I think I need mental and Security Help

So I contacted a hacker , i didn’t know he was one he just gave me his email and said we could chat he goes to a forum i know.
its his favorite forum (I think) he spends more often on it.

I chatted with him and he asked me to download a File Program to test it on my windows and silly me downloaded it.
my antivirus (avg) found it was a malware but i don’t really remember the name then the hacker said it was a false result.

I formatted my computer after for some reasons (No i didn’t know he was a hacker just a quins dent).
Now i had some troubles on forums and Ended up getting banned , I created another account on that forums and complained about the unfair ban So the hacker Sent me a message and Said “HAHAHA I HACKED YOU I TOLD YOU HACKER ALWAYS WIN , I HAVE ALL OF YOUR EMAIL ADDRESSEES AND HERE IS THE LINK TO THEM Link” So i downloaded his file (Silly me again) opened the Zip File and Extracted and Found a Bat File , So I Entered that Bat File and for some reason avg never detected any thing but the bat file suddenly closed.
I then transferred all my Personal pics into flash drive for security.

I went back to the Forums , and the Hacker asked me to email him and he said that if I don’t go away from the forums he will keep the Virus on my computer and watch me.
after that I contacted him in yahoo messenger , he told me to download a File he sent me , he claims that file will remove the Virus and Silly me again Downloaded that file
its name was “Trojan Destruct” avg Detected it but Silly me belieaved the hacker who told me its a false positive.

I tried to open it and it said some thing about win32 application.
So he (The hacker) told me to download the latest netframe work and i downloaded it then i tried to run that File and no thing work (Trojan Destruct) So The hacker Sent me another Trojan Destruct and it gave me “Error Memmory XX000” or some thing then the hacker said he will contact me again he also asked me if I Run Team Viewer then said nvm he then asked if I Run Vista and i told him no because i don’t.

Now When i woke up i contacted him he said the Virus never worked since i am running XP , and he said we can chat and be Friends again.
Suddenly AVG Found Trojan Destruct on my Defualt Download Folder “My Documents/Download” and I Removed it but when i click properties it said it came from another computer and Might be blocked (Any file that is downloaded thought is treated as came from another computer).

Suddenly i was suspicious what is that hacker contacting me for and thinking that he might really stole pictures of me and put it on some site.
i kept asking him if he stole any thing i also asked him how Trojan Destruct Re-Appeared on my computer and how he hacked me , he said he used Secure Shell Tunneling So i asked him what is that then he stopped responding and blocked me from contacting him.

I Then Came to the Forum I used to go in with an account i never used since 2008 , and Found a Topic that was made by that hacker that laughs at me at a picture that shows the Log of me and Him chatting on yahoo (not real pictures just Y/M Pictures) , He then Said to other Members on the topic “lol he accused me of posting his pictures on some sites”
Then Using an account of Mine that I never used since 2008 and Pretending about some one else then he said “I Would Hack Him if I Really could”.

I Sent him a message asking about that Person’s Picture (ITS Me pretending to be some one else to know if he stole any of my pictures or not) then he said “lol i never stole any thing from him but if you want their is a program to do this” he then Felt Suspicious about me and Knew it was me.

I Created a Topic on Forums asking a question without Goggling , Elite Members Trolled me for making this topic including him the hacker said "Now I know what is my Next Victim -_-’
Suddenly i found a private message that Includes a Scam that says “Hi you are an active memmber , Download this File it will Speed up your Gaming preference!” , that message was by a Person with 0 Posts And I never downloaded it since I knew it was Him.

(The hacker Sent me a message with another account to sent me Trojan if you don’t understand what i am saying but i never downloaded this file thought).
I then asked him Sending him a message about “did you hack me?” he Said that Those Trojans never worked and He Said we can be Friends again.

For some reasons i trusted him and Contacted him and Since then he was nice and he told me “Stop asking me if i hacked you! I never hacked you -_-'” so he apperntly normal and Such But i was just contacting him once again because i was Suspicious.

I Scanned my computer and Removed some Trojans using AVG
and Malware bites didn’t look at those trojans thought. and I also Disabled Remove access and Secure Shell Tunnel (Server) From my Router.
my Firewall was always off for Higher Speed thought i forgot to turn it on until now But the Firewall on my Router was always on.

I then used hotspot shield and Removed it later (Hot spot shield is a program that changes my IP but post Porn ads)
Now I Found Trojan agent on my Temp File Thought Removed but I am not sure if its Hotspot’s Shield File or its that hacker’s file.

Later , My Family Started entering Facebook on my computer and skype which contains real pictures of me and my family and This is Where i feel unsecured…again :-[
the hacker said if i ever asked him if I hacked him or not he will shutdown my Internet.

I never Found any thing on the Forums.
the only Reason i am contacting him is to Make sure he never got any Pictures or passwords.

I am Running avast , avg Internet Security , malware bytes.
Now this is not like “my Computer didn’t got Owned!!!” its not about the computer i can throw it out of the window once I know no thing was Taken.

Overview:

This is Last Trojans i detected which were yesturday:

"Malwarebytes’ Anti-Malware 1.41
Database version: 3024
Windows 5.1.2600 Service Pack 3

10/24/2009 2:43:57 PM
mbam-log-2009-10-24 (14-43-57).txt

Scan type: Quick Scan
Objects scanned: 127636
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\cd100d77-0916-4168-bc22-fdb799ed7506.tmp (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\Temp\cd13623f-b9c9-4b21-bc02-dd74a7d7dc3d.tmp (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\Temp\cd18f494-cdc9-4d0a-a83a-3274defebb9b.tmp (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\Temp\cd1b5003-e871-4a7f-a1f8-2c9924411e98.tmp (Trojan.Agent) → Delete on reboot.
C:\WINDOWS\Temp\cd1ece47-eeb0-4575-b79e-988bbeef2f6d.tmp (Trojan.Agent) → Quarantined and deleted successfully."

I have alg.exe , Spoonlv.exe open (by the way can some one help me Log the process without typing all of them?).
scanned with avast , avg , malware bites , super antispyware just today and no thing was found.
do you think he stole any thing?

Trojan generic6.PSW
Trojan Destruct

where the Files i downloaded from him.

Trojan agent on Temp Folder

I don’t know where it is from possibly Hotspot shield’s but i am not sure.

Can some one Tell me the Signs of Trojan Generic6 on my computer?

if you don’t want to listen to all of this (You might need to Read if you want to figure this out with me):

I downloaded hotspot shield
I Downloaded a Trojan named Trojan generic.PSW after being Tricked But Removed it and Now Today I am Entering my Face books…etc
I Downloaded a Trojan named Trojan Destruct (Some one Told me it is a Trojan Down loader called KillAV)
Some how a Trojan named Trojan agent Came To my Temp Folder and I am Doubting its from “http://download.cnet.com/Hotspot-Shield/3000-2092_4-10631434.html” a program named hot spot shield that Advrtise porn on your browser but Changes what is the ip address that is being Shown (Annonymouse).
I have Secure shell server on my Router Being off , Firewall Enabled , Remote assistance off.
Also Connecting to a Remote computer is off In Windows its self.
I Rested my Router btw before i entered my face book … mails …etc

I am very sorry for what ever bad happened to you. forget what has happened untill now. stop posting about those softwares you installed and trojans.

for god’s sake please stop contacting him.

start afresh - if you can re install your windows by doing a format of your hdd, then its great.

update every other programming you use including windows.

reset your router settings.

change all the passwords to strong ones of your mail id and stop using it.

get new email ids with strong and different passwords from the ones before.

do not open any emails from an unknown person.

do not add them to your im’s

remove photos from social networking sites. and use different email id for signing into facebook, for eg. you can change the email id in your facebook account.

if you want any software suggestions, you can ask here.

do not believe anyone on forums, including me. use a nick instead of your original name. stay anonymous on the internet.

have good browsing habits. clean all the tracking files created by your browsers.

use layered protection for eg : avast + mbam + threat fire

shield your browser against attacks with addons like no script.

there are many more things to do… but to start off… just consider what I said.

for any help,

avast forum evangelists…

nmb

Thanks so much.
I Will sure need those Files and I am already planning to format
i am Just Worried about those pictures I want to move on T_T
what is ruining me that i don’t know if he did steal them or not

my PC Can go away but personal files can Go away but not in the Cracker’s hands.
I rested my Router Settings long ago but i need to make sure its 100% Clean and No Trojan generic Stealing Passwords From me.

I Trust you lol
every one here was really helpful since i started here :slight_smile:

1-) is their any way i can get a log of processes i am running
2-) what are the Signs of Trojan Kill AV?
3-) What are the Signs of Trojan Generic.6?
4-) Hotspot shield http://download.cnet.com/Hotspot-Shield/3000-2092_4-10631434.html , Can some one Test it on a Virtual machine?
and check the Temp Folder? i have doubts that it spread a Trojan agent No its not from the hacker.

Thanks

Oh and is Event Viewer 100% Trusted?

Scan,

Make a new fresh start, let this incident be “water under the bridge” and let this become the inspiration to be a better malware cleanser than any negative exponent could ever pose to be,

Consider this removal routine:
http://www.geekstogo.com/forum/Trojan-horse-PSW-Generic-t84652.html

Trojan Horse Downloader.Generic 6 is part of a family of viruses that usually attempts to download other types of malware (malicious software) off the Internet. It has been known to come with a variety of file extensions, including AJO, AEPH, QJU and BHS. Because of the ever-changing nature of the Trojan, one set of instructions will not work for everyone, but using a combination of different types of powerful antivirus and anti-spyware programs will.

Follwow the info here and put the logfile as an attached txt file:
http://www.techspot.com/vb/topic19133.html

polonus (malware fighter)

slowly discovering how an AV forum lives…that’s interesting. I got to admit that some of you guys have a patience that I wouldn’t have, and are doing a very great job at helping people, including those really and repetitively looking for trouble. That’s nice :wink:

I will scan rightaway and Post a log.

that is right.
actually this is the only forum i have never seen any Trolls at.

hacker tools are not served on cnet. its just a encryption software.

trojan generic is a file which can be a trojan but not necessarily. it is generic. and kill av is one which kills the anti virus. forget everything and start afresh. as sir pol said.

nmb

slowly discovering how an AV forum lives...that's interesting. I got to admit that some of you guys have a patience that I wouldn't have, and are doing a very great job at helping people, including those really and repetitively looking for trouble. That's nice
+1......same story about 50 times now........ ???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:23 PM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Documents and Settings\Windows XP\My Documents\Downloads\ProcessExplorer\procexp.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


End of file - 8205 bytes

I know Nimb , I Will start Fresh T_T
but i want to make Sure No one Hacked my Computer Yesterday or today when I ran my face book or stole any thing.


An analysis of your HJT log shows the following problems :

We couldn’t detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own firewall.

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
This is considered adware by most security experts. askBar.dll is able to record inputs.
http://www.what-is-exe.com/filenames/askbar-dll.html

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Same as above. Below is another link for information about this adware.
http://www.file.net/process/askbar.dll.html

[b]O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)[/b]
The above 3 entries seem to belong to nlite but I am not sure. Perhaps someone else can confirm this.
Do you have nlite installed on your computer?

[b]C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe[/b]

[b]C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe[/b]
Two entries for the same item.

[b]C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll[/b]

[b]O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[/b]
The above entries could be causing problems since they are parts of AVG anti-virus and you also have avast! anti-virus installed. It is never recommended to have 2 or more resident anti-virus programs installed.

Overview of running tasks :

smss.exe
System task
Session Manager Subsystem

csrss.exe
System task
Microsoft Client/Server Runtime Server Subsystem

winlogon.exe
System task
Microsoft Windows Logon Process

services.exe
System task
Windows Service Controller

lsass.exe
System task
Local Security Authority Service

nvsvc32.exe
Application
NVIDIA Driver Helper Service

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

aswUpdSv.exe
Virusscan
Avast Anti-Virus Component

ashServ.exe
Virusscan
Avast

avgchsvx.exe
Virusscan
AVG Internet Security

avgrsx.exe
Backgroundtask
avgrsx.exe

avgcsrvx.exe
Virusscan
AVG Internet Security

spoolsv.exe
System task
Microsoft Printer Spooler Service

AVGIDSAgent.exe
Virusscan
AVG IDS

svchost.exe
System task
Microsoft Service Host Process

avgwdsvc.exe
Backgroundtask
avgwdsvc.exe

avgfws9.exe
Virusscan
AVG Internet Security

avgemc.exe
Virusscan
AVG Anti-Virus Cleaner

avgam.exe
Backgroundtask
avgam.exe

avgnsx.exe
Backgroundtask
avgnsx.exe

avgcsrvx.exe
Virusscan
AVG Internet Security

ashMaiSv.exe
Virusscan
Avast Anti-Virus Component

ashWebSv.exe
Virusscan
avast! Web Scanner

alg.exe
System task
Application Layer Gateway Service

wscntfy.exe
System task
Microsoft Windows Security Center

Explorer.EXE
System task
Microsoft Windows Explorer

avgcsrvx.exe
Virusscan
AVG Internet Security

svchost.exe
System task
Microsoft Service Host Process

RUNDLL32.EXE
System task
Microsoft Rundll32

HDeck.exe
Backgroundtask
HDeck MFC Application

avgtray.exe
Backgroundtask
avgtray.exe

ashDisp.exe
Virusscan
Avast AntiVirus

SUPERAntiSpyware.exe
Anti Add/Spyware software
SUPERAntiSpyware

avgidsmonitor.exe
Virusscan
AVG Identity Protection Monitor

msmsgs.exe
Application
MSN Messenger

firefox.exe
Application
Mozilla Firefox

mbam.exe
Anti Add/Spyware software
mbam.exe

procexp.exe
Backgroundtask
Sysinternals Process Explorer

regedit.exe
System task
Registry Editor

HijackThis.exe
Application
Merijn Hijackthis


i have AVG Firewall on
it keeps blocking svc host when it Tries to connect to some thing
maybe the hijack is not detecting it (unknown vendor?)

upload svchost to virustotal.com and give us the link.

you have to do something evangelists suggest and post back the results or the option you choose, otherwise there is no meaning in helping.

nmb

http://www.virustotal.com/analisis/2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5-1256642970

No thing is their
maybe i don’t know since i Bought this computer with avg it kept detecting svchost as dangerous
Thoght 2 questions

1-) what is that Window Sound i keep heard? (Window Closing E.G?)
2-) If I deleted a User account that has storage of Cookies…etc Are they stored some where else or Permanently Removed (i hope its permanently Removed)