Jump to content

svoste.exe file that keeps getting detected, but keeps coming back.


Recommended Posts

I seem to get a object detected called svoste.exe everytime I scan with malwarebytes saying it's a Trojan.AI, I delete it, and the next time I scan the scan detects it again, it keeps coming back I don't know what is is or how to delete it.



Malwarebytes Anti-Malware
Databaseversie: v2014.02.16.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
marco :: MARCO-HP [administrator]
16-2-2014 13:29:25
mbam-log-2014-02-16 (13-29-25).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 263590
Verstreken tijd: 13 minuut/minuten, 3 seconde(n)
Geheugenprocessen gedetecteerd: 1
C:\Users\marco\b49S56oS\svoste.exe (Trojan.Agent.AI) -> 5264 -> Zal worden verwijderd tijdens het herstarten.
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 3
C:\Users\marco\b49S56oS\svoste.exe (Trojan.Agent.AI) -> Zal worden verwijderd tijdens het herstarten.
C:\Users\marco\AppData\Local\Temp\addnapauqus.exe (Trojan.Agent.AI) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\marco\Local Settings\Temporary Internet Files\Content.IE5\G2DGBYUS\server106[1].exe (Trojan.Agent.AI) -> Succesvol in quarantaine geplaatst en verwijderd.





Link to post
Share on other sites




DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 18-5-2012 16:57:10

System Uptime: 13-2-2014 23:15:56 (0 hours ago)


Motherboard: Foxconn |  | 2ABF

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 453 GiB total, 165,423 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,587 GiB free.

E: is CDROM ()

F: is Removable


==== Disabled Device Manager Items =============


Class GUID: 

Description: LinksysbyCisco Internet Gateway Device

Device ID: UUID:EBF5A0A0-1DD1-11B2-A90F-C8D7199F1446\UMB\3&22208DD1&0&UUID:EBF5A0A0-1DD1-11B2-A90F-C8D7199F1446


Name: LinksysbyCisco Internet Gateway Device

PNP Device ID: UUID:EBF5A0A0-1DD1-11B2-A90F-C8D7199F1446\UMB\3&22208DD1&0&UUID:EBF5A0A0-1DD1-11B2-A90F-C8D7199F1446



==== System Restore Points ===================


RP226: 13-2-2014 9:43:15 - Gepland controlepunt


==== Installed Programs ======================


.sol Editor

7-Zip 9.22beta

802.11n Wireless LAN Card

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Agatha Christie - Peril at End House

AuthenTec TrueAPI

AVG 2013

AVG Security Toolbar

Batman: Arkham Asylum GOTY Edition


Bejeweled 3

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Cake Mania


Chronicles of Albian

Chuzzle Deluxe

Cisco Network Magic

Counter-Strike: Global Offensive

Cradle of Rome 2

Curse Client


Diablo III

Dota 2


F.E.A.R. 3


Farm Frenzy


Final Drive: Nitro

GeForce Experience NvStream Client Components

Google Chrome

Governor of Poker 2 Premium Edition


Hewlett-Packard ACLM.NET v1.2.2.3

Hi-Rez Studios Authenticate and Update Service

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP Odometer

HP Setup

HP Setup Manager

HP SimplePass PE 2011

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

Infestation Survivor Stories version 1.0

Infestation: Survivor Stories

Intel® Identity Protection Technology

Intel® Management Engine Components

Java 7 Update 45

Java Auto Updater

JavaFX 2.1.1

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update


League of Legends

Left 4 Dead 2

Magic Desktop

Mah Jong Medley

Malwarebytes Anti-Malware versie

Mesh Runtime

Microsoft .NET Framework 4.5 NLD Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Mathematics

Microsoft Office 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft XNA Framework Redistributable 4.0


Mozilla Firefox 19.0 (x86 nl)

Mozilla Maintenance Service



Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Network Magic

Norton Online Backup

NVIDIA-configuratiescherm 331.82

NVIDIA 3D Vision controllerstuurprogramma 331.82

NVIDIA 3D Vision stuurprogramma 331.82

NVIDIA GeForce Experience 1.7.1

NVIDIA Grafisch stuurprogramma 331.82

NVIDIA HD Audio-stuurprogramma

NVIDIA Install Application

NVIDIA LED Visualizer 1.0


NVIDIA PhysX systeemsoftware 9.13.0725

NVIDIA ShadowPlay 9.3.21

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 9.3.21

NVIDIA Update Components

NVIDIA Virtual Audio 1.2.9

Open Broadcaster Software

PDF Complete Special Edition


Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Poker Superstars III

Polar Bowler

Polar Golfer


PunkBuster Services

Pure Networks Platform


Razer Naga

Realtek High Definition Audio Driver

Recovery Manager

Remote Graphics Receiver


SHIELD Streaming

Skype™ 6.11

Slingo Supreme


StarCraft II

Taalpakket voor Microsoft .NET Framework 4.5 - NLD

TeamViewer 9


Tibia Testserver


Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

VIP Access SDK ( 

Virtual Villagers 5 - New Believers

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.6

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

World of Warcraft

World of Warcraft Beta

Zuma Deluxe


==== End Of File ===========================




DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2

Run by marco at 23:50:04 on 2014-02-13

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.6125.3285 [GMT 1:00]


AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}


============== Running Processes ===============



C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe


C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe


C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe



C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe


C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe




C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe


C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe


C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted


C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe


C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe


C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe



C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet





C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe



C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe




C:\Windows\System32\svchost.exe -k swprv





============== Pseudo HJT Report ===============



mWinlogon: Userinit = userinit.exe,

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

uRun: [Google Update] "C:\Users\marco\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [F.lux] "C:\Users\marco\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

uRun: [Xfire] C:\Program Files (x86)\Xfire2\Xfire.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe

mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Xfire] C:\Program Files (x86)\Xfire2\Xfire.exe

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\marco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\marco\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mdwhuzmxv.vbs

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer =

TCP: Interfaces\{D374E301-AA43-4576-807F-2805EDCEE196} : DHCPNameServer =

TCP: Interfaces\{DC042BA9-ED8D-440D-BF18-786B77BCD24C} : DHCPNameServer =

TCP: Interfaces\{DC042BA9-ED8D-440D-BF18-786B77BCD24C}\34963736F64323230383 : DHCPNameServer =

TCP: Interfaces\{DC042BA9-ED8D-440D-BF18-786B77BCD24C}\34963736F66323331373 : DHCPNameServer =

TCP: Interfaces\{DC042BA9-ED8D-440D-BF18-786B77BCD24C}\C696E6B6379737 : DHCPNameServer =

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>


================= FIREFOX ===================


FF - ProfilePath - C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\vawqgg9s.default\

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\marco\AppData\Local\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Users\marco\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll


============= SERVICES / DRIVERS ===============


R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-16 46368]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-2 8704]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-13 15125280]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-5 1128952]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]

R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-5 2656280]

R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-8 1771544]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-3-5 1360960]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-26 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-5 471144]

R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2010-12-16 126464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-1 91352]

S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-3-5 31152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-19 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]


=============== File Associations ===============


FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]


=============== Created Last 30 ================


2014-02-13 21:53:46 -------- d-----w- C:\Users\marco\AppData\Local\{DB49F776-F693-46BF-929E-7354F74FA31F}

2014-02-13 21:12:27 -------- d-sh--r- C:\Users\marco\mb5spidgd9d

2014-02-13 21:11:55 -------- d-----w- C:\Users\marco\AppData\Local\{7866CC77-4CC2-4E49-A915-0181EFBFC3D9}

2014-02-13 08:12:08 -------- d-sh--w- C:\Users\marco\i15Z28qV

2014-02-13 08:11:45 -------- d-----w- C:\Users\marco\AppData\Local\{3E8F3572-06C3-446B-91C6-FE783D99F276}

2014-02-12 18:34:31 -------- d-----w- C:\Users\marco\InterruptBar

2014-02-12 07:36:11 -------- d-sh--r- C:\Users\marco\rgunas5426q3no

2014-02-12 07:36:05 -------- d-----w- C:\Users\marco\AppData\Local\{910DD5AB-D0DA-4883-877E-0C0FD559319B}

2014-02-10 21:55:53 3792 ----a-w- C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mdwhuzmxv.vbs

2014-02-10 21:55:53 -------- d-sh--r- C:\Users\marco\7p5wnh6sb9sq15

2014-02-10 10:37:41 -------- d-----w- C:\Users\marco\AppData\Local\{D342A0EE-9A3F-4ABA-8303-DB370F1CD810}

2014-02-09 09:00:15 -------- d-----w- C:\Users\marco\AppData\Local\{66DC7654-786F-4F05-8164-AEBC02A0943C}

2014-02-08 08:40:14 -------- d-----w- C:\Users\marco\AppData\Local\{CD9B9FF4-95D4-4FE7-95B4-A41C21A9E12C}

2014-02-07 08:13:20 -------- d-----w- C:\Users\marco\AppData\Local\{FCA331F4-8A47-45DC-A9DD-647B485DC461}

2014-02-06 07:48:03 -------- d-----w- C:\Users\marco\AppData\Local\{7F941768-63D6-49E1-9908-DB3C29DF4714}

2014-02-05 21:02:34 -------- d-----w- C:\Users\marco\AppData\Roaming\Xfire

2014-02-05 21:02:22 -------- d-----w- C:\ProgramData\Xfire

2014-02-04 10:27:38 -------- d-----w- C:\Users\marco\AppData\Local\{51FD153F-2573-469D-BEB6-C1225465C389}

2014-02-02 10:01:21 -------- d-----w- C:\Users\marco\AppData\Local\{EDAC6342-DE19-43CD-B4DF-D34A188E653C}

2014-02-01 09:51:27 -------- d-----w- C:\Users\marco\AppData\Local\{B898A6AD-107B-4A83-B8C7-8D3BE6B2DCA6}

2014-01-31 07:38:02 -------- d-----w- C:\Users\marco\AppData\Local\{F7061CB1-8317-457C-994A-8BD9349507F3}

2014-01-30 08:36:14 -------- d-----w- C:\Users\marco\AppData\Local\{3E56836B-856F-4A3C-8E49-66594C4854D0}

2014-01-29 23:28:53 -------- d-----w- C:\Windows\Migration

2014-01-29 08:02:26 -------- d-----w- C:\Users\marco\AppData\Local\{4C95D157-2E6A-4EEF-ACAE-C369553BF592}

2014-01-28 09:13:41 -------- d-----w- C:\Users\marco\AppData\Local\{3F6BC5A3-2D7D-4269-A46B-43129BBC2BBF}

2014-01-27 08:25:35 -------- d-----w- C:\Users\marco\AppData\Local\{5FBA23E3-0222-45A4-A078-119914705A9F}

2014-01-26 10:08:27 -------- d-----w- C:\Users\marco\AppData\Local\{92735383-7EED-45EA-BF69-9315776C127F}

2014-01-24 09:21:07 -------- d-----w- C:\Users\marco\AppData\Local\{416AE915-EFBE-42F1-A1E5-A173751B6A21}

2014-01-23 08:11:29 -------- d-----w- C:\Users\marco\AppData\Local\{0B188194-4A6A-4F66-812D-97448484836B}

2014-01-22 05:31:44 -------- d-----w- C:\Users\marco\AppData\Local\{C03C7430-8F24-4A6F-A519-26EF0E2E7315}

2014-01-21 10:42:36 -------- d-----w- C:\Users\marco\AppData\Local\{11D66729-3AC1-47EA-8DC6-F630B7FEF33B}

2014-01-19 22:53:42 -------- d-----w- C:\Program Files (x86)\Whorecraft

2014-01-19 09:49:33 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

2014-01-19 09:35:49 -------- d-----w- C:\Users\marco\AppData\Local\{4E138510-502C-4C34-B6F9-0189B7A87233}

2014-01-18 09:44:44 -------- d-----w- C:\Users\marco\AppData\Local\{779DF3D5-BF37-438D-A0DC-F58639BB9437}

2014-01-17 08:02:09 -------- d-----w- C:\Users\marco\AppData\Local\{0A97F898-94D4-4545-8A9C-20B3D40CA4B8}

2014-01-16 08:07:46 -------- d-----w- C:\Users\marco\AppData\Local\{24BB34E0-9E0F-40FE-9B0C-27AE33F1CCB1}

2014-01-15 17:10:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-01-15 17:10:10 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-01-15 17:10:10 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-01-15 17:10:10 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-01-15 17:10:10 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-01-15 17:10:10 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-01-15 17:10:10 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2014-01-15 17:10:10 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2014-01-15 17:10:09 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-01-15 08:13:43 -------- d-----w- C:\Users\marco\AppData\Local\{91FB6627-66D7-477D-8971-287249ADF53D}


==================== Find3M  ====================


2014-02-05 19:11:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 19:11:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-31 13:56:56 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-12-31 13:56:56 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-12-30 19:45:34 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-11-30 14:34:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-25 00:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll


============= FINISH: 23:50:14,86 ===============

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please run a Quick Scan with Malwarebytes and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

Please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.