Jump to content

Bo620

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by Bo620

    svchost.exe Trojan Agent unable to quarantine - need help

    in Resolved Malware Removal Logs

    Posted

    Removed Avanced System Protector, uninstall and reinstall lastest version of Java and Adobe. Uninstalled Combofix and RogueKill and deleted logs as instructed.

    Should I keep or uninstall the following programs: mbar, Revo Uninstaller, AdwCleaner (I also have CCleaner) and Security Check?

    Also, from the last Security Check log, at the end it said Fragmentation on Drive C: 4% so should I defrag c drive? What is SSD?

    I really appriciated your effort, time and knowledge to help me throught this problem! As I said, format my harddrive and hope to get rid of the virus is not something I look forward to do. Thanks a lot! :D

    svchost.exe Trojan Agent unable to quarantine - need help

    in Resolved Malware Removal Logs

    Posted

    Hmmm I don't recall I d/l and install ASP <_< but it shows up after installing clean up program....I will take care of it....

    Oh seems like some programs are out of date...should I update them and run security check again?

    Here's the 2 reports:

    # AdwCleaner v2.009 - Logfile created 11/24/2012 at 13:42:46

    # Updated 24/11/2012 by Xplode

    # Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

    # User : Maybo - MAYBO-PC

    # Boot Mode : Normal

    # Running from : C:\Users\Maybo\Downloads\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Conduit

    Deleted on reboot : C:\Program Files (x86)\GamesBar

    Deleted on reboot : C:\Program Files (x86)\Windows iLivid Toolbar

    Deleted on reboot : C:\Program Files (x86)\WiseConvert

    Deleted on reboot : C:\Program Files (x86)\Zynga

    Deleted on reboot : C:\Program Files (x86)\Zynga

    Deleted on reboot : C:\ProgramData\iWin

    Deleted on reboot : C:\Users\Maybo\AppData\Local\Conduit

    Deleted on reboot : C:\Users\Maybo\AppData\Local\Ilivid Player

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Conduit

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\searchquband

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Searchqutoolbar

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\WiseConvert

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Zynga

    Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Zynga

    Deleted on reboot : C:\Users\Maybo\AppData\Roaming\iWin

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

    Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert

    Key Deleted : HKCU\Software\AppDataLow\Software\Zynga

    Key Deleted : HKCU\Software\AppDataLow\Toolbar

    Key Deleted : HKCU\Software\DataMngr

    Key Deleted : HKCU\Software\DataMngr_Toolbar

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert Toolbar

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zynga Toolbar

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}

    Key Deleted : HKLM\Software\Bandoo

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727

    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716

    Key Deleted : HKLM\Software\Conduit

    Key Deleted : HKLM\Software\DataMngr

    Key Deleted : HKLM\Software\Freeze.com

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B325E840-2B54-4325-B1EF-8A73DE56FABD}

    Key Deleted : HKLM\Software\SearchquMediabarTb

    Key Deleted : HKLM\Software\WiseConvert

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B325E840-2B54-4325-B1EF-8A73DE56FABD}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F5C8E0C-ED91-43ED-8DFD-F8E852B747E5}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88A67CD7-C14A-4D62-B062-C4E42D348E92}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar

    Key Deleted : HKLM\Software\Zynga

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]

    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]

    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]

    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default

    File : C:\Users\Maybo\AppData\Roaming\Mozilla\Firefox\Profiles\j1nepcvo.default\prefs.js

    Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");

    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q=");

    -\\ Google Chrome v [unable to get version]

    File : C:\Users\Maybo\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5996 octets] - [24/11/2012 10:48:00]

    AdwCleaner[R2].txt - [6092 octets] - [24/11/2012 13:40:59]

    AdwCleaner[s1].txt - [6111 octets] - [24/11/2012 13:42:46]

    ########## EOF - C:\AdwCleaner[s1].txt - [6171 octets] ##########

    Results of screen317's Security Check version 0.99.55

    Windows Vista Service Pack 2 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Disabled!

    Norton 360

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    I SPY Mystery

    Malwarebytes Anti-Malware version 1.65.1.1000

    FixCleaner

    Java™ 6 Update 33

    Java 7 Update 7

    Java™ 6 Update 5

    Java™ 6 Update 7

    Java version out of Date!

    Adobe Flash Player 11.5.502.110

    Adobe Reader 8 Adobe Reader out of Date!

    Adobe Reader X KB403742.. Adobe Reader out of Date!

    Mozilla Firefox 16.0.2 Firefox out of Date!

    Google Chrome 21.0.1180.83

    Google Chrome 21.0.1180.89

    Google Chrome 22.0.1229.79

    Google Chrome 22.0.1229.92

    Google Chrome 22.0.1229.94

    Google Chrome 23.0.1271.64

    ````````Process Check: objlist.exe by Laurent````````

    Norton ccSvcHst.exe

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log``````````````````````

    svchost.exe Trojan Agent unable to quarantine - need help

    in Resolved Malware Removal Logs

    Posted

    It happends when show window blue screen with error IRQL_NOT_LESS_OR_EQUAL. I've run Malware and it shows there's Trojan Agent in my c:\windows\svchost.exe (show up twice). Select them all to remove but it did not get quarantine. Ran ComboFix and it fixed 1 andstill one remaining, tried to run it again but still and crash to blue screen again. Ran Malware again and 2 Trojan Agent show up again.

    I am able to run window in safe mode with network, it crash too fast if I start Windows normally. Not sure if I did anything wrong during the process. Is there any recommendation?

    Reinstall window and formatting my hard-drive will be the very last step I want to do.

    Thank you and appriciate your help.

    Bo

    mbam log:

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.24.03

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)

    Internet Explorer 9.0.8112.16421

    Maybo :: MAYBO-PC [administrator]

    Protection: Disabled

    11/23/2012 7:53:08 PM

    mbam-log-2012-11-23 (19-53-08).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 249182

    Time elapsed: 3 minute(s), 4 second(s)

    Memory Processes Detected: 1

    C:\Windows\svchost.exe (Trojan.Agent) -> 1116 -> Delete on reboot.

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.