I would like to have a safer pc... :(

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Archard

Thread Starter
Joined
Dec 31, 2010
Messages
7
Hey guys, I havn't been updating my Antivirus, installing Windows updates etc.. but I've finally come around and i want my computer to be secure. I have bank passwords... etc on my computer and i don't want them to be stolen.


Before i start, here are the scanners/protection on my pc.
AVG Free-I need to buy a new one i know..
SuperAntiSpyware Free
Gmer-it's saved as 9f0tchd8 or something, is it meant to do that?
SpywareBlaster
Hijack This
Malwarebytes
Hitman Pro-trials gone.


Is there anything else i need to download??

What i want to know is... Does my computer have any viruses?
Ill post the 3 logs below.
 

Archard

Thread Starter
Joined
Dec 31, 2010
Messages
7
HijackThis​

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:29 PM, on 1/1/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Damin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6623 bytes

_________________________


DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Damin at 21:47:46.96 on Sat 01/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.1937 [GMT 11:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Damin\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\damin\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\damin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\damin\appdata\roaming\mozilla\firefox\profiles\9udy429t.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\users\damin\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-7 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2010-10-13 1040512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-29 1343400]

=============== Created Last 30 ================

2011-01-01 10:41:26 388096 ----a-r- c:\users\damin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-01 10:41:26 -------- d-----w- c:\program files\Trend Micro
2010-12-29 07:07:30 -------- d-----w- c:\windows\system32\Wat
2010-12-29 07:01:11 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-29 07:00:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-29 07:00:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-29 07:00:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-29 07:00:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-29 07:00:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-29 06:52:47 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-12-29 06:52:43 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-29 06:43:59 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-29 06:39:21 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 06:09:05 -------- d-----w- c:\users\damin\appdata\roaming\SUPERAntiSpyware.com
2010-12-29 06:09:05 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-29 06:08:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-27 05:24:59 -------- d-----w- C:\.runestrike3_file_store_32
2010-12-25 04:01:07 -------- d-----w- c:\users\damin\appdata\roaming\Windows Live Writer
2010-12-25 04:01:07 -------- d-----w- c:\users\damin\appdata\local\Windows Live Writer
2010-12-25 03:04:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 03:04:01 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-19 22:32:00 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-12-19 22:31:47 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-12-19 22:31:09 -------- d-----w- C:\NVIDIA
2010-12-13 00:42:25 -------- d-----w- c:\users\damin\appdata\roaming\.minecraft

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:35:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 06:27:46 34064 ----a-w- c:\windows\system32\lhacm.acm
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 21:48:10.83 ===============


Attach​


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2010 1:30:00 PM
System Uptime: 1/1/2011 9:38:03 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2833/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 403.624 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP104: 12/11/2010 8:11:09 PM - Scheduled Checkpoint
RP105: 12/14/2010 6:10:03 PM - Installed Java(TM) 6 Update 22
RP106: 12/25/2010 1:14:35 PM - Restore Operation
RP107: 12/25/2010 1:57:10 PM - Installed Java(TM) 6 Update 23
RP108: 12/25/2010 1:58:46 PM - Installed Java(TM) 6 Update 23
RP109: 12/25/2010 2:01:27 PM - Installed Java(TM) 6 Update 23
RP110: 12/25/2010 2:02:33 PM - Removed Java(TM) 6 Update 18
RP111: 12/25/2010 2:03:29 PM - Removed Skype Toolbars
RP112: 12/25/2010 2:03:40 PM - Installed Java(TM) 6 Update 23
RP113: 12/29/2010 5:50:44 PM - Windows Update
RP114: 12/29/2010 6:13:24 PM - Windows Update
RP115: 1/1/2011 9:41:05 PM - Installed HiJackThis

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Community Help
Adobe Cybershop CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 9.0
Bonjour
Cache 525
Cucusoft DVD to iPhone + iPhone Video Converter Suite 8.2.8.2
D3DX10
DivX Setup
GhostMouse 2.0
Google Chrome
Google SketchUp 7
HiJackThis
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 14
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b6 (x86 en-US)
MSVCRT
Next Video Converter 3.51
NVIDIA Display Control Panel
NVIDIA Drivers
Opera 10.51
PokerStars
PVSonyDll
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Skype Toolbars
Skype™ 4.2
SmartSound Quicktracks for Premiere Elements 9.0
Soldat 1.5.0
SUPERAntiSpyware
SwiftKit
TeamSpeak 2 RC2
Update for 2007 Microsoft Office System (KB967642)
VC80CRTRedist - 8.0.50727.4053
Warcraft III
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

12/29/2010 5:56:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
12/29/2010 5:53:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924).
1/1/2011 8:13:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

==== End Of File ===========================

_____________________________________________

Gmer log​

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-01 22:17:03
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 SAMSUNG_HD502IJ rev.1AA01118
Running: 9f06t57n.exe; Driver: C:\Users\Damin\AppData\Local\Temp\aglcapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A82599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Damin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4240] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA790C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA799D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA7B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 27, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + 6 76FA4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtCreateFile + B 76FA4A3B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + 6 76FA5096 1 Byte [28]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + 6 76FA5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtMapViewOfSection + B 76FA509B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + 6 76FA5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenFile + B 76FA514B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + 6 76FA51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcess + B 76FA51FB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + 6 76FA5206 4 Bytes CALL 75FA690C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessToken + B 76FA520B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + 6 76FA5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenProcessTokenEx + B 76FA521B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + 6 76FA5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThread + B 76FA527B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + 6 76FA5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadToken + B 76FA528B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + 6 76FA5296 4 Bytes CALL 75FA699D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtOpenThreadTokenEx + B 76FA529B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + 6 76FA53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryAttributesFile + B 76FA53AB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + 6 76FA5456 4 Bytes CALL 75FA6B5B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtQueryFullAttributesFile + B 76FA545B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + 6 76FA5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationFile + B 76FA5AAB 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + 6 76FA5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtSetInformationThread + B 76FA5B0B 1 Byte [E2]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 1 Byte [68]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + 6 76FA5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\Damin\AppData\Local\Google\Chrome\Application\chrome.exe[4820] ntdll.dll!NtUnmapViewOfSection + B 76FA5E2B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B62494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B45624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B6250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B58573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B54D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B58819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B5907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B5E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B54C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
While we can't guarantee that you are malware free, I can see no obvious signs of any malware and unless you give specific reasons to suspect a malware infection, I am going to move this to general security so others can advise on suitable precautions
 

Ent

Josiah
Trusted Advisor
Joined
Apr 11, 2009
Messages
5,467
Hey guys, I havn't been updating my Antivirus, installing Windows updates etc.. but I've finally come around and i want my computer to be secure. I have bank passwords... etc on my computer and i don't want them to be stolen.


Before i start, here are the scanners/protection on my pc.
AVG Free-I need to buy a new one i know..
SuperAntiSpyware Free
Gmer-it's saved as 9f0tchd8 or something, is it meant to do that?
SpywareBlaster
Hijack This
Malwarebytes
Hitman Pro-trials gone.


Is there anything else i need to download??

What i want to know is... Does my computer have any viruses?
Ill post the 3 logs below.
I can't say anything about your logs

Remember that the majority of malware relies upon the user to help it infect a system, and this makes humans the first hole to block up. Of course a blank ban on using a computer makes it as useless as if it had a hundred infections, but there are ways to reduce your chance of starting anything malicious.

* Do not download or run anything from the internet unless from a reputable company such as Microsoft. This includes avoiding P2P software, for reasons I'll come back to.
* Avoid opening email attachments unless you both know and trust the sender and were expecting the file. A number of viruses email themselves to other people while masquerading as the owner of the computer that's been infected.
* Scan any downloads.
* Get into the habit of using a standard user account. These have limited privileges regarding the changes to the system a virus would need to effect but still permit the vast majority of uses for a computer (internet browsing, editing documents, playing games, etc)
* Get into the habit of reading notifications and popups; don't just click Yes or accept.
* Make sure that other users of the computer do the same.

While not a substitute for good practice, there are technical measures that should be used in complement to them.

* Keep Windows Up to date, preferably using Automatic Updates, to patch holes in your OS as they are discovered.
* Keep programs up to date, particularly but not exclusively Java, Flash and your Internet Browser.
* Install and maintain an antivirus/security suite-to block malicious programs and scan suspicious ones.
* Run behind a firewall to prevent hackers from gaining remote control over your computer.

Regarding P2P: While such software can have its uses there are two serious problems with P2P programs. Firstly while not generally illegal in and of themselves, the use to which they are typically put (which involves breaking copyright) is very much illegal. The second problem which you may consider more significant here is that they have generally weak or non-existent security features. A direct link to a random computer can as easily transport a worm or virus as it can the file you wish to access. Such worms and viruses are being created with alarming and increasing regularity and being spread to other users of P2P software. I would strongly advise removing uTorrent if you are concerned about the security of your machine.

Regarding Antiviruses: It is typically not necessary to have a paid antivirus solution. Many of the free programs easily rival their paid for competitors. I typically recommend selecting any one from Avast, Avira, or MSE. Personally I've come to dislike AVG because it has a large footprint and I have a comparatively slow machine, but that probably doesn't apply with the same force to you.

Regarding the other tools you mention:
SuperAntiSpyware and Malwarebytes are very good tools, you would do well to launch a semi-regular scan with those two.

Gmer and Hijack This are high level tools used by the malware team here to identify infections and remove them specifically. They aren't protection or scanners that can be used by pressing one button. Not being trained to use them I would advise you to leave them alone (or uninstall them) unless directly asked by a trained helper for a log from such a program.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,260
Adobe Reader 9.3 is outdated and should be updated to Adobe Reader X(10.0)

uTorrent
Apple Software Update
Ask Toolbar
aren't needed and can be uninstalled.

Skype 4.2 is outdated and should be updated to Skype 5.0.0.156

---------------------------------------------------------
 

Archard

Thread Starter
Joined
Dec 31, 2010
Messages
7
Thanks for the help, but theres still one more thing worrying me.
When i scanned with hitman pro, it found SecurityScan_Release[1].exe trojan located in the
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files...etc folder.
Is this something i should be worrying about? All other softwares i have cant find it.
 

aka Brett

Banned
Joined
Nov 25, 2008
Messages
16,918
Upload the file here

http://www.virustotal.com/

See how many positives you get

You may have to copy the file outside of the temporary internet files folder first or explorer may not negotiate to it with the web interface
 

Archard

Thread Starter
Joined
Dec 31, 2010
Messages
7
The thing is, i cant even find the file, hitman pro doesnt direct me to it.
Its not there when i try find it.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Ignore it

it is in IE cache

that just means a website you visited had it on its site & you picked up it while surfing

use this to make sure all temp files have gone completely
Download Temp File Cleaner to your desktop
Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.
 
Joined
Dec 27, 2010
Messages
109
I've been using, for years, a network monitoring/traffic blocking software called Netlimiter.

It has a very friendly user interface, that shows which processes are connected to the internet, how much data they've been transferring and what IPs are they accessing. In my opinion, the best way to be safe is by monitoring manually your internet traffic, it requires a little bit of patience and learning but it's worth it. :)
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
One more thing to keep in mind. The best place to store bank passwords, or any other type of passwords, is in your head, not on the computer...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top