 14:54 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 14:53 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 14:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 14:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 14:53 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 10:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 10:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 10:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 10:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 10:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 10:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 10:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 10:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 10:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 05:32 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 05:32 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 05:32 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 05:32 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 05:32 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 05:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 05:32 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 05:32 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 05:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 05:32 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 05:32 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 05:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 05:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 05:32 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 05:32 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 05:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 05:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 05:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 05:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 14:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 14:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 14:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 14:54 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 14:54 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 14:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 14:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 14:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 14:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 11:25 . 2011-01-19 17:07 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 dump_wmimmc;dump_wmimmc;c:\gamepotusa\Mir2\GameGuard\dump_wmimmc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-01-13 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-11 31080]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-07-03 133912]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-11 927840]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-11-13 20592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:53]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 23:51]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 23:51]
.
2012-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 97e5e08e-f3d3-4d7d-9d68-1312cabb0360.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task afc0b455-a93b-46c1-9d96-24f579c4f34a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-07 410648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{19267592-4456-4CF0-AB2D-4A2C11FF3BF8}
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\1ClickDownload\uninst.exe
AddRemove-Pivot Stickfigure DB Toolbar - c:\program files (x86)\Pivot Stickfigure DB Toolbar\UninstallToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2189461065-1071761827-418319465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2189461065-1071761827-418319465-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-08-17 14:19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 13:19
.
Pre-Run: 51,591,856,128 bytes free
Post-Run: 51,183,480,832 bytes free
.
- - End Of File - - 6A23B4ABD407A501A26DDF97241EEB78

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen17th August 2012, 1:34 pm

more_horiz
Had to run combofix even though it reported avast as still running, i disabled all from the PChelper forum but it seemed outdated to my version of Avast.
the other tool which i ran at the start reported Java as still not upto date when i had already previously updated and verifyied it, the only problem i had with Java when following the previous instructions was that it reported that it could'nt uninstall the previous version due to not having admin rights when this user has?
other than those issue's, combo fix has deleted the files that were causing the repetition on Avast alerts.

Just tryed to verify Java again and it reports it as,No working Java was detected on your system.
Install Java by clicking the button below.
i will refrain from doing that until i recieve a reply back from you Superdave.

Last edited by pfensome@virginmedia.com on 17th August 2012, 1:39 pm; edited 1 time in total (Reason for editing : updated info regarding Java.)

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen18th August 2012, 12:24 am

more_horiz
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***********************************************
Just tryed to verify Java again and it reports it as,No working Java was detected on your system.
Install Java by clicking the button below.

Sometimes the old versions can be difficult to uninstall. I would suggest you try to remove all version of Java and then download the newest version. If you can't uninstall them, use UnLocker below.

You can download and install Unlocker .

***************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*****************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Win32:Trogan-Gen - Page 1 AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Win32:Trogan-Gen - Page 1 AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen18th August 2012, 8:50 am

more_horiz
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 09:40:37
-----------------------------
09:40:37.379 OS Version: Windows x64 6.1.7601 Service Pack 1
09:40:37.379 Number of processors: 2 586 0x170A
09:40:37.379 ComputerName: SEAN-LAPTOP UserName: Sean
09:40:38.330 Initialize success
09:40:41.981 AVAST engine defs: 12081701
09:40:42.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:40:42.901 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
09:40:42.948 Disk 0 MBR read successfully
09:40:42.948 Disk 0 MBR scan
09:40:42.948 Disk 0 Windows 7 default MBR code
09:40:42.964 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
09:40:42.979 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
09:40:42.995 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
09:40:43.042 Disk 0 scanning C:\Windows\system32\drivers
09:40:57.191 Service scanning
09:41:40.715 Modules scanning
09:41:40.731 Disk 0 trace - called modules:
09:41:40.746 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:41:40.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a0060]
09:41:40.762 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046f4050]
09:41:41.729 AVAST engine scan C:\Windows
09:41:44.833 AVAST engine scan C:\Windows\system32
09:44:10.288 AVAST engine scan C:\Windows\system32\drivers
09:44:21.442 AVAST engine scan C:\Users\Sean
09:47:01.514 AVAST engine scan C:\ProgramData
09:48:55.394 Scan finished successfully
09:50:18.839 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
09:50:18.854 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"
09:50:35.819 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
09:50:35.835 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"


descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen20th August 2012, 7:11 am

more_horiz
BUMP

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen21st August 2012, 1:18 am

more_horiz
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen21st August 2012, 7:04 am

more_horiz
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:46 Go )
D:\ [Fixed-NTFS] .. ( Total:232 Go - Free:224 Go )
E:\ [CD_Rom]
Q:\ [Fixed-UDF] .. ( Total:0 Go - Free:0 Go )
.
Scan : 08:05.31
Path : C:\Users\Sean\Desktop\Rooter.exe
User : Sean ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (352)
______ ?????????? (476)
______ ?????????? (528)
______ ?????????? (540)
______ ?????????? (576)
______ ?????????? (628)
______ ?????????? (640)
______ ?????????? (648)
______ ?????????? (772)
______ ?????????? (868)
______ ?????????? (964)
______ ?????????? (996)
______ ?????????? (108)
______ ?????????? (112)
______ ?????????? (1092)
______ C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1280)
______ ?????????? (1384)
______ ?????????? (1416)
______ ?????????? (1588)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1676)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1700)
______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1732)
______ ?????????? (1776)
______ C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (1816)
______ c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (1860)
______ ?????????? (1952)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2128)
______ ?????????? (2252)
______ ?????????? (2284)
______ ?????????? (2500)
______ ?????????? (2544)
______ ?????????? (2592)
______ ?????????? (2648)
______ ?????????? (2780)
______ ?????????? (2820)
______ ?????????? (2996)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3076)
______ ?????????? (3336)
______ ?????????? (3368)
______ ?????????? (3388)
______ ?????????? (3396)
______ ?????????? (3404)
______ ?????????? (3412)
______ ?????????? (3520)
______ ?????????? (3580)
______ ?????????? (3596)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3636)
______ ?????????? (3680)
______ ?????????? (3724)
______ ?????????? (4044)
______ ?????????? (4056)
______ ?????????? (3252)
______ ?????????? (3288)
______ C:\Program Files (x86)\Steam\Steam.exe (3284)
______ ?????????? (2840)
______ ?????????? (4028)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (2984)
______ ?????????? (4156)
______ ?????????? (4184)
______ C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (4320)
______ C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (4380)
______ ?????????? (4408)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4472)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (4540)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (4568)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (4740)
______ ?????????? (4844)
______ C:\Program Files (x86)\Common Files\Steam\SteamService.exe (4768)
______ ?????????? (3672)
______ ?????????? (4832)
______ ?????????? (1916)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (4340)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2208)
______ ?????????? (4992)
______ ?????????? (172)
Locked audiodg.??0 (5500)
______ ?????????? (3052)
______ ?????????? (2408)
______ ?????????? (4988)
______ ?????????? (5856)
______ ?????????? (5868)
______ ?????????? (6100)
______ C:\Users\Sean\Desktop\Rooter.exe (6092)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:419430400)
\Device\Harddisk0\Partition2 (Start_Offset:420478976 | Length:250053918720)
\Device\Harddisk0\Partition3 (Start_Offset:250474397696 | Length:249633439744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 97e5e08e-f3d3-4d7d-9d68-1312cabb0360.job
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task afc0b455-a93b-46c1-9d96-24f579c4f34a.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:05.33
.
C:\Rooter$\Rooter_2.txt - (21/08/2012 | 08:05.33)

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen21st August 2012, 10:32 pm

more_horiz
How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Win32:Trogan-Gen - Page 1 EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Win32:Trogan-Gen - Page 1 EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Win32:Trogan-Gen - Page 1 EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Win32:Trogan-Gen - Page 1 EsetAcceptTerms
•Click the Win32:Trogan-Gen - Page 1 EsetStart button.
•Accept any security warnings from your browser.
•Check Win32:Trogan-Gen - Page 1 EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Win32:Trogan-Gen - Page 1 EsetListThreats
•Push Win32:Trogan-Gen - Page 1 EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Win32:Trogan-Gen - Page 1 EsetBack button.
•Push Win32:Trogan-Gen - Page 1 EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen22nd August 2012, 12:15 am

more_horiz
Laptop seems to be working fine, but we hav'nt really been using while this was going on.

ESET Scan found 1 infection listed below

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen22nd August 2012, 12:31 am

more_horiz
Ok. Let's do some cleanup. If anything comes up later, please let me know.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


Win32:Trogan-Gen - Page 1 Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

******************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen22nd August 2012, 4:40 pm

more_horiz
Thanks Superdave,
there is an issue with windows updating, it wont install the latest essential updates (Keeps failing) everything else went ok, laptop seems to be running fine all except this windows updating, i followed the windows help for the error code it listed (80246008) followed the promts and links.


To change or restart the Background Intelligent Transfer Service (BITS)
Click to open Administrative Tools.
(i clicked this link and it takes me to a page that doesnt make any sense for following the next part) (so this is as far as i got with the windows update help funnction)
Double-click Services. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Right-click the Background Intelligent Transfer Service (BITS) service, and then click Properties.

On the General tab, next to Startup type, make sure that Automatic (Delayed Start) is selected.

Next to Service status, check to see if the service is started. If it's not, click Start.

To change or restart the Windows Event Log service
Click to open Administrative Tools.

Double-click Services. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Right-click the Windows Event Log service, and then click Properties.

On the General tab, next to Startup type, make sure that Automatic is selected.

Next to Service status, check to see if the service is started. If it's not, click Start.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen22nd August 2012, 6:50 pm

more_horiz
Windows 7 has a program called Action Center which is supposed to repair such things as update problems. Please give it a try.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen23rd August 2012, 2:10 pm

more_horiz
Tried Action Centre, tried various windows help files and support forums, tried to check for corrupted files using sfc/scannow from the command prompt.
all help is pointing towards this service (Background Intelligent Transfer Service (BITS) service) but its missing from my system.msc list.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen23rd August 2012, 7:22 pm

more_horiz
I did some searching and found a bunch of links here. One of them might help.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen23rd August 2012, 10:04 pm

more_horiz
thanks very much Superdave for all your help with this Trojan and the advice given, ive looked through those links and i just dont have the time at the moment to go through them, i will be away from tomorrow on vacation but will start again on this as soon as i get back. im assuming it will be ok to post in this thread once i return to add in some feedback of where i am with the Laptop.
Best regards.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen23rd August 2012, 10:11 pm

more_horiz
pfensome@virginmedia.com wrote:
thanks very much Superdave for all your help with this Trojan and the advice given, ive looked through those links and i just dont have the time at the moment to go through them, i will be away from tomorrow on vacation but will start again on this as soon as i get back. im assuming it will be ok to post in this thread once i return to add in some feedback of where i am with the Laptop.
Best regards.

Yes, please keep me posted. Bonne vacation!

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen10th September 2012, 9:52 am

more_horiz
Hi Superdave,
went thro those links and even reset the update history and windows components and its still not updating, same error. BITS services is still not listed in services.msc. Let me think

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen10th September 2012, 10:23 pm

more_horiz
Please try the information in this link. It's down at the bottom of the list.

descriptionWin32:Trogan-Gen - Page 1 EmptyRe: Win32:Trogan-Gen

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum