1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I would like to have a safer pc... :(

Discussion in 'General Security' started by Archard, Jan 1, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Archard

    Archard Thread Starter

    Joined:
    Dec 31, 2010
    Messages:
    7
    Hey guys, I havn't been updating my Antivirus, installing Windows updates etc.. but I've finally come around and i want my computer to be secure. I have bank passwords... etc on my computer and i don't want them to be stolen.


    Before i start, here are the scanners/protection on my pc.
    AVG Free-I need to buy a new one i know..
    SuperAntiSpyware Free
    Gmer-it's saved as 9f0tchd8 or something, is it meant to do that?
    SpywareBlaster
    Hijack This
    Malwarebytes
    Hitman Pro-trials gone.


    Is there anything else i need to download??

    What i want to know is... Does my computer have any viruses?
    Ill post the 3 logs below.
     
  2. Archard

    Archard Thread Starter

    Joined:
    Dec 31, 2010
    Messages:
    7
    HijackThis​


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:44:29 PM, on 1/1/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Damin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 6623 bytes

    _________________________


    DDS

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Damin at 21:47:46.96 on Sat 01/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.1937 [GMT 11:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Damin\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Google Update] "c:\users\damin\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\damin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\damin\appdata\roaming\mozilla\firefox\profiles\9udy429t.default\
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
    FF - plugin: c:\users\damin\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-7 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-7 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-7 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
    R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2010-10-13 1040512]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-29 1343400]

    =============== Created Last 30 ================

    2011-01-01 10:41:26 388096 ----a-r- c:\users\damin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-01 10:41:26 -------- d-----w- c:\program files\Trend Micro
    2010-12-29 07:07:30 -------- d-----w- c:\windows\system32\Wat
    2010-12-29 07:01:11 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2010-12-29 07:00:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-12-29 07:00:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-12-29 07:00:18 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-12-29 07:00:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-12-29 07:00:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-12-29 06:52:47 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2010-12-29 06:52:43 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-12-29 06:43:59 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-12-29 06:39:21 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-29 06:09:05 -------- d-----w- c:\users\damin\appdata\roaming\SUPERAntiSpyware.com
    2010-12-29 06:09:05 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2010-12-29 06:08:43 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-12-27 05:24:59 -------- d-----w- C:\.runestrike3_file_store_32
    2010-12-25 04:01:07 -------- d-----w- c:\users\damin\appdata\roaming\Windows Live Writer
    2010-12-25 04:01:07 -------- d-----w- c:\users\damin\appdata\local\Windows Live Writer
    2010-12-25 03:04:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-25 03:04:01 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-12-19 22:32:00 -------- d-----w- c:\progra~2\NVIDIA Corporation
    2010-12-19 22:31:47 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
    2010-12-19 22:31:09 -------- d-----w- C:\NVIDIA
    2010-12-13 00:42:25 -------- d-----w- c:\users\damin\appdata\roaming\.minecraft

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:35:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 06:27:46 34064 ----a-w- c:\windows\system32\lhacm.acm
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    ============= FINISH: 21:48:10.83 ===============


    Attach​



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2010 1:30:00 PM
    System Uptime: 1/1/2011 9:38:03 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
    Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2833/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 403.624 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP104: 12/11/2010 8:11:09 PM - Scheduled Checkpoint
    RP105: 12/14/2010 6:10:03 PM - Installed Java(TM) 6 Update 22
    RP106: 12/25/2010 1:14:35 PM - Restore Operation
    RP107: 12/25/2010 1:57:10 PM - Installed Java(TM) 6 Update 23
    RP108: 12/25/2010 1:58:46 PM - Installed Java(TM) 6 Update 23
    RP109: 12/25/2010 2:01:27 PM - Installed Java(TM) 6 Update 23
    RP110: 12/25/2010 2:02:33 PM - Removed Java(TM) 6 Update 18
    RP111: 12/25/2010 2:03:29 PM - Removed Skype Toolbars
    RP112: 12/25/2010 2:03:40 PM - Installed Java(TM) 6 Update 23
    RP113: 12/29/2010 5:50:44 PM - Windows Update
    RP114: 12/29/2010 6:13:24 PM - Windows Update
    RP115: 1/1/2011 9:41:05 PM - Installed HiJackThis

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Cybershop CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AVG Free 9.0
    Bonjour
    Cache 525
    Cucusoft DVD to iPhone + iPhone Video Converter Suite 8.2.8.2
    D3DX10
    DivX Setup
    GhostMouse 2.0
    Google Chrome
    Google SketchUp 7
    HiJackThis
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Development Kit 6 Update 14
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIRC
    Mozilla Firefox (3.6.13)
    Mozilla Firefox 4.0b6 (x86 en-US)
    MSVCRT
    Next Video Converter 3.51
    NVIDIA Display Control Panel
    NVIDIA Drivers
    Opera 10.51
    PokerStars
    PVSonyDll
    QuickTime
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Skype Toolbars
    Skype™ 4.2
    SmartSound Quicktracks for Premiere Elements 9.0
    Soldat 1.5.0
    SUPERAntiSpyware
    SwiftKit
    TeamSpeak 2 RC2
    Update for 2007 Microsoft Office System (KB967642)
    VC80CRTRedist - 8.0.50727.4053
    Warcraft III
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources

    ==== Event Viewer Messages From Past Week ========

    12/29/2010 5:56:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
    12/29/2010 5:53:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924).
    1/1/2011 8:13:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

    ==== End Of File ===========================

    _____________________________________________

    Gmer log​


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-01 22:17:03
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 SAMSUNG_HD502IJ rev.1AA01118
    Running: 9f06t57n.exe; Driver: C:\Users\Damin\AppData\Local\Temp\aglcapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A82599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\Damin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA790C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA799D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA7B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 27, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
    .text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B62494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B45624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B6250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B58573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B54D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B58819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B5907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B5E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B54C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. Archard

    Archard Thread Starter

    Joined:
    Dec 31, 2010
    Messages:
    7
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    While we can't guarantee that you are malware free, I can see no obvious signs of any malware and unless you give specific reasons to suspect a malware infection, I am going to move this to general security so others can advise on suitable precautions
     
  5. Ent

    Ent Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,467
    First Name:
    Josiah
    I can't say anything about your logs

    Remember that the majority of malware relies upon the user to help it infect a system, and this makes humans the first hole to block up. Of course a blank ban on using a computer makes it as useless as if it had a hundred infections, but there are ways to reduce your chance of starting anything malicious.

    * Do not download or run anything from the internet unless from a reputable company such as Microsoft. This includes avoiding P2P software, for reasons I'll come back to.
    * Avoid opening email attachments unless you both know and trust the sender and were expecting the file. A number of viruses email themselves to other people while masquerading as the owner of the computer that's been infected.
    * Scan any downloads.
    * Get into the habit of using a standard user account. These have limited privileges regarding the changes to the system a virus would need to effect but still permit the vast majority of uses for a computer (internet browsing, editing documents, playing games, etc)
    * Get into the habit of reading notifications and popups; don't just click Yes or accept.
    * Make sure that other users of the computer do the same.

    While not a substitute for good practice, there are technical measures that should be used in complement to them.

    * Keep Windows Up to date, preferably using Automatic Updates, to patch holes in your OS as they are discovered.
    * Keep programs up to date, particularly but not exclusively Java, Flash and your Internet Browser.
    * Install and maintain an antivirus/security suite-to block malicious programs and scan suspicious ones.
    * Run behind a firewall to prevent hackers from gaining remote control over your computer.

    Regarding P2P: While such software can have its uses there are two serious problems with P2P programs. Firstly while not generally illegal in and of themselves, the use to which they are typically put (which involves breaking copyright) is very much illegal. The second problem which you may consider more significant here is that they have generally weak or non-existent security features. A direct link to a random computer can as easily transport a worm or virus as it can the file you wish to access. Such worms and viruses are being created with alarming and increasing regularity and being spread to other users of P2P software. I would strongly advise removing uTorrent if you are concerned about the security of your machine.

    Regarding Antiviruses: It is typically not necessary to have a paid antivirus solution. Many of the free programs easily rival their paid for competitors. I typically recommend selecting any one from Avast, Avira, or MSE. Personally I've come to dislike AVG because it has a large footprint and I have a comparatively slow machine, but that probably doesn't apply with the same force to you.

    Regarding the other tools you mention:
    SuperAntiSpyware and Malwarebytes are very good tools, you would do well to launch a semi-regular scan with those two.

    Gmer and Hijack This are high level tools used by the malware team here to identify infections and remove them specifically. They aren't protection or scanners that can be used by pressing one button. Not being trained to use them I would advise you to leave them alone (or uninstall them) unless directly asked by a trained helper for a log from such a program.
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,795
    First Name:
    Frank
    Adobe Reader 9.3 is outdated and should be updated to Adobe Reader X(10.0)

    uTorrent
    Apple Software Update
    Ask Toolbar
    aren't needed and can be uninstalled.

    Skype 4.2 is outdated and should be updated to Skype 5.0.0.156

    ---------------------------------------------------------
     
  7. Archard

    Archard Thread Starter

    Joined:
    Dec 31, 2010
    Messages:
    7
    Thanks for the help, but theres still one more thing worrying me.
    When i scanned with hitman pro, it found SecurityScan_Release[1].exe trojan located in the
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files...etc folder.
    Is this something i should be worrying about? All other softwares i have cant find it.
     
  8. aka Brett

    aka Brett Banned

    Joined:
    Nov 25, 2008
    Messages:
    16,918
    Upload the file here

    http://www.virustotal.com/

    See how many positives you get

    You may have to copy the file outside of the temporary internet files folder first or explorer may not negotiate to it with the web interface
     
  9. Archard

    Archard Thread Starter

    Joined:
    Dec 31, 2010
    Messages:
    7
    The thing is, i cant even find the file, hitman pro doesnt direct me to it.
    Its not there when i try find it.
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Ignore it

    it is in IE cache

    that just means a website you visited had it on its site & you picked up it while surfing

    use this to make sure all temp files have gone completely
    Download Temp File Cleaner to your desktop
    Open the file and close any other windows.
    It will close all programs itself when run, make sure to let it run uninterrupted.
    Click the Start button to begin the process. The program should not take long to finish its job
    Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.
     
  11. Irukku

    Irukku

    Joined:
    Dec 27, 2010
    Messages:
    109
    I've been using, for years, a network monitoring/traffic blocking software called Netlimiter.

    It has a very friendly user interface, that shows which processes are connected to the internet, how much data they've been transferring and what IPs are they accessing. In my opinion, the best way to be safe is by monitoring manually your internet traffic, it requires a little bit of patience and learning but it's worth it. :)
     
  12. tech_support518

    tech_support518

    Joined:
    Jan 7, 2011
    Messages:
    1
  13. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    One more thing to keep in mind. The best place to store bank passwords, or any other type of passwords, is in your head, not on the computer...
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice