Hi, I have been infected by the virus sirefef. Music starts randomly and stops, really creepy and annoying.
I have tried to follow as much as possible the forum guidelines.
If I have forgotten something or done something wrong, sorry in advance and let me know.
You expert guys who help us removing our viruses are truly good guys, thanks in advance for the help you give for free.
MALWAREBYTES LOG
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.06.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-MSI [administrator]
11/09/2012 13:28:16
mbam-log-2012-09-11 (17-22-12).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442001
Time elapsed: 1 hour(s), 6 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Program Files (x86)\Fortix 2\TDU500.exe (Packer.ModifiedUPX) -> No action taken.
C:\Users\Don\AppData\Local\{5602a9de-1529-407a-030d-e41718b23532}\n (Trojan.Sirefef) -> No action taken.
C:\Windows\Installer\{5602a9de-1529-407a-030d-e41718b23532}\U\80000000.@ (Rootkit.0Access.64) -> No action taken.
D:\Install\fortix2\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.
(end)
GMER LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 19:05:20
Windows 6.1.7601 Service Pack 1
Running: 923qgugv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d23aa3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d23aa3 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Don\Desktop\Victorian Mysteries \x2013 Woman in White\Victorian Mysteries - Woman in White.exe 1
---- EOF - GMER 1.0.15 ----
DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Don at 19:10:18 on 2012-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3886.2026 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uDefault_Page_URL = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Netvue] C:\Program Files (x86)\Netvue\Netvue.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NETVUE~1.LNK - C:\Program Files (x86)\Netvue\Netvue.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: msi.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\2454C4C4532373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\3584F47455E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: network.proxy.ftp - 194.254.103.248
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 194.254.103.248
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 194.254.103.248
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Users\Don\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Don\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 pfmfs_359;pfmfs_359;C:\windows\system32\Drivers\pfmfs_359.sys --> C:\windows\system32\Drivers\pfmfs_359.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-3-16 637192]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-27 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-3-16 160768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-16 2320920]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-3-16 4154120]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-3-16 1029896]
R3 busenum;SteelBusSvc;C:\windows\system32\DRIVERS\SteelBus64.sys --> C:\windows\system32\DRIVERS\SteelBus64.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-16 1028096]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\windows\system32\DRIVERS\igdpmd64.sys --> C:\windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 BTMCOM;Bluetooth Serial Port;C:\windows\system32\Drivers\btmcom.sys --> C:\windows\system32\Drivers\btmcom.sys [?]
S3 BTMHID;BTMHID;C:\windows\system32\DRIVERS\btmhid.sys --> C:\windows\system32\DRIVERS\btmhid.sys [?]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\windows\system32\Drivers\btmusb.sys --> C:\windows\system32\Drivers\btmusb.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-8-30 15872]
S3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]
S3 enecirhid;ENE CIR HID Receiver;C:\windows\system32\DRIVERS\enecirhid.sys --> C:\windows\system32\DRIVERS\enecirhid.sys [?]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\system32\DRIVERS\enecirhidma.sys --> C:\windows\system32\DRIVERS\enecirhidma.sys [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2011-5-1 420864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-7-1 24176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-16 225280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-11 10:27:32 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-20 13:01:41 -------- d-----w- C:\Users\Don\AppData\Local\SteelSeries_ApS
2012-08-20 12:58:40 -------- d-----w- C:\Users\Don\AppData\Roaming\SteelSeries
2012-08-20 12:58:28 -------- d-----w- C:\ProgramData\SteelSeries
2012-08-20 12:57:48 -------- d-----w- C:\Program Files\SteelSeries Engine
2012-08-14 16:37:57 1002728 ----a-w- C:\windows\System32\WinUSBCoInstaller2.dll
2012-08-14 16:37:56 1721576 ----a-w- C:\windows\System32\WdfCoInstaller01009.dll
2012-08-14 15:49:07 -------- d-----w- C:\Users\Don\android-sdks
2012-08-14 15:48:00 -------- d-----w- C:\Users\Don\.android
2012-08-14 15:32:20 -------- d-----w- C:\Eclipse
2012-08-14 15:30:34 -------- d-----w- C:\Program Files (x86)\Eclipse installed
2012-08-14 15:04:22 -------- d-----r- C:\Dropbox
2012-08-14 14:58:04 -------- d-----w- C:\Users\Don\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-08-28 18:24:56 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-23 18:11:58 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 18:11:58 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 08:03:52 9728 ---h--w- C:\Users\Don\AppData\Roaming\desktop.ini
2012-07-03 11:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 19:10:38.73 ===============
ATTACH LOG
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/10/2010 01:43:58
System Uptime: 11/09/2012 18:16:30 (1 hours ago)
.
Motherboard: Micro-Star International | | GE-700
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 173 GiB total, 31.871 GiB free.
D: is FIXED (NTFS) - 113 GiB total, 7.436 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP256: 11/09/2012 17:24:54 - mardi 11 sept
RP257: 11/09/2012 17:36:32 - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.5.2
AnyBizSoft PDF to Text (Build 1.0.1)
AnyBizSoft PDF to Word (Build 3.0.0)
Apple Application Support
Apple Software Update
µTorrent
BurnRecovery
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAEMON Tools Lite
dBpoweramp Music Converter
Diablo II
Diablo III
Dropbox
Echoes of the Past The Castle of Shadows Collectors Edition 1.00
FastStone Image Viewer 4.2
FileZilla Client 3.5.3
Google Chrome
Google Talk Plugin
Hero Editor V0.96
Impulse
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 35
jZip
King's Bounty - Armored Princess
King's Bounty - Crossworlds
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Choice Guard
Microsoft Office Suite Activation Assistant
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
msi Software Install
MSVCRT
Mystery Case Files - Dire Grove Collector's Edition
Netvue
Notepad++
OpenOffice.org 3.2
PDF Settings CS5
ProtectDisc Driver, Version 11
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.8
System Control Manager
Timeless - The Forgotten Town Collector's Edition
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
VirtualCloneDrive
VLC media player 1.1.8
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/09/2012 19:09:45, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/09/2012 19:09:45, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
11/09/2012 18:16:46, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/09/2012 18:16:46, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/09/2012 18:16:45, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/09/2012 18:08:55, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2012 18:08:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {3428CA47-50B8-48C2-8839-48D3C4C59B23}
11/09/2012 18:07:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
11/09/2012 17:46:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/09/2012 17:46:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/09/2012 17:46:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/09/2012 17:46:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/09/2012 17:45:59, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
11/09/2012 17:45:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/09/2012 17:45:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/09/2012 17:45:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
11/09/2012 17:45:40, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2012 17:36:19, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/09/2012 12:08:10, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
THANKS!
I have tried to follow as much as possible the forum guidelines.
If I have forgotten something or done something wrong, sorry in advance and let me know.
You expert guys who help us removing our viruses are truly good guys, thanks in advance for the help you give for free.
MALWAREBYTES LOG
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.06.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-MSI [administrator]
11/09/2012 13:28:16
mbam-log-2012-09-11 (17-22-12).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442001
Time elapsed: 1 hour(s), 6 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Program Files (x86)\Fortix 2\TDU500.exe (Packer.ModifiedUPX) -> No action taken.
C:\Users\Don\AppData\Local\{5602a9de-1529-407a-030d-e41718b23532}\n (Trojan.Sirefef) -> No action taken.
C:\Windows\Installer\{5602a9de-1529-407a-030d-e41718b23532}\U\80000000.@ (Rootkit.0Access.64) -> No action taken.
D:\Install\fortix2\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.
(end)
GMER LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 19:05:20
Windows 6.1.7601 Service Pack 1
Running: 923qgugv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d23aa3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d23aa3 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Don\Desktop\Victorian Mysteries \x2013 Woman in White\Victorian Mysteries - Woman in White.exe 1
---- EOF - GMER 1.0.15 ----
DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Don at 19:10:18 on 2012-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3886.2026 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uDefault_Page_URL = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Netvue] C:\Program Files (x86)\Netvue\Netvue.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Don\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NETVUE~1.LNK - C:\Program Files (x86)\Netvue\Netvue.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: msi.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\2454C4C4532373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\3584F47455E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54716EBA-429D-433D-A7BB-F005439613D5}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: network.proxy.ftp - 194.254.103.248
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 194.254.103.248
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 194.254.103.248
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Users\Don\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Don\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\oo7zp5fc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 pfmfs_359;pfmfs_359;C:\windows\system32\Drivers\pfmfs_359.sys --> C:\windows\system32\Drivers\pfmfs_359.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-3-16 637192]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-27 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-3-16 160768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-16 2320920]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-3-16 4154120]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-3-16 1029896]
R3 busenum;SteelBusSvc;C:\windows\system32\DRIVERS\SteelBus64.sys --> C:\windows\system32\DRIVERS\SteelBus64.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-16 1028096]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\windows\system32\DRIVERS\igdpmd64.sys --> C:\windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 BTMCOM;Bluetooth Serial Port;C:\windows\system32\Drivers\btmcom.sys --> C:\windows\system32\Drivers\btmcom.sys [?]
S3 BTMHID;BTMHID;C:\windows\system32\DRIVERS\btmhid.sys --> C:\windows\system32\DRIVERS\btmhid.sys [?]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\windows\system32\Drivers\btmusb.sys --> C:\windows\system32\Drivers\btmusb.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-8-30 15872]
S3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]
S3 enecirhid;ENE CIR HID Receiver;C:\windows\system32\DRIVERS\enecirhid.sys --> C:\windows\system32\DRIVERS\enecirhid.sys [?]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\system32\DRIVERS\enecirhidma.sys --> C:\windows\system32\DRIVERS\enecirhidma.sys [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2011-5-1 420864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-7-1 24176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-16 225280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-11 10:27:32 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-20 13:01:41 -------- d-----w- C:\Users\Don\AppData\Local\SteelSeries_ApS
2012-08-20 12:58:40 -------- d-----w- C:\Users\Don\AppData\Roaming\SteelSeries
2012-08-20 12:58:28 -------- d-----w- C:\ProgramData\SteelSeries
2012-08-20 12:57:48 -------- d-----w- C:\Program Files\SteelSeries Engine
2012-08-14 16:37:57 1002728 ----a-w- C:\windows\System32\WinUSBCoInstaller2.dll
2012-08-14 16:37:56 1721576 ----a-w- C:\windows\System32\WdfCoInstaller01009.dll
2012-08-14 15:49:07 -------- d-----w- C:\Users\Don\android-sdks
2012-08-14 15:48:00 -------- d-----w- C:\Users\Don\.android
2012-08-14 15:32:20 -------- d-----w- C:\Eclipse
2012-08-14 15:30:34 -------- d-----w- C:\Program Files (x86)\Eclipse installed
2012-08-14 15:04:22 -------- d-----r- C:\Dropbox
2012-08-14 14:58:04 -------- d-----w- C:\Users\Don\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-08-28 18:24:56 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-23 18:11:58 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 18:11:58 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 08:03:52 9728 ---h--w- C:\Users\Don\AppData\Roaming\desktop.ini
2012-07-03 11:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 19:10:38.73 ===============
ATTACH LOG
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/10/2010 01:43:58
System Uptime: 11/09/2012 18:16:30 (1 hours ago)
.
Motherboard: Micro-Star International | | GE-700
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 173 GiB total, 31.871 GiB free.
D: is FIXED (NTFS) - 113 GiB total, 7.436 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP256: 11/09/2012 17:24:54 - mardi 11 sept
RP257: 11/09/2012 17:36:32 - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.5.2
AnyBizSoft PDF to Text (Build 1.0.1)
AnyBizSoft PDF to Word (Build 3.0.0)
Apple Application Support
Apple Software Update
µTorrent
BurnRecovery
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAEMON Tools Lite
dBpoweramp Music Converter
Diablo II
Diablo III
Dropbox
Echoes of the Past The Castle of Shadows Collectors Edition 1.00
FastStone Image Viewer 4.2
FileZilla Client 3.5.3
Google Chrome
Google Talk Plugin
Hero Editor V0.96
Impulse
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 35
jZip
King's Bounty - Armored Princess
King's Bounty - Crossworlds
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Choice Guard
Microsoft Office Suite Activation Assistant
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
msi Software Install
MSVCRT
Mystery Case Files - Dire Grove Collector's Edition
Netvue
Notepad++
OpenOffice.org 3.2
PDF Settings CS5
ProtectDisc Driver, Version 11
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.8
System Control Manager
Timeless - The Forgotten Town Collector's Edition
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
VirtualCloneDrive
VLC media player 1.1.8
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/09/2012 19:09:45, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/09/2012 19:09:45, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
11/09/2012 18:16:46, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/09/2012 18:16:46, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/09/2012 18:16:45, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/09/2012 18:08:55, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2012 18:08:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {3428CA47-50B8-48C2-8839-48D3C4C59B23}
11/09/2012 18:07:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
11/09/2012 17:46:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/09/2012 17:46:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/09/2012 17:46:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/09/2012 17:46:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/09/2012 17:45:59, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
11/09/2012 17:45:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/09/2012 17:45:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/09/2012 17:45:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
11/09/2012 17:45:40, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2012 17:36:19, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/09/2012 12:08:10, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
THANKS!