Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
NEED HELP REMOVING "TROJAN.AGENT" C:\Windows\svchost.exe
Message
<blockquote data-quote="amerriw" data-source="post: 68276" data-attributes="member: 1896"><p>C:\Program Files (x86)\Topckit\Topckit_2012.exe a variant of Win32/Adware.Topckit application cleaned by deleting - quarantined</p><p>C:\Qoobox\Quarantine\C\Windows\Installer\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined</p><p>C:\Qoobox\Quarantine\C\Windows\Installer\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined</p><p>C:\Users\Augie\Downloads\TopckitInstall004.exe a variant of Win32/Adware.Topckit application cleaned by deleting - quarantined</p><p>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNBKMGKW\all-videos[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined</p><p>C:\Windows\System32\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined</p><p></p><p></p><p></p><p>RogueKiller V7.6.6 [08/10/2012] by Tigzy</p><p>mail: tigzyRK<at>gmail<dot>com</p><p>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Blog: http://tigzyrk.blogspot.com</p><p></p><p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</p><p>Started in : Normal mode</p><p>User: Augie [Admin rights]</p><p>Mode: Scan -- Date: 08/13/2012 22:25:42</p><p></p><p>¤¤¤ Bad processes: 1 ¤¤¤</p><p>[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]</p><p></p><p>¤¤¤ Registry Entries: 2 ¤¤¤</p><p>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</p><p>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p>[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND</p><p></p><p>¤¤¤ Driver: [NOT LOADED] ¤¤¤</p><p></p><p>¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>127.0.0.1 localhost</p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++</p><p>--- User ---</p><p>[MBR] c4adacdbbc7bc302e46764abc1b58cbb</p><p>[BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo</p><p>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461577 Mo</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 945719296 | Size: 15059 Mo</p><p>3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo</p><p>User = LL1 ... OK!</p><p>User != LL2 ... KO!</p><p>--- LL2 ---</p><p>[MBR] 7818a983e78e8cef111273ef1cdfbf13</p><p>[BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code</p><p>Partition table:</p><p>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo</p><p>1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo</p><p>2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo</p><p>3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo</p><p></p><p>Finished : << RKreport[1].txt >></p><p>RKreport[1].txt</p><p></p><p></p><p></p><p>RogueKiller V7.6.6 [08/10/2012] by Tigzy</p><p>mail: tigzyRK<at>gmail<dot>com</p><p>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Blog: http://tigzyrk.blogspot.com</p><p></p><p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</p><p>Started in : Normal mode</p><p>User: Augie [Admin rights]</p><p>Mode: Remove -- Date: 08/13/2012 22:27:19</p><p></p><p>¤¤¤ Bad processes: 1 ¤¤¤</p><p>[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]</p><p></p><p>¤¤¤ Registry Entries: 2 ¤¤¤</p><p>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</p><p>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p>[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED</p><p></p><p>¤¤¤ Driver: [NOT LOADED] ¤¤¤</p><p></p><p>¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>127.0.0.1 localhost</p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++</p><p>--- User ---</p><p>[MBR] c4adacdbbc7bc302e46764abc1b58cbb</p><p>[BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo</p><p>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461577 Mo</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 945719296 | Size: 15059 Mo</p><p>3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo</p><p>User = LL1 ... OK!</p><p>User != LL2 ... KO!</p><p>--- LL2 ---</p><p>[MBR] 7818a983e78e8cef111273ef1cdfbf13</p><p>[BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code</p><p>Partition table:</p><p>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo</p><p>1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo</p><p>2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo</p><p>3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo</p><p></p><p>Finished : << RKreport[2].txt >></p><p>RKreport[1].txt ; RKreport[2].txt</p><p></p><p></p><p></p><p>RogueKiller V7.6.6 [08/10/2012] by Tigzy</p><p>mail: tigzyRK<at>gmail<dot>com</p><p>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Blog: http://tigzyrk.blogspot.com</p><p></p><p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</p><p>Started in : Normal mode</p><p>User: Augie [Admin rights]</p><p>Mode: Shortcuts HJfix -- Date: 08/13/2012 22:29:08</p><p></p><p>¤¤¤ Bad processes: 1 ¤¤¤</p><p>[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]</p><p></p><p>¤¤¤ Driver: [NOT LOADED] ¤¤¤</p><p></p><p>¤¤¤ File attributes restored: ¤¤¤</p><p>Desktop: Success 1 / Fail 0</p><p>Quick launch: Success 1 / Fail 0</p><p>Programs: Success 19 / Fail 0</p><p>Start menu: Success 0 / Fail 0</p><p>User folder: Success 219 / Fail 0</p><p>My documents: Success 4 / Fail 0</p><p>My favorites: Success 0 / Fail 0</p><p>My pictures: Success 0 / Fail 0</p><p>My music: Success 2 / Fail 0</p><p>My videos: Success 0 / Fail 0</p><p>Local drives: Success 71 / Fail 0</p><p>Backup: [NOT FOUND]</p><p></p><p>Drives:</p><p>[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored</p><p>[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored</p><p>[E:] \Device\CdRom0 -- 0x5 --> Skipped</p><p>[Q:] \Device\SftVol -- 0x3 --> Restored</p><p></p><p>¤¤¤ Infection : ZeroAccess ¤¤¤</p><p></p><p>Finished : << RKreport[3].txt >></p><p>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt</p><p></p><p></p><p></p><p></p><p></p><p> Time : 13/08/2012 22:25:42</p><p> --------------------------</p><p>[c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe</p><p></p><p></p><p>[PARTICULAR] Time : 13/08/2012 22:26:43</p><p> --------------------------</p><p>ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_64\desktop.ini</p><p></p><p></p><p> Time : 13/08/2012 22:27:19</p><p> --------------------------</p><p>[c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe</p><p></p><p></p><p> Time : 13/08/2012 22:29:08</p><p> --------------------------</p><p>[c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe</p><p></p><p></p><p>Jack thanks for getting back to me! I don't think I received a HitMan log....computer is running smooth and I have no redirects and it isnt as slow as it was before</p></blockquote><p></p>
[QUOTE="amerriw, post: 68276, member: 1896"] C:\Program Files (x86)\Topckit\Topckit_2012.exe a variant of Win32/Adware.Topckit application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined C:\Users\Augie\Downloads\TopckitInstall004.exe a variant of Win32/Adware.Topckit application cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNBKMGKW\all-videos[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Augie [Admin rights] Mode: Scan -- Date: 08/13/2012 22:25:42 ¤¤¤ Bad processes: 1 ¤¤¤ [SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] c4adacdbbc7bc302e46764abc1b58cbb [BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461577 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 945719296 | Size: 15059 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 7818a983e78e8cef111273ef1cdfbf13 [BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo Finished : << RKreport[1].txt >> RKreport[1].txt RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Augie [Admin rights] Mode: Remove -- Date: 08/13/2012 22:27:19 ¤¤¤ Bad processes: 1 ¤¤¤ [SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] c4adacdbbc7bc302e46764abc1b58cbb [BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461577 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 945719296 | Size: 15059 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 7818a983e78e8cef111273ef1cdfbf13 [BSP] baf9db6ae766a805a9239f6400923740 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Augie [Admin rights] Mode: Shortcuts HJfix -- Date: 08/13/2012 22:29:08 ¤¤¤ Bad processes: 1 ¤¤¤ [SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 19 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 219 / Fail 0 My documents: Success 4 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 2 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 71 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [Q:] \Device\SftVol -- 0x3 --> Restored ¤¤¤ Infection : ZeroAccess ¤¤¤ Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt Time : 13/08/2012 22:25:42 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [PARTICULAR] Time : 13/08/2012 22:26:43 -------------------------- ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_64\desktop.ini Time : 13/08/2012 22:27:19 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe Time : 13/08/2012 22:29:08 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe Jack thanks for getting back to me! I don't think I received a HitMan log....computer is running smooth and I have no redirects and it isnt as slow as it was before [/QUOTE]
Insert quotes…
Verification
Post reply
Top