TechSpot

[A] Trojan.agent

By Dan Phip
Jul 19, 2012
  1. I have read several forum post on thsi same issue but I guess im not understanding what to do. I have malwarebites and AVG full, malware bites founda trojan.agent aand I quaranteened it altho it keeps trying to access the server, becasue its only outgoing from what ive noticed so far, I found the process that is where its hidding svchost.exe *32 the memroy it uses is 34,856 and its discription is " winrscmde". when I run AVG fullscan it finds anywhere from 7 to 28 root kits seems to only be affecting drivers the most but im not real sure on that part. plz help.
     
  2. Dan Phip

    Dan Phip TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.19.10
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dan :: DAN-PC [administrator]
    Protection: Enabled
    7/19/2012 10:42:48 AM
    mbam-log-2012-07-19 (10-42-48).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 27713
    Time elapsed: 1 minute(s), 33 second(s) [aborted]
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    2012/07/19 01:20:08 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 01:20:11 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 01:20:14 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 01:20:18 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 01:20:29 -0500 DAN-PC Dan MESSAGE Starting database refresh
    2012/07/19 01:20:29 -0500 DAN-PC Dan MESSAGE Stopping IP protection
    2012/07/19 01:24:38 -0500 DAN-PC Dan MESSAGE IP Protection stopped
    2012/07/19 01:24:53 -0500 DAN-PC Dan MESSAGE Database refreshed successfully
    2012/07/19 01:24:53 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 01:24:57 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 01:31:43 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49695, Process: svchost.exe)
    2012/07/19 01:39:32 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 01:39:36 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 01:39:39 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 01:39:43 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 01:42:33 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/07/19 01:42:43 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:42:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:43:55 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:26 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:44:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:45:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:46:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:46:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:46:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:46:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:46:51 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:01 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:32 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:47:52 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:48:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:48:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:48:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:48:33 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:48:43 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 01:52:10 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 01:52:13 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 01:52:16 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 01:52:19 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 01:52:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 49173, Process: svchost.exe)
    2012/07/19 01:52:48 -0500 DAN-PC Dan IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49178, Process: svchost.exe)
    2012/07/19 01:55:53 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 49323, Process: svchost.exe)
    2012/07/19 02:02:16 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 02:02:19 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 02:02:22 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 02:02:25 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 02:05:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49718, Process: svchost.exe)
    2012/07/19 02:05:51 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49738, Process: svchost.exe)
    2012/07/19 02:08:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49744, Process: svchost.exe)
    2012/07/19 02:19:49 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 50178, Process: svchost.exe)
    2012/07/19 09:52:24 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 09:52:28 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 09:52:31 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 09:52:34 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 09:52:47 -0500 DAN-PC Dan IP-BLOCK 206.161.121.70 (Type: outgoing, Port: 49473, Process: svchost.exe)
    2012/07/19 09:55:28 -0500 DAN-PC Dan IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50071, Process: svchost.exe)
    2012/07/19 09:55:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50138, Process: svchost.exe)
    2012/07/19 09:55:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50187, Process: svchost.exe)
    2012/07/19 09:56:00 -0500 DAN-PC Dan IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50242, Process: svchost.exe)
    2012/07/19 09:56:33 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50410, Process: svchost.exe)
    2012/07/19 09:57:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50573, Process: svchost.exe)
    2012/07/19 10:00:55 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50896, Process: svchost.exe)
    2012/07/19 10:02:16 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51014, Process: svchost.exe)
    2012/07/19 10:02:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51061, Process: svchost.exe)
    2012/07/19 10:03:36 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51190, Process: svchost.exe)
    2012/07/19 10:03:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51193, Process: svchost.exe)
    2012/07/19 10:05:20 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51321, Process: svchost.exe)
    2012/07/19 10:05:37 -0500 DAN-PC (null) IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51363, Process: svchost.exe)
    2012/07/19 10:09:09 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 10:09:12 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 10:09:15 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 10:09:20 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 10:10:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/07/19 10:11:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:11:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:11:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:11:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:11:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:11:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:12:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:36 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:46 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:13:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:14:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:15:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:15:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:15:30 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:15:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:15:50 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:16:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:27 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:17:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:48 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:18:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:19:10 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:19:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:19:31 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:19:41 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:19:51 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:01 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:20:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:21:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:21:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:21:30 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:21:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:21:50 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:46 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:22:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:23:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:24:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:24:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:24:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:24:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:24:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:31 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:41 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:25:52 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:02 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:32 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:26:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:33 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:43 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:27:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:28:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:29:55 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:30:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:26 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:31:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:48 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:32:58 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:33:08 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:33:19 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:33:35 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 10:36:44 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 10:36:46 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 10:36:49 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 10:36:53 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 10:37:53 -0500 DAN-PC Dan MESSAGE Starting database refresh
    2012/07/19 10:37:53 -0500 DAN-PC Dan MESSAGE Stopping IP protection
    2012/07/19 10:42:48 -0500 DAN-PC Dan MESSAGE IP Protection stopped
    2012/07/19 10:42:53 -0500 DAN-PC Dan MESSAGE Database refreshed successfully
    2012/07/19 10:42:53 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 10:42:58 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 10:48:30 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52406, Process: svchost.exe)
    2012/07/19 10:48:30 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52426, Process: svchost.exe)
    2012/07/19 10:50:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52720, Process: svchost.exe)
    2012/07/19 10:51:27 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52832, Process: svchost.exe)
    2012/07/19 10:53:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/07/19 10:53:40 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/07/19 10:55:04 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53095, Process: svchost.exe)
    2012/07/19 10:58:49 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53328, Process: svchost.exe)
    2012/07/19 10:59:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53332, Process: svchost.exe)
    2012/07/19 10:59:21 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53352, Process: svchost.exe)
    2012/07/19 10:59:29 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53368, Process: svchost.exe)
    2012/07/19 11:00:17 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53449, Process: svchost.exe)
    2012/07/19 11:04:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54172, Process: svchost.exe)
    2012/07/19 11:08:20 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 54404, Process: svchost.exe)
    2012/07/19 11:18:22 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 11:18:25 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 11:18:28 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 11:18:31 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 11:22:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49393, Process: svchost.exe)
    2012/07/19 11:22:45 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49396, Process: svchost.exe)
    2012/07/19 11:29:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49583, Process: svchost.exe)
    2012/07/19 11:29:42 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49586, Process: svchost.exe)
    2012/07/19 11:37:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51456, Process: svchost.exe)
    2012/07/19 11:46:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/07/19 11:46:09 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52059, Process: svchost.exe)
    2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52062, Process: svchost.exe)
    2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52137, Process: svchost.exe)
    2012/07/19 11:46:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 11:46:58 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 11:47:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52312, Process: svchost.exe)
    2012/07/19 11:47:29 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52382, Process: svchost.exe)
    2012/07/19 11:48:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52436, Process: svchost.exe)
    2012/07/19 11:56:10 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53228, Process: svchost.exe)
    2012/07/19 11:56:18 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53231, Process: svchost.exe)
    2012/07/19 11:56:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 11:56:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 11:58:02 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53237, Process: svchost.exe)
    2012/07/19 12:00:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53245, Process: svchost.exe)
    2012/07/19 12:01:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:01:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:02:35 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53251, Process: svchost.exe)
    2012/07/19 12:04:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53260, Process: svchost.exe)
    2012/07/19 12:05:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53267, Process: svchost.exe)
    2012/07/19 12:08:12 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53302, Process: svchost.exe)
    2012/07/19 12:10:28 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53361, Process: svchost.exe)
    2012/07/19 12:10:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53364, Process: svchost.exe)
    2012/07/19 12:11:32 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53368, Process: svchost.exe)
    2012/07/19 12:13:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:14:13 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53453, Process: svchost.exe)
    2012/07/19 12:14:37 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53456, Process: svchost.exe)
    2012/07/19 12:16:37 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53572, Process: svchost.exe)
    2012/07/19 12:20:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:20:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:20:17 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:20:17 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:20:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:20:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:33:53 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54085, Process: svchost.exe)
    2012/07/19 12:35:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54097, Process: svchost.exe)
    2012/07/19 12:38:18 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54117, Process: svchost.exe)
    2012/07/19 12:50:12 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54777, Process: svchost.exe)
    2012/07/19 12:57:01 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55482, Process: svchost.exe)
    2012/07/19 12:57:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 12:57:41 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55564, Process: svchost.exe)
    2012/07/19 12:58:21 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55605, Process: svchost.exe)
    2012/07/19 12:59:58 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55813, Process: svchost.exe)
    2012/07/19 13:00:14 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55914, Process: svchost.exe)
    2012/07/19 13:00:46 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56005, Process: svchost.exe)
    2012/07/19 13:00:55 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56046, Process: svchost.exe)
    2012/07/19 13:01:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56133, Process: svchost.exe)
    2012/07/19 13:01:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56136, Process: svchost.exe)
    2012/07/19 13:05:02 -0500 DAN-PC Dan MESSAGE Starting protection
    2012/07/19 13:05:05 -0500 DAN-PC Dan MESSAGE Protection started successfully
    2012/07/19 13:05:08 -0500 DAN-PC Dan MESSAGE Starting IP protection
    2012/07/19 13:05:12 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
    2012/07/19 13:06:45 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49405, Process: svchost.exe)
    2012/07/19 13:07:01 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49410, Process: svchost.exe)
    2012/07/19 13:07:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49413, Process: svchost.exe)
    2012/07/19 13:10:22 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49714, Process: svchost.exe)
    2012/07/19 13:11:58 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49960, Process: svchost.exe)
    2012/07/19 13:13:59 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50213, Process: svchost.exe)
    2012/07/19 13:14:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50220, Process: svchost.exe)
    2012/07/19 13:16:20 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/07/19 13:16:20 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/07/19 13:18:08 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50288, Process: svchost.exe)
    2012/07/19 13:18:08 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50293, Process: svchost.exe)
    2012/07/19 13:21:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50538, Process: svchost.exe)
    2012/07/19 13:22:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50549, Process: svchost.exe)
    2012/07/19 13:22:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50554, Process: svchost.exe)
    2012/07/19 13:22:57 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50670, Process: svchost.exe)
    2012/07/19 13:23:13 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50689, Process: svchost.exe)
    2012/07/19 13:23:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 13:24:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/07/19 13:24:57 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50847, Process: svchost.exe)
     
  3. Dan Phip

    Dan Phip TS Rookie Topic Starter

    2012/07/19 13:25:46 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50854, Process: svchost.exe)
     
  4. Dan Phip

    Dan Phip TS Rookie Topic Starter

    I ran GMER and when it finihed it said "No system modifecations found.
     
  5. Dan Phip

    Dan Phip TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dan at 14:11:58 on 2012-07-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.871 [GMT -5:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.mg3.mail.yahoo.com/neo/launch?.rand=0ddqv6adfm710
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{A6BF295E-F7A2-4940-B88A-BA9CAC5A44D4} : DhcpNameServer = 10.0.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
    R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-7-18 830048]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-19 250056]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-19 17:46:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-19 17:46:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-19 16:10:45 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
    2012-07-19 15:15:47 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-07-19 15:15:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-07-19 15:15:25 -------- d-----w- C:\ProgramData\PC Tools
    2012-07-19 15:15:24 -------- d-----w- C:\Users\Dan\AppData\Roaming\TestApp
    2012-07-19 06:19:56 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
    2012-07-19 06:19:43 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-19 06:19:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-19 06:19:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 05:27:48 -------- d-----w- C:\Windows\Panther
    2012-07-19 04:57:45 -------- d-----w- C:\Windows.old
    2012-07-19 04:30:03 20480 ------w- C:\Windows\svchost.exe
    2012-07-19 04:01:14 -------- d-----w- C:\Program Files\CCleaner
    2012-07-19 03:57:40 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-07-19 03:57:40 -------- d-----w- C:\Windows\System32\Wat
    2012-07-19 03:49:29 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2012
    2012-07-19 03:48:56 -------- d-----w- C:\Users\Dan\AppData\Local\AVG Secure Search
    2012-07-19 03:48:43 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-07-19 03:48:27 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-07-19 03:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-07-19 03:48:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-07-19 03:47:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-07-19 03:46:21 -------- d--h--w- C:\$AVG
    2012-07-19 03:46:20 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-07-19 03:46:20 -------- d-----w- C:\ProgramData\AVG2012
    2012-07-19 03:44:44 -------- d-----w- C:\Program Files (x86)\AVG
    2012-07-19 03:37:46 -------- d-sh--w- C:\Windows\Installer
    2012-07-19 03:37:37 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-19 03:37:37 -------- d-----w- C:\ProgramData\MFAData
    2012-07-19 03:13:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-07-19 03:13:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-07-19 03:08:39 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-19 02:51:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-07-19 02:51:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-07-19 02:44:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-07-19 02:42:10 -------- d-----w- C:\Users\Dan\AppData\Local\VirtualStore
    2012-07-19 02:40:31 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-07-19 02:40:15 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-07-19 02:40:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-07-19 02:32:11 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-07-19 02:32:11 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-07-19 02:32:11 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-07-19 02:32:11 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-07-19 02:32:11 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-07-19 02:32:11 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-07-19 02:32:11 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-07-19 02:32:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-07-19 02:32:11 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-07-19 02:32:11 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-07-19 02:13:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-07-19 02:13:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-07-19 02:13:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-07-19 02:13:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-07-19 02:13:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-07-19 02:13:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-07-19 02:13:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-07-19 02:10:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-07-19 02:08:42 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-07-19 02:07:59 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-07-19 02:06:52 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2012-07-19 02:05:55 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll
    2012-07-19 02:04:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-07-19 02:00:10 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85C5AB8B-0BAD-46E9-AAA7-D2DE3EB6BF1A}\mpengine.dll
    2012-07-19 02:00:09 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-07-19 01:49:50 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-07-19 01:49:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-07-19 01:49:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-07-18 02:51:40 -------- d-----w- C:\f4fc50ec7aedc2ce95a099a111
    .
    ==================== Find3M ====================
    .
    2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
    .
    ============= FINISH: 14:12:47.83 ===============
     
  6. Dan Phip

    Dan Phip TS Rookie Topic Starter

    pretty sure ive gave you everything asked for from the 5 steps if I missed something please let me know..thnx
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    You missed Attach.txt part of DDS so please provide that.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...