Win32:Trogan-Gen

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***********************************************

Just tryed to verify Java again and it reports it as,No working Java was detected on your system.
Install Java by clicking the button below.

Sometimes the old versions can be difficult to uninstall. I would suggest you try to remove all version of Java and then download the newest version. If you can't uninstall them, use UnLocker below.

You can download and install Unlocker .

***************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*****************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 09:40:37
-----------------------------
09:40:37.379 OS Version: Windows x64 6.1.7601 Service Pack 1
09:40:37.379 Number of processors: 2 586 0x170A
09:40:37.379 ComputerName: SEAN-LAPTOP UserName: Sean
09:40:38.330 Initialize success
09:40:41.981 AVAST engine defs: 12081701
09:40:42.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:40:42.901 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
09:40:42.948 Disk 0 MBR read successfully
09:40:42.948 Disk 0 MBR scan
09:40:42.948 Disk 0 Windows 7 default MBR code
09:40:42.964 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
09:40:42.979 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
09:40:42.995 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
09:40:43.042 Disk 0 scanning C:\Windows\system32\drivers
09:40:57.191 Service scanning
09:41:40.715 Modules scanning
09:41:40.731 Disk 0 trace - called modules:
09:41:40.746 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:41:40.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a0060]
09:41:40.762 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046f4050]
09:41:41.729 AVAST engine scan C:\Windows
09:41:44.833 AVAST engine scan C:\Windows\system32
09:44:10.288 AVAST engine scan C:\Windows\system32\drivers
09:44:21.442 AVAST engine scan C:\Users\Sean
09:47:01.514 AVAST engine scan C:\ProgramData
09:48:55.394 Scan finished successfully
09:50:18.839 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
09:50:18.854 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"
09:50:35.819 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
09:50:35.835 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"

BUMP

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:46 Go )
D:\ [Fixed-NTFS] .. ( Total:232 Go - Free:224 Go )
E:\ [CD_Rom]
Q:\ [Fixed-UDF] .. ( Total:0 Go - Free:0 Go )
.
Scan : 08:05.31
Path : C:\Users\Sean\Desktop\Rooter.exe
User : Sean ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (352)
______ ?????????? (476)
______ ?????????? (528)
______ ?????????? (540)
______ ?????????? (576)
______ ?????????? (628)
______ ?????????? (640)
______ ?????????? (648)
______ ?????????? (772)
______ ?????????? (868)
______ ?????????? (964)
______ ?????????? (996)
______ ?????????? (108)
______ ?????????? (112)
______ ?????????? (1092)
______ C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1280)
______ ?????????? (1384)
______ ?????????? (1416)
______ ?????????? (1588)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1676)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1700)
______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1732)
______ ?????????? (1776)
______ C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (1816)
______ c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (1860)
______ ?????????? (1952)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2128)
______ ?????????? (2252)
______ ?????????? (2284)
______ ?????????? (2500)
______ ?????????? (2544)
______ ?????????? (2592)
______ ?????????? (2648)
______ ?????????? (2780)
______ ?????????? (2820)
______ ?????????? (2996)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3076)
______ ?????????? (3336)
______ ?????????? (3368)
______ ?????????? (3388)
______ ?????????? (3396)
______ ?????????? (3404)
______ ?????????? (3412)
______ ?????????? (3520)
______ ?????????? (3580)
______ ?????????? (3596)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3636)
______ ?????????? (3680)
______ ?????????? (3724)
______ ?????????? (4044)
______ ?????????? (4056)
______ ?????????? (3252)
______ ?????????? (3288)
______ C:\Program Files (x86)\Steam\Steam.exe (3284)
______ ?????????? (2840)
______ ?????????? (4028)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (2984)
______ ?????????? (4156)
______ ?????????? (4184)
______ C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (4320)
______ C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (4380)
______ ?????????? (4408)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4472)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (4540)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (4568)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (4740)
______ ?????????? (4844)
______ C:\Program Files (x86)\Common Files\Steam\SteamService.exe (4768)
______ ?????????? (3672)
______ ?????????? (4832)
______ ?????????? (1916)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (4340)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2208)
______ ?????????? (4992)
______ ?????????? (172)
Locked audiodg.??0 (5500)
______ ?????????? (3052)
______ ?????????? (2408)
______ ?????????? (4988)
______ ?????????? (5856)
______ ?????????? (5868)
______ ?????????? (6100)
______ C:\Users\Sean\Desktop\Rooter.exe (6092)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:419430400)
\Device\Harddisk0\Partition2 (Start_Offset:420478976 | Length:250053918720)
\Device\Harddisk0\Partition3 (Start_Offset:250474397696 | Length:249633439744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 97e5e08e-f3d3-4d7d-9d68-1312cabb0360.job
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task afc0b455-a93b-46c1-9d96-24f579c4f34a.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:05.33
.
C:\Rooter$\Rooter_2.txt - (21/08/2012 | 08:05.33)

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Laptop seems to be working fine, but we hav'nt really been using while this was going on.

ESET Scan found 1 infection listed below

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined

Ok. Let's do some cleanup. If anything comes up later, please let me know.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

******************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Thanks Superdave,
there is an issue with windows updating, it wont install the latest essential updates (Keeps failing) everything else went ok, laptop seems to be running fine all except this windows updating, i followed the windows help for the error code it listed (80246008) followed the promts and links.


To change or restart the Background Intelligent Transfer Service (BITS)
Click to open Administrative Tools.
(i clicked this link and it takes me to a page that doesnt make any sense for following the next part) (so this is as far as i got with the windows update help funnction)
Double-click Services. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Right-click the Background Intelligent Transfer Service (BITS) service, and then click Properties.

On the General tab, next to Startup type, make sure that Automatic (Delayed Start) is selected.

Next to Service status, check to see if the service is started. If it's not, click Start.

To change or restart the Windows Event Log service
Click to open Administrative Tools.

Double-click Services. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Right-click the Windows Event Log service, and then click Properties.

On the General tab, next to Startup type, make sure that Automatic is selected.

Next to Service status, check to see if the service is started. If it's not, click Start.

Tried Action Centre, tried various windows help files and support forums, tried to check for corrupted files using sfc/scannow from the command prompt.
all help is pointing towards this service (Background Intelligent Transfer Service (BITS) service) but its missing from my system.msc list.

thanks very much Superdave for all your help with this Trojan and the advice given, ive looked through those links and i just dont have the time at the moment to go through them, i will be away from tomorrow on vacation but will start again on this as soon as i get back. im assuming it will be ok to post in this thread once i return to add in some feedback of where i am with the Laptop.
Best regards.

pfensome@virginmedia.com wrote:

thanks very much Superdave for all your help with this Trojan and the advice given, ive looked through those links and i just dont have the time at the moment to go through them, i will be away from tomorrow on vacation but will start again on this as soon as i get back. im assuming it will be ok to post in this thread once i return to add in some feedback of where i am with the Laptop.
Best regards.

Yes, please keep me posted. Bonne vacation!

Hi Superdave,
went thro those links and even reset the update history and windows components and its still not updating, same error. BITS services is still not listed in services.msc.