DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by wartorn at 13:05:48 on 2012-01-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3328.2466 [GMT -5:00]
.
AV: Immunet 3.0 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Immunet\3.0.5\agent.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Immunet\3.0.5\iptray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Immunet Protect] "c:\program files\immunet\3.0.5\iptray.exe"
dRun: [winupd] c:\windows\TEMP:winupd.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{65EB6294-79D0-4A7E-945D-DCBF3E2F4212} : NameServer = 24.247.15.53,66.189.0.100,24.178.162.3
TCP: Interfaces\{65EB6294-79D0-4A7E-945D-DCBF3E2F4212} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{80241D6A-7AB9-470A-AEE9-4472A346D03C} : DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
TCP: Interfaces\{F0EB41F8-E0DA-43C8-9A7D-BFD31E8BE52B} : DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{72b90932-6338-4345-9fc4-4f94984ed241}\components\FFExternalAlert.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{72b90932-6338-4345-9fc4-4f94984ed241}\components\RadioWMPCore.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko9.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\users\wartorn\appdata\roaming\mozilla\firefox\profiles\pkuu9k8c.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-12-14 50976]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-12-14 34080]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-11 20968]
R2 ImmunetProtect;Immunet 3.0;c:\program files\immunet\3.0.5\agent.exe [2011-12-14 776008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-29 1153368]
S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400]
.
=============== Created Last 30 ================
.
2012-01-05 16:08:20 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-01-05 14:26:37 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-01-05 14:26:37 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-01-05 14:25:53 -------- d-----w- c:\users\wartorn\appdata\roaming\TuneUp Software
2012-01-05 14:25:41 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-01-05 14:24:19 -------- d-----w- c:\programdata\TuneUp Software
2012-01-05 14:23:41 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-31 09:28:58 -------- d-----w- c:\users\wartorn\appdata\local\TransMac
2011-12-31 09:28:57 -------- d-----w- c:\program files\TransMac
2011-12-31 02:21:14 -------- d-----w- c:\program files\LinuxLive USB Creator
2011-12-30 02:29:14 -------- d-----w- c:\users\wartorn\appdata\roaming\SUPERAntiSpyware.com
2011-12-30 02:29:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-30 01:49:18 300544 ----a-w- c:\users\wartorn\appdata\local\kgs.exe
2011-12-29 17:28:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-29 17:28:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 09:43:06 -------- d-----w- c:\programdata\PC Tools
2011-12-29 09:38:30 -------- d-----w- c:\users\wartorn\appdata\roaming\GetRightToGo
2011-12-27 09:24:52 -------- d-----w- C:\Perfect World Entertainment
2011-12-27 08:14:03 -------- d-----w- c:\program files\Pando Networks
2011-12-25 11:59:45 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{82e9111f-22c7-44b5-87a2-9a4d41ddf025}\mpengine.dll
2011-12-22 19:49:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 00:12:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-21 00:12:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-21 00:12:15 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-21 00:12:15 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-21 00:12:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-21 00:12:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-21 00:12:15 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-12-21 00:12:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-12-20 07:24:06 -------- d-----w- c:\users\wartorn\appdata\local\Chromium
2011-12-20 07:22:26 -------- d-----w- c:\users\wartorn\appdata\roaming\GiftBoxPlus
2011-12-20 07:22:18 -------- d-----w- c:\program files\GiftBoxPlus
2011-12-20 00:41:45 -------- d-----w- c:\users\wartorn\.swt
2011-12-20 00:41:40 -------- d-----w- c:\users\wartorn\appdata\roaming\Azureus
2011-12-20 00:39:28 -------- d-----w- c:\users\wartorn\appdata\local\Conduit
2011-12-19 23:17:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-19 23:11:55 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-19 22:39:03 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 22:39:01 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-12-19 22:33:06 417792 ----a-w- c:\windows\system32\msdri.dll
2011-12-19 22:32:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-12-19 22:32:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-12-19 22:31:27 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-12-19 22:31:23 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-12-19 22:31:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-19 22:31:00 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-19 22:30:55 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-12-19 22:30:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-19 22:30:13 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-19 22:30:13 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-19 22:30:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-19 22:30:04 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-19 22:30:04 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-19 22:29:59 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-19 22:29:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-19 22:29:52 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-19 22:29:52 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-19 22:29:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-19 22:29:52 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-19 22:29:34 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-12-19 22:29:30 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-19 22:29:19 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 22:29:10 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-12-19 22:28:54 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-12-19 22:28:45 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-12-19 22:28:44 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-12-19 22:28:44 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-12-19 22:28:44 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-12-19 22:28:43 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-12-19 22:28:43 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-12-19 22:28:43 337408 ----a-w- c:\windows\system32\mssph.dll
2011-12-19 22:28:43 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-12-19 22:28:43 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-12-19 22:28:03 224256 ----a-w- c:\windows\system32\schannel.dll
2011-12-19 22:26:49 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-12-19 22:26:48 850432 ----a-w- c:\windows\system32\sbe.dll
2011-12-19 22:26:47 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-12-19 22:25:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-12-19 22:25:32 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-19 22:25:26 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-19 22:25:09 204288 ----a-w- c:\windows\system32\upnp.dll
2011-12-19 22:25:08 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-12-19 22:25:07 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-12-19 22:25:06 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-12-19 22:25:06 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-12-19 22:25:06 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-12-19 22:25:05 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-12-19 22:25:05 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-12-19 22:25:05 14336 ----a-w- c:\windows\system32\slwga.dll
2011-12-19 22:24:55 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-12-19 22:24:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-12-19 22:24:50 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-19 22:24:46 2614784 ----a-w- c:\windows\explorer.exe
2011-12-19 22:24:43 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-19 22:24:37 314368 ----a-w- c:\windows\system32\webio.dll
2011-12-19 22:21:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-19 22:21:48 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-12-19 22:21:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-12-19 22:21:47 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-12-19 22:21:47 3181568 ----a-w- c:\windows\system32\mf.dll
2011-12-19 22:21:45 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-19 22:21:45 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-19 22:21:45 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-12-19 22:21:45 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-12-19 22:21:44 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-19 22:19:52 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-19 22:19:52 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-19 22:18:52 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-19 22:18:48 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-19 22:16:51 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-19 22:16:50 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-19 22:16:41 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-19 22:16:33 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-19 22:16:33 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-12-19 22:16:33 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-19 22:16:32 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-12-19 22:16:32 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-19 22:16:31 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-19 22:16:08 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-12-19 22:16:07 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-12-19 22:15:42 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-12-19 22:15:42 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-12-19 22:15:26 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-19 22:14:06 101760 ----a-w- c:\windows\system32\consent.exe
2011-12-19 22:10:33 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-12-19 22:10:14 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-19 22:06:41 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-19 22:06:36 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-12-19 22:05:50 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-19 22:05:49 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-12-19 22:05:49 107520 ----a-w- c:\windows\system32\cdd.dll
2011-12-19 22:04:00 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-14 23:24:34 -------- d-----w- c:\windows\.jagex_cache_32
2011-12-14 22:18:44 -------- d-----w- c:\users\wartorn\appdata\local\Immunet
2011-12-14 22:18:44 -------- d-----w- c:\programdata\Immunet
2011-12-14 22:18:27 34080 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-12-14 22:18:24 50976 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-12-14 22:18:20 304712 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-12-14 22:18:17 -------- d-----w- c:\program files\Immunet
.
==================== Find3M ====================
.
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD16 rev.02.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x90E67EA0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x82E55458] -> \Device\Harddisk0\DR0[0x86A795F8]
3 CLASSPNP[0x8BF9659E] -> ntkrnlpa!IofCallDriver[0x82E55458] -> [0x86D45BF8]
\Driver\00000440[0x86D45D30] -> IRP_MJ_CREATE -> 0x90E67EA0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000064 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JS-00MHB0#4&137cd3ca&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 312579693 (+7): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:07:22.73 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2010 9:43:55 PM
System Uptime: 1/5/2012 12:57:30 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M57SLI-S4
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 108.849 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0
Apple Software Update
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
CPUID CPU-Z 1.54
GiftBox+
ImgBurn
Immunet 3.0
Java Auto Updater
Java(TM) 6 Update 21
League of Legends
LinuxLive USB Creator
Microsoft .NET Framework 4 Client Profile
Mozilla Firefox 8.0.1 (x86 en-US)
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SpeechRedist
Spybot - Search & Destroy
System Requirements Lab
TransMac version 10.2
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VS10RuntimeWin32
War of the Immortals
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 3:50:44 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 6:01:36 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/30/2011 2:10:45 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/29/2011 9:19:29 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/29/2011 9:19:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/29/2011 9:19:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/29/2011 9:19:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2011 9:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/29/2011 9:18:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ImmunetProtectDriver ImmunetSelfProtectDriver spldr TfFsMon TfSysMon Wanarpv6
12/29/2011 9:18:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/29/2011 4:48:55 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/29/2011 11:54:47 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/29/2011 11:54:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/29/2011 10:23:14 PM, Error: Service Control Manager [7034] - The Sendori service terminated unexpectedly. It has done this 1 time(s).
1/5/2012 12:59:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL TfFsMon TfSysMon
1/5/2012 12:59:08 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
1/5/2012 12:58:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/5/2012 12:58:55 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
1/5/2012 12:58:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/5/2012 12:58:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/5/2012 12:16:57 PM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
1/5/2012 1:03:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/5/2012 1:03:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/4/2012 2:48:35 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/4/2012 2:46:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
.
==== End Of File ===========================
I hope that's all you need. Thanks!
I edited the post with a new log, I had a p2p file. Sorry about that. Also cleaned up older programs - bought the pc used, so I am not really sure which programs I need, and which ones I don't.