Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found trojan.agent gen dropper


  • This topic is locked This topic is locked
1 reply to this topic

#1 BuckJogSkiff

BuckJogSkiff

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 08 May 2017 - 02:11 AM

A while back, got some help from Bleeping Computer on Windows 7 sucking up too much physical memory with multiple Schvost.exe and iexplorer.exe. Some fixes were ran through, including Combo Fix. At the end, it was ruled that there was no malware at all, and it looked like the problem went away.


The problem of the multiple Schvost.exe and iexplorer.exe wound up steadily persisting until the CPU uses 0% memory and 45% physical memory at the same time. Opening up Internet Explorer windows  causes both memories to skyrocket, especially when there is a lot of graphics. Internet Explorer has to be closed and started up again until it hits too much memory usage again. Hit 100% earlier on the Bleeping Computer forums. Sometimes programs do not close fully, leaving behind ghost shells that have to be closed in Task Manager.


Running the free version of Malawarebytes and Adware Cleaner turned up nothing. However, SuperAntiSpyware quarantined a Trojan.agent gen dropper. Ran SuperAntiSpyware again, it did not show up. Before its time to have to fiddle with RogueKiller  on these forums, ran Minitoolbox and Security Check just in case.


Haven't been able to locate the original SuperAntiSpyware log that had the trojan, which is not good.

 

Adware Cleaner Log


# AdwCleaner v6.045 - Logfile created 07/05/2017 at 15:23:48

# Updated on 28/03/2017 by Malwarebytes

# Database : 2016-09-01.2 [Local]

# Operating System : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Bendlebender - BLUEBEAST

# Running from : C:\Users\Bendlebender\Downloads\AdwCleaner.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

 

***** [ Files ] *****

 

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Data restored: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Key deleted: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\undertale.en.softonic.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.dogpile.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\undertale.en.softonic.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.dogpile.com

 

 

***** [ Web browsers ] *****

 

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock2 - Deleted C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [5648 Bytes] - [01/07/2016 18:16:25]

C:\AdwCleaner\AdwCleaner[C2].txt - [5036 Bytes] - [07/05/2017 15:23:48]

C:\AdwCleaner\AdwCleaner[S10].txt - [6001 Bytes] - [07/05/2017 15:23:03]

C:\AdwCleaner\AdwCleaner[S1].txt - [5856 Bytes] - [01/07/2016 18:07:17]

C:\AdwCleaner\AdwCleaner[S2].txt - [953 Bytes] - [01/07/2016 19:53:48]

C:\AdwCleaner\AdwCleaner[S3].txt - [1026 Bytes] - [02/07/2016 04:59:24]

C:\AdwCleaner\AdwCleaner[S4].txt - [1099 Bytes] - [06/07/2016 02:02:56]

C:\AdwCleaner\AdwCleaner[S5].txt - [1173 Bytes] - [07/07/2016 01:56:07]

C:\AdwCleaner\AdwCleaner[S6].txt - [2490 Bytes] - [02/09/2016 01:55:27]

C:\AdwCleaner\AdwCleaner[S7].txt - [2563 Bytes] - [02/09/2016 01:57:47]

C:\AdwCleaner\AdwCleaner[S8].txt - [2735 Bytes] - [11/10/2016 00:47:32]

C:\AdwCleaner\AdwCleaner[S9].txt - [3729 Bytes] - [20/01/2017 04:32:44]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5839 Bytes] ##########

 

 

 


MiniToolbox Log


MiniToolBox by Farbar Version: 17-06-2016

Ran by Bendlebender (administrator) on 07-05-2017 at 17:47:30

Running from "C:\Users\Bendlebender\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Model: Studio 1558 Manufacturer: Dell Inc.

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

 

=========================== Installed Programs ============================

 

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)

Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0601.2151 - )

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)

Baldur's Gate™ II - Shadows of Amn™ Bonus CD (HKLM-x32\...\{014585C8-7557-11D4-9ABA-006067325E47}) (Version: - )

Baldur's Gate™ II - Throne of Bhaal ™ (HKLM-x32\...\{B8C3B479-1716-11D5-968A-0050BA84F5F7}) (Version: - )

BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version: - BioWare Corp.)

Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)

ccc-core-static (HKLM-x32\...\{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}) (Version: 2010.0601.2152.37421 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)

Circle of Eight Modpack version 6.1.0 NC (HKLM-x32\...\{F25E8F2C-8443-42B6-A232-9236A74507C5}_is1) (Version: 6.1.0 NC - Circle of Eight)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

Creature Chaos 4.22 (HKLM-x32\...\{BA6A41DC-603B-49D5-AC40-2A125DFF6DB8}_is1) (Version: - Creature Chaos Mod Team)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)

Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)

Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

DJ OldGames Package: Stronghold (HKLM-x32\...\Stronghold63) (Version: 1.0.3.0 - DJ)

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)

Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)

GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )

GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )

HHD Software Free Hex Editor Neo 5.14 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)

HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)

ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version: - )

Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version: - )

Impossible Creatures 1.0.1 (HKLM-x32\...\{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}) (Version: 1.0.1 - Microsoft)

Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)

IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)

Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version: - )

NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)

OHRRPGCE alectormancy+2 20120731 (HKLM-x32\...\Official Hamster Republic RPG Construction Engine_is1) (Version: - Hamster Republic Productions)

PRC Pack (HKLM-x32\...\PRC Pack) (Version: - )

Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden

Skins (HKLM-x32\...\{220D75B2-56A3-02AF-CF23-25520587D973}) (Version: 2010.0601.2152.37421 - ATI) Hidden

Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)

Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)

Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)

Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)

Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version: - )

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)

Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)

WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.14 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

========================= Restore Points ==================================

 

24-08-2016 09:45:47 Windows Update

26-08-2016 04:24:28 Windows Update

30-08-2016 08:43:46 ComboFix created restore point

02-09-2016 08:42:16 Windows Update

08-09-2016 09:56:14 Windows Update

25-09-2016 05:44:13 Windows Update

25-09-2016 06:21:50 Windows Update

01-10-2016 09:13:48 Windows Update

08-10-2016 09:34:50 Windows Update

09-10-2016 04:08:57 Windows Update

09-10-2016 04:27:16 Windows Update

20-10-2016 08:32:25 Scheduled Checkpoint

30-10-2016 08:00:19 Scheduled Checkpoint

09-11-2016 08:09:15 Scheduled Checkpoint

17-11-2016 10:05:09 Scheduled Checkpoint

25-11-2016 09:30:20 Scheduled Checkpoint

06-12-2016 08:20:29 Scheduled Checkpoint

11-12-2016 10:27:04 Windows Update

19-12-2016 10:57:56 Windows Update

28-12-2016 10:46:44 Windows Update

11-01-2017 10:13:41 Scheduled Checkpoint

18-01-2017 10:20:25 Scheduled Checkpoint

02-02-2017 10:18:35 Scheduled Checkpoint

11-02-2017 10:19:27 Scheduled Checkpoint

24-02-2017 10:12:47 Scheduled Checkpoint

05-03-2017 10:12:01 Scheduled Checkpoint

14-03-2017 09:15:55 Scheduled Checkpoint

24-03-2017 09:25:04 Scheduled Checkpoint

06-04-2017 09:46:18 Scheduled Checkpoint

15-04-2017 09:07:00 Scheduled Checkpoint

30-04-2017 09:41:04 Scheduled Checkpoint

 

**** End of log ****

 

 

 

 

Security Check Log

 

Results of screen317's Security Check version 1.014 --- 12/23/15

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avast Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 25.0.0.148

Google Chrome (57.0.2987.133)

Google Chrome (plugins...)

Google Chrome (SetupMetrics...)

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast x64 aswidsagenta.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

 

 

 

 

 

So what is the next step? Also, thanks for the help and time.



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:47 PM

Posted 08 May 2017 - 02:47 AM

Duplicate post. 

https://www.bleepingcomputer.com/forums/t/646160/found-trojanagent-gen-dropper/

 

 


Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users