Inactive [A] Trojan.agent

Status
Not open for further replies.

Dan Phip

Posts: 6   +0
I have read several forum post on thsi same issue but I guess im not understanding what to do. I have malwarebites and AVG full, malware bites founda trojan.agent aand I quaranteened it altho it keeps trying to access the server, becasue its only outgoing from what ive noticed so far, I found the process that is where its hidding svchost.exe *32 the memroy it uses is 34,856 and its discription is " winrscmde". when I run AVG fullscan it finds anywhere from 7 to 28 root kits seems to only be affecting drivers the most but im not real sure on that part. plz help.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.19.10
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Dan :: DAN-PC [administrator]
Protection: Enabled
7/19/2012 10:42:48 AM
mbam-log-2012-07-19 (10-42-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 27713
Time elapsed: 1 minute(s), 33 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

2012/07/19 01:20:08 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 01:20:11 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 01:20:14 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 01:20:18 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 01:20:29 -0500 DAN-PC Dan MESSAGE Starting database refresh
2012/07/19 01:20:29 -0500 DAN-PC Dan MESSAGE Stopping IP protection
2012/07/19 01:24:38 -0500 DAN-PC Dan MESSAGE IP Protection stopped
2012/07/19 01:24:53 -0500 DAN-PC Dan MESSAGE Database refreshed successfully
2012/07/19 01:24:53 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 01:24:57 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 01:31:43 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49695, Process: svchost.exe)
2012/07/19 01:39:32 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 01:39:36 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 01:39:39 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 01:39:43 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 01:42:33 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/07/19 01:42:43 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:42:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:43:55 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:26 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:44:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:45:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:46:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:46:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:46:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:46:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:46:51 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:01 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:32 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:47:52 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:48:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:48:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:48:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:48:33 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:48:43 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 01:52:10 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 01:52:13 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 01:52:16 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 01:52:19 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 01:52:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 49173, Process: svchost.exe)
2012/07/19 01:52:48 -0500 DAN-PC Dan IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49178, Process: svchost.exe)
2012/07/19 01:55:53 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 49323, Process: svchost.exe)
2012/07/19 02:02:16 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 02:02:19 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 02:02:22 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 02:02:25 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 02:05:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49718, Process: svchost.exe)
2012/07/19 02:05:51 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49738, Process: svchost.exe)
2012/07/19 02:08:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49744, Process: svchost.exe)
2012/07/19 02:19:49 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 50178, Process: svchost.exe)
2012/07/19 09:52:24 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 09:52:28 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 09:52:31 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 09:52:34 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 09:52:47 -0500 DAN-PC Dan IP-BLOCK 206.161.121.70 (Type: outgoing, Port: 49473, Process: svchost.exe)
2012/07/19 09:55:28 -0500 DAN-PC Dan IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50071, Process: svchost.exe)
2012/07/19 09:55:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50138, Process: svchost.exe)
2012/07/19 09:55:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50187, Process: svchost.exe)
2012/07/19 09:56:00 -0500 DAN-PC Dan IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50242, Process: svchost.exe)
2012/07/19 09:56:33 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50410, Process: svchost.exe)
2012/07/19 09:57:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50573, Process: svchost.exe)
2012/07/19 10:00:55 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50896, Process: svchost.exe)
2012/07/19 10:02:16 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51014, Process: svchost.exe)
2012/07/19 10:02:24 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51061, Process: svchost.exe)
2012/07/19 10:03:36 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51190, Process: svchost.exe)
2012/07/19 10:03:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51193, Process: svchost.exe)
2012/07/19 10:05:20 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51321, Process: svchost.exe)
2012/07/19 10:05:37 -0500 DAN-PC (null) IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51363, Process: svchost.exe)
2012/07/19 10:09:09 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 10:09:12 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 10:09:15 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 10:09:20 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 10:10:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/07/19 10:11:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:11:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:11:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:11:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:11:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:11:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:12:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:36 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:46 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:13:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:14:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:15:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:15:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:15:30 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:15:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:15:50 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:16:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:27 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:17:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:48 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:18:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:19:10 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:19:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:19:31 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:19:41 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:19:51 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:01 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:20:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:21:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:21:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:21:30 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:21:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:21:50 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:46 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:22:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:07 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:23:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:24:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:24:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:24:29 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:24:39 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:24:49 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:00 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:11 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:21 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:31 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:41 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:25:52 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:02 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:12 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:22 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:32 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:26:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:13 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:23 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:33 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:43 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:27:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:14 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:24 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:34 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:44 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:28:54 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:04 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:29:55 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:15 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:25 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:35 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:30:56 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:06 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:16 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:26 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:37 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:47 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:31:57 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:18 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:28 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:38 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:48 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:32:58 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:33:08 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:33:19 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:33:35 -0500 DAN-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 10:36:44 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 10:36:46 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 10:36:49 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 10:36:53 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 10:37:53 -0500 DAN-PC Dan MESSAGE Starting database refresh
2012/07/19 10:37:53 -0500 DAN-PC Dan MESSAGE Stopping IP protection
2012/07/19 10:42:48 -0500 DAN-PC Dan MESSAGE IP Protection stopped
2012/07/19 10:42:53 -0500 DAN-PC Dan MESSAGE Database refreshed successfully
2012/07/19 10:42:53 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 10:42:58 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 10:48:30 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52406, Process: svchost.exe)
2012/07/19 10:48:30 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52426, Process: svchost.exe)
2012/07/19 10:50:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52720, Process: svchost.exe)
2012/07/19 10:51:27 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52832, Process: svchost.exe)
2012/07/19 10:53:40 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/07/19 10:53:40 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
2012/07/19 10:55:04 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53095, Process: svchost.exe)
2012/07/19 10:58:49 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53328, Process: svchost.exe)
2012/07/19 10:59:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53332, Process: svchost.exe)
2012/07/19 10:59:21 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53352, Process: svchost.exe)
2012/07/19 10:59:29 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53368, Process: svchost.exe)
2012/07/19 11:00:17 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53449, Process: svchost.exe)
2012/07/19 11:04:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54172, Process: svchost.exe)
2012/07/19 11:08:20 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 54404, Process: svchost.exe)
2012/07/19 11:18:22 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 11:18:25 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 11:18:28 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 11:18:31 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 11:22:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49393, Process: svchost.exe)
2012/07/19 11:22:45 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49396, Process: svchost.exe)
2012/07/19 11:29:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49583, Process: svchost.exe)
2012/07/19 11:29:42 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49586, Process: svchost.exe)
2012/07/19 11:37:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51456, Process: svchost.exe)
2012/07/19 11:46:09 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/07/19 11:46:09 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52059, Process: svchost.exe)
2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52062, Process: svchost.exe)
2012/07/19 11:46:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52137, Process: svchost.exe)
2012/07/19 11:46:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 11:46:58 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 11:47:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52312, Process: svchost.exe)
2012/07/19 11:47:29 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52382, Process: svchost.exe)
2012/07/19 11:48:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52436, Process: svchost.exe)
2012/07/19 11:56:10 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53228, Process: svchost.exe)
2012/07/19 11:56:18 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53231, Process: svchost.exe)
2012/07/19 11:56:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 11:56:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 11:58:02 -0500 DAN-PC Dan IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53237, Process: svchost.exe)
2012/07/19 12:00:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53245, Process: svchost.exe)
2012/07/19 12:01:53 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:01:59 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:02:35 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53251, Process: svchost.exe)
2012/07/19 12:04:11 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53260, Process: svchost.exe)
2012/07/19 12:05:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53267, Process: svchost.exe)
2012/07/19 12:08:12 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53302, Process: svchost.exe)
2012/07/19 12:10:28 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53361, Process: svchost.exe)
2012/07/19 12:10:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53364, Process: svchost.exe)
2012/07/19 12:11:32 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53368, Process: svchost.exe)
2012/07/19 12:13:45 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:14:13 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53453, Process: svchost.exe)
2012/07/19 12:14:37 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53456, Process: svchost.exe)
2012/07/19 12:16:37 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53572, Process: svchost.exe)
2012/07/19 12:20:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:20:05 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:20:17 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:20:17 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:20:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:20:19 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:33:53 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54085, Process: svchost.exe)
2012/07/19 12:35:05 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54097, Process: svchost.exe)
2012/07/19 12:38:18 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54117, Process: svchost.exe)
2012/07/19 12:50:12 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54777, Process: svchost.exe)
2012/07/19 12:57:01 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55482, Process: svchost.exe)
2012/07/19 12:57:08 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 12:57:41 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55564, Process: svchost.exe)
2012/07/19 12:58:21 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55605, Process: svchost.exe)
2012/07/19 12:59:58 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55813, Process: svchost.exe)
2012/07/19 13:00:14 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55914, Process: svchost.exe)
2012/07/19 13:00:46 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56005, Process: svchost.exe)
2012/07/19 13:00:55 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56046, Process: svchost.exe)
2012/07/19 13:01:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56133, Process: svchost.exe)
2012/07/19 13:01:19 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56136, Process: svchost.exe)
2012/07/19 13:05:02 -0500 DAN-PC Dan MESSAGE Starting protection
2012/07/19 13:05:05 -0500 DAN-PC Dan MESSAGE Protection started successfully
2012/07/19 13:05:08 -0500 DAN-PC Dan MESSAGE Starting IP protection
2012/07/19 13:05:12 -0500 DAN-PC Dan MESSAGE IP Protection started successfully
2012/07/19 13:06:45 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49405, Process: svchost.exe)
2012/07/19 13:07:01 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49410, Process: svchost.exe)
2012/07/19 13:07:09 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49413, Process: svchost.exe)
2012/07/19 13:10:22 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49714, Process: svchost.exe)
2012/07/19 13:11:58 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49960, Process: svchost.exe)
2012/07/19 13:13:59 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50213, Process: svchost.exe)
2012/07/19 13:14:23 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50220, Process: svchost.exe)
2012/07/19 13:16:20 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/07/19 13:16:20 -0500 DAN-PC Dan ERROR Quarantine failed: DeleteFile failed with error code 5
2012/07/19 13:18:08 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50288, Process: svchost.exe)
2012/07/19 13:18:08 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50293, Process: svchost.exe)
2012/07/19 13:21:44 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50538, Process: svchost.exe)
2012/07/19 13:22:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50549, Process: svchost.exe)
2012/07/19 13:22:17 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50554, Process: svchost.exe)
2012/07/19 13:22:57 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50670, Process: svchost.exe)
2012/07/19 13:23:13 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50689, Process: svchost.exe)
2012/07/19 13:23:42 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 13:24:03 -0500 DAN-PC Dan DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/07/19 13:24:57 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50847, Process: svchost.exe)
 
2012/07/19 13:25:46 -0500 DAN-PC Dan IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50854, Process: svchost.exe)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dan at 14:11:58 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.871 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg3.mail.yahoo.com/neo/launch?.rand=0ddqv6adfm710
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A6BF295E-F7A2-4940-B88A-BA9CAC5A44D4} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-7-18 830048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-19 250056]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-19 17:46:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-19 17:46:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 16:10:45 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
2012-07-19 15:15:47 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-19 15:15:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-19 15:15:25 -------- d-----w- C:\ProgramData\PC Tools
2012-07-19 15:15:24 -------- d-----w- C:\Users\Dan\AppData\Roaming\TestApp
2012-07-19 06:19:56 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2012-07-19 06:19:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-19 06:19:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-19 06:19:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 05:27:48 -------- d-----w- C:\Windows\Panther
2012-07-19 04:57:45 -------- d-----w- C:\Windows.old
2012-07-19 04:30:03 20480 ------w- C:\Windows\svchost.exe
2012-07-19 04:01:14 -------- d-----w- C:\Program Files\CCleaner
2012-07-19 03:57:40 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-19 03:57:40 -------- d-----w- C:\Windows\System32\Wat
2012-07-19 03:49:29 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2012
2012-07-19 03:48:56 -------- d-----w- C:\Users\Dan\AppData\Local\AVG Secure Search
2012-07-19 03:48:43 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-19 03:48:27 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-07-19 03:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-19 03:48:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-19 03:47:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-19 03:46:21 -------- d--h--w- C:\$AVG
2012-07-19 03:46:20 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-19 03:46:20 -------- d-----w- C:\ProgramData\AVG2012
2012-07-19 03:44:44 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-19 03:37:46 -------- d-sh--w- C:\Windows\Installer
2012-07-19 03:37:37 -------- d--h--w- C:\ProgramData\Common Files
2012-07-19 03:37:37 -------- d-----w- C:\ProgramData\MFAData
2012-07-19 03:13:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-07-19 03:13:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-07-19 03:08:39 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-19 02:51:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-07-19 02:51:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-07-19 02:44:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-19 02:42:10 -------- d-----w- C:\Users\Dan\AppData\Local\VirtualStore
2012-07-19 02:40:31 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-19 02:40:15 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-19 02:40:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-19 02:32:11 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-19 02:32:11 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-19 02:32:11 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-19 02:32:11 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-19 02:32:11 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-19 02:32:11 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-19 02:32:11 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-19 02:32:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-19 02:32:11 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-19 02:32:11 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-19 02:13:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-19 02:13:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-19 02:13:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-19 02:13:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-19 02:13:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-19 02:13:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-19 02:13:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-19 02:10:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-07-19 02:08:42 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-07-19 02:07:59 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-19 02:06:52 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-07-19 02:05:55 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll
2012-07-19 02:04:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-07-19 02:00:10 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85C5AB8B-0BAD-46E9-AAA7-D2DE3EB6BF1A}\mpengine.dll
2012-07-19 02:00:09 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-19 01:49:50 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-19 01:49:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-19 01:49:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-18 02:51:40 -------- d-----w- C:\f4fc50ec7aedc2ce95a099a111
.
==================== Find3M ====================
.
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 14:12:47.83 ===============
 
pretty sure ive gave you everything asked for from the 5 steps if I missed something please let me know..thnx
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

You missed Attach.txt part of DDS so please provide that.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Status
Not open for further replies.
Back