1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SVChost.exe process running high

Discussion in 'Virus & Other Malware Removal' started by grpc12, Sep 27, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. grpc12

    grpc12 Thread Starter

    Joined:
    Sep 27, 2013
    Messages:
    3
    Svchost file running high

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21342 BrowserJavaVersion: 10.21.2
    Run by Gert at 9:58:35 on 2013-09-27
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\DOCUME~1\Gert\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\wudfhost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = about:blank
    uProxyServer = localhost:21320
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [uTorrent] "c:\documents and settings\gert\application data\utorrent\uTorrent.exe" /MINIMIZED
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-System: legalnoticecaption = Bigen Africa - Computer Policy
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    IE: Customize Menu - <no file>
    IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - <no file>
    IE: Fill Forms - <no file>
    IE: RoboForm Toolbar - <no file>
    IE: Save Forms - <no file>
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{274131D9-A633-4D93-9959-6562259345B6} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{278A8477-AEA2-4BF2-AA0B-F9E652716909} : NameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\gert\application data\mozilla\firefox\profiles\vmgs2ldf.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.za
    FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
    FF - plugin: c:\documents and settings\gert\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: !HIDDEN! 2009-09-01 23:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 78d0d9cf000000000000001f3ab12094
    FF - user.js: extensions.BabylonToolbar.instlDay - 15548
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.114:52:42
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3012_7
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? androidusb;ADB Interface Driver
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
    R? ew_usbenumfilter;huawei_CompositeFilter
    R? ewusbnet;HUAWEI USB-NDIS miniport
    R? huawei_cdcacm;huawei_cdcacm
    R? huawei_cdcecm;huawei_cdcecm
    R? huawei_enumerator;huawei_enumerator
    R? huawei_ext_ctrl;huawei_ext_ctrl
    R? massfilter_hs;HS HandSet Mass Storage Filter Driver
    R? NBAG723;ZyXEL 802.11a/b/g AG723 Driver
    R? nmwcdnsu;Nokia USB Flashing Phone Parent
    R? nmwcdnsuc;Nokia USB Flashing Generic
    R? SDScannerService;Spybot-S&D 2 Scanner Service
    R? SDUpdateService;Spybot-S&D 2 Updating Service
    R? SDWSCService;Spybot-S&D 2 Security Center Service
    R? SkypeUpdate;Skype Updater
    R? Smcinst;Symantec Auto-upgrade Agent
    R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    R? zghsdiag;ZTE General Handset Diagnostic Port
    R? zghsmdm;ZTE General Handset USB Modem Proprietary
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSHX;AVGIDSHX
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avglogx;AVG Logging Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? TeamViewer8;TeamViewer 8
    .
    =============== Created Last 30 ================
    .
    2013-09-27 07:47:36 388096 ----a-r- c:\documents and settings\gert\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-09-27 07:47:34 -------- d-----w- c:\program files\Trend Micro
    2013-09-25 14:04:03 -------- d-----w- C:\Downloads
    2013-09-25 09:21:00 -------- d-----w- c:\documents and settings\gert\application data\MSNInstaller
    2013-09-18 09:18:07 -------- d-----w- C:\ProcAlyzer Dumps
    2013-09-18 03:54:59 -------- d-----w- c:\documents and settings\gert\application data\Dexpot
    2013-09-18 03:51:41 -------- d-----w- c:\documents and settings\gert\application data\OpenCandy
    2013-09-18 02:55:36 -------- d-----w- c:\documents and settings\all users\application data\MTN Online_1
    2013-09-18 02:55:09 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2013-09-17 11:20:22 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-09-17 11:20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-09-05 14:04:02 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2013-09-05 14:04:02 209272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2013-08-30 15:32:10 -------- d-----w- C:\New Folder
    .
    ==================== Find3M ====================
    .
    2013-09-20 14:04:40 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-20 14:04:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-09 23:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-04 23:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
    2013-08-03 12:18:38 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
    2013-07-19 23:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-19 23:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-19 23:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-19 23:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-10-22 05:21:20 4290744 -c--a-w- c:\program files\avg_free_stb_all_2011_1136_upgrade.exe
    2010-08-01 15:20:25 875296 -c--a-w- c:\program files\JavaSetup6u21-rv.exe
    2010-08-01 15:18:45 1105466 -c--a-w- c:\program files\OracleTrader.exe
    2009-04-20 13:41:25 3600176 -c--a-w- c:\program files\fapturbosetup.exe
    2009-04-16 09:34:02 3001016 -c--a-w- c:\program files\AiRoboForm-cnetc.exe
    2009-04-07 09:51:52 1490192 -c--a-w- c:\program files\ClixSense.com.exe
    2009-04-07 07:47:22 3001016 -c--a-w- c:\program files\AiRoboForm-googi.exe
    2008-09-15 12:51:19 7730856 -c--a-w- c:\program files\Google_Earth_CZXV.exe
    2006-08-21 11:00:50 178831132 -c--a-w- c:\program files\toolkitCD4-0.exe
    .
    ============= FINISH: 10:11:03.48 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/08/2008 22:28:41
    System Uptime: 27/09/2013 08:51:29 (2 hours ago)
    .
    Motherboard: Acer | | Columbia
    Processor: Intel Pentium II processor | U2E1 | 1995/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 53 GiB total, 3.805 GiB free.
    D: is FIXED (FAT32) - 53 GiB total, 0.2 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    Acer Crystal Eye Webcam Video Class Camera
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader XI (11.0.04)
    Adobe Stock Photos 1.0
    Apple Software Update
    ArcSoft Panorama Maker 5
    AVG 2012
    AVG 2013
    Broadcom Gigabit Integrated Controller
    Bullzip PDF Printer 9.8.0.1599
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 2.1
    Canon MX860 series MP Drivers
    Configuration Manager Client
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X6
    CorelDRAW Graphics Suite X6 - Capture
    CorelDRAW Graphics Suite X6 - Common
    CorelDRAW Graphics Suite X6 - Connect
    CorelDRAW Graphics Suite X6 - Custom Data
    CorelDRAW Graphics Suite X6 - Draw
    CorelDRAW Graphics Suite X6 - EN
    CorelDRAW Graphics Suite X6 - Filters
    CorelDRAW Graphics Suite X6 - FontNav
    CorelDRAW Graphics Suite X6 - IPM
    CorelDRAW Graphics Suite X6 - PHOTO-PAINT
    CorelDRAW Graphics Suite X6 - Photozoom Plugin
    CorelDRAW Graphics Suite X6 - Redist
    CorelDRAW Graphics Suite X6 - Setup Files
    CorelDRAW Graphics Suite X6 - VBA
    CorelDRAW Graphics Suite X6 - VideoBrowser
    CorelDRAW Graphics Suite X6 - VSTA
    CorelDRAW Graphics Suite X6 - Writing Tools
    Critical Update for Windows Media Player 11 (KB959772)
    e-Sword
    Free Download Manager 3.9.2
    Free YouTube Downloader 3.5.159
    Garmap SA Waterways 2009
    Garmap SAS 2009 TMC
    Garmap SAS DEM TMC
    Garmap SAS Topo TMC
    Garmin BaseCamp
    Garmin Communicator Plugin
    Garmin MapInstall
    Garmin MapSource
    Garmin nRoute
    Garmin POI Loader
    Garmin USB Drivers
    Garmin WebUpdater
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    GPL Ghostscript Lite 9.06.15
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 21
    Java Auto Updater
    LG Burning Tool
    LightScribe 1.4.142.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual Basic for Applications 7.1 (x86)
    Microsoft Visual Basic for Applications 7.1 (x86) English
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft_VC100_CRT_SP1_x86
    Mozilla Firefox 23.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 6.0 Parser (KB933579)
    MXit EVO PC
    Nero 6 Ultra Edition
    Nikon Message Center 2
    Nokia Connectivity Cable Driver
    Nokia Suite
    PC Connectivity Solution
    QFolder
    QuickTime
    RDC
    Realtek High Definition Audio Driver
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB2761465)
    Security Update for Windows Internet Explorer 7 (KB2792100)
    Security Update for Windows Internet Explorer 7 (KB2797052)
    Security Update for Windows Internet Explorer 7 (KB2799329)
    Security Update for Windows Internet Explorer 7 (KB2809289)
    Security Update for Windows Internet Explorer 7 (KB2817183)
    Security Update for Windows Internet Explorer 7 (KB2829530)
    Security Update for Windows Internet Explorer 7 (KB2838727)
    Security Update for Windows Internet Explorer 7 (KB2846071)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 6.6
    Spybot - Search & Destroy
    SureTrak 2.0
    Synaptics Pointing Device Driver
    TeamViewer 8
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB957241)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office InfoPath 2007 Help (KB957243)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Publisher 2007 Help (KB957249)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Microsoft Script Editor Help (KB957253)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 2.0.8
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.20 (32-bit)
    .
    ==== End Of File ===========================


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:57:37, on 27/09/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21342)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\DOCUME~1\Gert\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Gert\My Documents\Downloads\4h7l01kg.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Gert\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{278A8477-AEA2-4BF2-AA0B-F9E652716909}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

    --
    End of file - 8664 bytes


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-09-28 03:32:21
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HTS542512K9SA00 rev.BB2OC31P 111.79GB
    Running: 4h7l01kg.exe; Driver: C:\DOCUME~1\Gert\LOCALS~1\Temp\ugldqpow.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB6CF35D0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB6CF3700]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB6CF3010]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB6CF3300]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB6CF33E0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB6CF3120]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB6CF3210]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB6CF34D0]

    INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys 98B8E16D
    INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys 98B8DFC2

    ---- Kernel code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0x988CC400, 0x87EE2, 0xE8000020]
    .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x98970620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x98970620]
    .protectÿÿÿÿhardlockunknown last code section [0x98970400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0x98970400, 0x5126, 0xE0000020]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[876] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 109DECBA C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[876] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 109DEC49 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[876] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 107FC6FD C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[876] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 107FCCF3 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0171F140 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D3FDF5 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D3FDD2 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01722942 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D3FD53 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 057446A0 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 05744320 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 05744580 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!recv 71AB676F 5 Bytes JMP 057444E0 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 057443C0 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 05745740 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 05744710 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WININET.dll!InternetReadFile 3D9513E4 5 Bytes JMP 057446C0 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WININET.dll!HttpSendRequestA 3D953548 5 Bytes JMP 05744730 C:\Program Files\Free Download Manager\flvsniff.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] WININET.dll!HttpSendRequestW 3D95F017 5 Bytes JMP 05744770 C:\Program Files\Free Download Manager\flvsniff.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

    Device mrxsmb.sys
    Device Fastfat.SYS

    AttachedDevice fltmgr.sys

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5d4d13
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x3F 0x28 0x1F 0xD1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 38480
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{278A8477-AEA2-4BF2-AA0B-F9E652716909}@DhcpRetryTime 287
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a5d4d13 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x3F 0x28 0x1F 0xD1 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -1212351580
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30325604
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -1210476580
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30325604
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[email protected] 6

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- Files - GMER 2.1 ----

    File C:\Documents and Settings\Gert\Local Settings\Temp\fdm98A.tmp 0 bytes

    ---- EOF - GMER 2.1 ----

     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]
     
  3. grpc12

    grpc12 Thread Starter

    Joined:
    Sep 27, 2013
    Messages:
    3
    The svchost.exe process is still running high.




    # AdwCleaner v3.005 - Report created 28/09/2013 at 16:16:29
    # Updated 22/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Gert - GERT
    # Running from : C:\Downloads\Software\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    Folder Deleted : C:\Program Files\SimilarSites
    Folder Deleted : C:\Documents and Settings\Gert\Local Settings\Application Data\ConduitEngine
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\file scout
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\SimilarSites
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\jetpack
    Folder Deleted : C:\Documents and Settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\SweetPacksToolbarData
    File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
    File Deleted : C:\Documents and Settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\.autoreg
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Documents and Settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
    Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\oneclick
    Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2192277
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6000.21342


    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Documents and Settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\prefs.js ]

    Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.google.com");
    Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.id", "78d0d9cf000000000000001f3ab12094");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15548");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3012_7");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.114:52:42");
    Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
    Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
    Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
    Line Deleted : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
    Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
    Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{FE02F412-D4E5-11E1-825A-001F3AB12094}");
    Line Deleted : user_pref("sweetim.toolbar.version", "1.5.0.2");

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Gert\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [12998 octets] - [28/09/2013 14:37:42]
    AdwCleaner[S0].txt - [13220 octets] - [28/09/2013 16:16:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13281 octets] ##########
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. grpc12

    grpc12 Thread Starter

    Joined:
    Sep 27, 2013
    Messages:
    3
    ComboFix 13-10-01.03 - Gert 01/10/2013 23:57:30.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.27.1033.18.2038.1430 [GMT 2:00]
    Running from: c:\documents and settings\Gert\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.ilg
    c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.ilg
    c:\program files\avg_free_stb_all_2011_1136_upgrade.exe
    c:\windows\system\W32MKSET.DLL
    c:\windows\system\W32MKSET.EXE
    c:\windows\system\WDBUUI32.DLL
    c:\windows\system32\SET163.tmp
    c:\windows\system32\SET164.tmp
    c:\windows\system32\SET165.tmp
    c:\windows\system32\SET16B.tmp
    c:\windows\system32\SET16C.tmp
    c:\windows\system32\SET16D.tmp
    c:\windows\system32\SET171.tmp
    c:\windows\system32\SET174.tmp
    c:\windows\system32\SET175.tmp
    c:\windows\system32\SET177.tmp
    c:\windows\system32\SET17C.tmp
    c:\windows\system32\SET180.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-09-01 to 2013-10-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-10-01 15:02 . 2013-10-01 15:02 -------- d-----w- c:\program files\VirtualDJ
    2013-10-01 14:58 . 2013-10-01 14:58 -------- d-----w- c:\documents and settings\Gert\Local Settings\Application Data\Max Secure Software
    2013-10-01 14:32 . 2013-10-01 14:58 -------- d-----w- c:\documents and settings\Gert\Application Data\GetRightToGo
    2013-09-28 12:37 . 2013-09-28 15:26 -------- d-----w- C:\AdwCleaner
    2013-09-28 08:02 . 2013-09-28 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG 0913b Campaign
    2013-09-27 07:47 . 2013-09-27 07:47 388096 ----a-r- c:\documents and settings\Gert\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-09-27 07:47 . 2013-09-27 07:47 -------- d-----w- c:\program files\Trend Micro
    2013-09-25 14:04 . 2013-09-27 13:02 -------- d-----w- C:\Downloads
    2013-09-25 09:21 . 2013-09-25 09:21 -------- d-----w- c:\documents and settings\Gert\Application Data\MSNInstaller
    2013-09-20 05:58 . 2013-09-20 05:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
    2013-09-18 09:18 . 2013-09-18 09:18 -------- d-----w- C:\ProcAlyzer Dumps
    2013-09-18 03:54 . 2013-09-18 03:55 -------- d-----w- c:\documents and settings\Gert\Application Data\Dexpot
    2013-09-18 02:55 . 2013-09-18 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MTN Online_1
    2013-09-18 02:55 . 2012-08-20 06:37 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2013-09-17 11:20 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-09-17 11:20 . 2013-09-18 09:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 15:01 . 2013-08-07 18:55 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2013-09-20 14:04 . 2012-07-23 16:06 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-20 14:04 . 2012-07-23 16:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-09 23:34 . 2013-03-01 08:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-04 23:43 . 2013-02-08 02:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-08-07 18:58 . 2013-08-07 18:58 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
    2013-08-07 18:57 . 2013-08-07 18:57 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
    2013-08-05 13:30 . 2004-08-05 04:00 1289728 ----a-w- c:\windows\system32\ole32.dll
    2013-08-03 12:18 . 2006-10-18 19:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
    2013-07-19 23:51 . 2013-02-08 02:37 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-19 23:50 . 2013-03-29 00:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-19 23:50 . 2012-04-19 02:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-19 23:50 . 2013-06-28 13:35 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-08-01 15:20 . 2010-08-01 15:20 875296 -c--a-w- c:\program files\JavaSetup6u21-rv.exe
    2010-08-01 15:18 . 2010-08-01 15:18 1105466 -c--a-w- c:\program files\OracleTrader.exe
    2009-04-20 13:41 . 2009-04-20 13:40 3600176 -c--a-w- c:\program files\fapturbosetup.exe
    2009-04-16 09:34 . 2009-04-16 09:34 3001016 -c--a-w- c:\program files\AiRoboForm-cnetc.exe
    2009-04-07 09:51 . 2009-04-07 09:51 1490192 -c--a-w- c:\program files\ClixSense.com.exe
    2009-04-07 07:47 . 2009-04-07 07:47 3001016 -c--a-w- c:\program files\AiRoboForm-googi.exe
    2008-09-15 12:51 . 2008-09-15 12:51 7730856 -c--a-w- c:\program files\Google_Earth_CZXV.exe
    2006-08-21 11:00 . 2009-03-04 11:13 178831132 -c--a-w- c:\program files\toolkitCD4-0.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\documents and settings\Gert\Application Data\uTorrent\uTorrent.exe" [2013-06-19 1045072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-18 124256]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-2111687655-725345543-6845\Scripts\Logon\0\0]
    "Script"=\\Server-1\SYSVOL\pta.bigenafrica.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\USER\Scripts\Logon\TEMP.cmd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-16044\Scripts\Logon\0\0]
    "Script"=NoticeWC.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-16044\Scripts\Logon\1\0]
    "Script"=BVLDriveMapping.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-16044\Scripts\Logon\2\0]
    "Script"=cscript.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-28611\Scripts\Logon\0\0]
    "Script"=NoticeWC.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-28611\Scripts\Logon\1\0]
    "Script"=BVLDriveMapping.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2328836749-2285196435-3130410176-28611\Scripts\Logon\2\0]
    "Script"=cscript.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
    backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Program Files^Adobe^Acrobat.com^Startup^Adobe Gamma.lnk]
    path=c:\program files\Adobe\Acrobat.com\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
    2005-06-12 03:51 53248 -c--a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 03:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-07-28 00:20 116648 ----atw- c:\documents and settings\Gert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-06-13 20:55 162584 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-06-13 20:56 142104 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 03:42 1695232 -c--a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-06-13 20:55 138008 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2013-06-19 08:57 1045072 ----a-w- c:\documents and settings\Gert\Application Data\uTorrent\uTorrent.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Mobile Partner"=c:\program files\Afrihost Mobile\Afrihost Mobile
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "<NO NAME>"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=
    "c:\\WINDOWS\\system32\\msiexec.exe"=
    "c:\\Documents and Settings\\Gert\\Application Data\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [08/02/2013 04:37 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [08/02/2013 04:37 39224]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [29/03/2013 02:53 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [01/03/2013 10:32 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [28/06/2013 15:35 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 05:17 182072]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
    R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [20/12/2012 21:43 4308320]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [17/09/2013 13:20 171928]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 10:13 162408]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys --> c:\windows\system32\Drivers\androidusb.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [11/06/2013 15:40 83864]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
    S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
    S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
    S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;\??\c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
    S3 NBAG723;ZyXEL 802.11a/b/g AG723 Driver;c:\windows\system32\drivers\Wlanchag.sys [15/01/2009 12:09 360256]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/06/2013 04:36 137600]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/06/2013 04:36 8576]
    S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [17/09/2013 13:20 1817560]
    S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [17/09/2013 13:20 1033688]
    S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [11/06/2013 15:40 181912]
    S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys --> c:\windows\system32\DRIVERS\zghsdiag.sys [?]
    S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys --> c:\windows\system32\DRIVERS\zghsmdm.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 14:04]
    .
    2013-10-01 c:\windows\Tasks\AVG_SYS_TASK.job
    - c:\documents and settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-28 15:09]
    .
    2013-10-01 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
    - c:\documents and settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-28 15:09]
    .
    2013-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182208075-2069918957-286847283-1008Core.job
    - c:\documents and settings\Gert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-28 00:20]
    .
    2013-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182208075-2069918957-286847283-1008UA.job
    - c:\documents and settings\Gert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-28 00:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = about:blank
    uInternet Settings,ProxyServer = localhost:21320
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    IE: Customize Menu
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel
    IE: Fill Forms
    IE: RoboForm Toolbar
    IE: Save Forms
    TCP: Interfaces\{278A8477-AEA2-4BF2-AA0B-F9E652716909}: NameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Gert\Application Data\Mozilla\Firefox\Profiles\vmgs2ldf.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.za
    FF - ExtSQL: !HIDDEN! 2009-09-01 23:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
    Notify-SDWinLogon - SDWinLogon.dll
    MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
    MSConfigStartUp-PrivitizeVPN - c:\program files\PrivitizeVPN\PrivitizeVPN.exe
    AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-10-02 00:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-10-02 00:16:53
    ComboFix-quarantined-files.txt 2013-10-01 22:16
    .
    Pre-Run: 15,844,397,056 bytes free
    Post-Run: 15,978,274,816 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - FB5F26E4B42B2C448D6ABCAB3FE38D73
    99852D5C3A78447C3D6D82B6155FE848
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
    it looks like Combofix might have removed a couple of legitimate files there
    can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders
    that will make a zipped copy of the quarantine folder
    then
    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details
    In the subject box please put: Files for DVK01

    In the body of the post paste the contents of the code box:
    Code:
    combofix Quarantine folder from 
    http://forums.techguy.org/virus-other-malware-removal/1109424-svchost-exe-process-running-high.html#post8782834
    

    & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - SVChost process running
  1. Mackoy
    Replies:
    0
    Views:
    360
  2. Wysocki
    Replies:
    19
    Views:
    2,231
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1109424

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice