PUP.Zwangi

Hi.

When I type in the URL address bar a random word or just letters it redirects me thru multiple websites and finally lands there: *SNIP*

As I understand my browser was hijacked and I have no clue how long for now. So I scanned with Microsoft Windows Malicious Software Removal Tool which came up with nothing. Next, I tried Malwarebytes that came up with 5 infections, they were all named PUP.Zwangi. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6364

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.04.2011 21:27:39
mbam-log-2011-04-14 (21-27-39).txt

Scan type: Quick scan
Objects scanned: 152179
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\mozilla firefox\searchplugins\flvtube.xml (PUP.Zwangi) -> Quarantined and deleted successfully.



Unfortunately, the symptom with the URL is still there, so I figure I haven't been able to clean my system thoroughly. And thats why I'm here.
The OTL.Txt had too many character, so im going to post it in the next post.

And here is the Extras.Txt:

OTL Extras logfile created on: 15.04.2011 10:59:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Genno\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000425 | Country: Eesti | Language: ETI | Date Format: d.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,79 Gb Total Space | 14,86 Gb Free Space | 26,64% Space Free | Partition Type: NTFS

Computer Name: GENNO-PC | User Name: Genno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AF27BF0-BF58-4877-BB76-45B0281D4E36}" = Smart Mod Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9553D45E-368B-4608-916F-210DAB0A5F29}" = SmartFTP Client
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7AD551F-D848-4639-80C9-D3507D1C66A5}_is1" = ID-kaardi tarkvara Firefoxile v0.8.8
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0AB538B-C7EE-4A4C-98B5-0D32149DF4D1}" = ID-kaart
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"312D5D9C8B604A559F813981559A8258_is1" = A1 Website Download
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVI ReComp" = AVI ReComp 1.5.1
"Avisynth" = AviSynth 2.5
"Blaze Media Pro" = Blaze Media Pro
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Digsby" = Digsby
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDevil" = Facebook Devil
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"ImgBurn" = ImgBurn
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"The Action Machine_is1" = The Action Machine
"triobet (Poker)" = TrioBet
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.1.4
"VobSub" = VobSub 2.23

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.04.2011 8:56:48 | Computer Name = Genno-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 13.04.2011 13:07:46 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: LS3DF.dll, version: 0.0.0.0, time stamp: 0x3ef851b2
Exception
code: 0xc0000005 Fault offset: 0x0005ac2e Faulting process id: 0x2dc Faulting application
start time: 0x01cbf9f96d0385f5 Faulting application path: C:\Program Files\Mafia\Game.exe
Faulting
module path: C:\Program Files\Mafia\LS3DF.dll Report Id: 8d37f490-65f0-11e0-92ca-001641b04859

Error - 13.04.2011 13:07:53 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: LS3DF.dll, version: 0.0.0.0, time stamp: 0x3ef851b2
Exception
code: 0xc0000005 Fault offset: 0x0005ac4b Faulting process id: 0x2dc Faulting application
start time: 0x01cbf9f96d0385f5 Faulting application path: C:\Program Files\Mafia\Game.exe
Faulting
module path: C:\Program Files\Mafia\LS3DF.dll Report Id: 916d97b7-65f0-11e0-92ca-001641b04859

Error - 13.04.2011 13:25:29 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: LS3DF.dll, version: 0.0.0.0, time stamp: 0x3ef851b2
Exception
code: 0xc0000005 Fault offset: 0x0005ac2e Faulting process id: 0x10b4 Faulting application
start time: 0x01cbf9ff10a663ca Faulting application path: C:\Program Files\Mafia\Game.exe
Faulting
module path: C:\Program Files\Mafia\LS3DF.dll Report Id: 068de0b7-65f3-11e0-92ca-001641b04859

Error - 13.04.2011 13:25:32 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: LS3DF.dll, version: 0.0.0.0, time stamp: 0x3ef851b2
Exception
code: 0xc0000005 Fault offset: 0x0005ac4b Faulting process id: 0x10b4 Faulting application
start time: 0x01cbf9ff10a663ca Faulting application path: C:\Program Files\Mafia\Game.exe
Faulting
module path: C:\Program Files\Mafia\LS3DF.dll Report Id: 08a72ba5-65f3-11e0-92ca-001641b04859

Error - 13.04.2011 14:55:33 | Computer Name = Genno-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14.04.2011 2:55:09 | Computer Name = Genno-PC | Source = VSS | ID = 8194
Description =

Error - 14.04.2011 4:43:33 | Computer Name = Genno-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14.04.2011 11:20:54 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: Game.exe, version: 1.0.0.0, time stamp: 0x72454562
Exception
code: 0xc0000005 Fault offset: 0x001c3b48 Faulting process id: 0xa64 Faulting application
start time: 0x01cbfab2cf3a407e Faulting application path: C:\Program Files\Mafia\Game.exe
Faulting
module path: C:\Program Files\Mafia\Game.exe Report Id: c96db57e-66aa-11e0-86fc-001641b04859

Error - 14.04.2011 11:21:07 | Computer Name = Genno-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Game.exe, version: 1.0.0.0, time stamp:
0x72454562 Faulting module name: nvd3dum.dll, version: 7.15.11.5683, time stamp:
0x473e1bdf Exception code: 0xc0000005 Fault offset: 0x001abd3c Faulting process id:
0xa64 Faulting application start time: 0x01cbfab2cf3a407e Faulting application path:
C:\Program Files\Mafia\Game.exe Faulting module path: C:\Windows\system32\nvd3dum.dll
Report
Id: d13cb983-66aa-11e0-86fc-001641b04859

[ OSession Events ]
Error - 11.02.2011 3:21:24 | Computer Name = Genno-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1087
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22.01.2011 17:35:16 | Computer Name = Genno-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 23.01.2011 2:17:28 | Computer Name = Genno-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.

Error - 23.01.2011 2:17:57 | Computer Name = Genno-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 23.01.2011 3:37:15 | Computer Name = Genno-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.

Error - 23.01.2011 3:37:39 | Computer Name = Genno-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 23.01.2011 5:08:12 | Computer Name = Genno-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.

Error - 23.01.2011 5:08:41 | Computer Name = Genno-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 23.01.2011 6:13:21 | Computer Name = Genno-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.

Error - 23.01.2011 6:13:50 | Computer Name = Genno-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 23.01.2011 10:19:54 | Computer Name = Genno-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.


< End of report >

Thank You for taking the time to investigate my problem.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 11-04-14.03 - Genno 15.04.2011 13:32:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.372.1033.18.2046.1086 [GMT 3:00]
Running from: c:\users\Genno\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Genno\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 10:47 . 2011-04-15 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 07:41 . 2011-04-15 07:41 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71DCDAC8-A4AF-4A15-BAB3-B318D328CD5C}\MpKsle9d70513.sys
2011-04-15 07:37 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71DCDAC8-A4AF-4A15-BAB3-B318D328CD5C}\mpengine.dll
2011-04-15 07:36 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-15 06:42 . 2011-04-15 06:42 -------- d-----w- c:\windows\system32\SPReview
2011-04-14 21:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-14 21:03 . 2010-11-20 12:21 1115136 ----a-w- c:\windows\system32\RacEngn.dll
2011-04-14 21:02 . 2010-11-20 12:24 194800 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-04-14 21:01 . 2010-11-20 12:20 161792 ----a-w- c:\windows\system32\netjoin.dll
2011-04-14 21:00 . 2010-11-20 12:21 96768 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2011-04-14 20:59 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-14 20:59 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-14 20:59 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-14 20:59 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-14 20:59 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-14 20:59 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-14 20:59 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-14 20:58 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-14 20:58 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-14 20:20 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 19:29 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 19:29 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 19:28 . 2011-03-07 05:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 19:28 . 2011-03-07 05:31 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-04-14 19:28 . 2011-03-07 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 19:28 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 19:28 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 19:27 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 19:27 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-14 19:27 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 19:27 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 19:27 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 19:27 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 19:27 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 19:27 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 19:26 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 19:26 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 19:25 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 19:25 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 19:25 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 19:25 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 19:22 . 2011-04-14 19:22 -------- d-----w- c:\programdata\McAfee
2011-04-14 19:22 . 2011-04-14 19:22 -------- d-----w- c:\programdata\McAfee Security Scan
2011-04-14 19:22 . 2011-04-14 19:22 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-14 19:14 . 2011-04-14 19:14 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 19:12 . 2011-04-14 19:12 -------- d-----w- c:\program files\Java
2011-04-14 18:04 . 2011-04-14 18:04 -------- d-----w- c:\users\Genno\AppData\Roaming\Malwarebytes
2011-04-14 18:03 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 18:03 . 2011-04-14 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 18:03 . 2011-04-14 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 18:03 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 05:22 . 2011-04-14 05:22 -------- d-----w- c:\users\Genno\AppData\Local\VS Revo Group
2011-04-14 05:21 . 2009-12-30 08:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-04-14 05:21 . 2011-04-14 05:21 -------- d-----w- c:\program files\VS Revo Group
2011-04-11 12:51 . 2011-04-11 12:51 -------- d-----w- c:\program files\Double Fine Productions
2011-04-10 10:58 . 2011-04-10 10:58 -------- d-----w- c:\program files\Rosetta Stone
2011-04-08 08:37 . 2011-04-08 08:42 -------- d-----w- c:\users\Genno\AppData\Roaming\Smart S.T.A.L.K.E.R. Mod Manager
2011-04-08 08:37 . 2011-04-08 08:37 454656 ----a-r- c:\users\Genno\AppData\Roaming\Microsoft\Installer\{6AF27BF0-BF58-4877-BB76-45B0281D4E36}\SmmShortcut.exe
2011-04-08 08:37 . 2011-04-08 08:37 -------- d-----w- c:\program files\Smart Mod Manager
2011-04-05 15:26 . 2011-04-05 15:26 -------- d-----w- c:\program files\The Action Machine
2011-04-05 10:34 . 2011-01-27 11:28 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0C932CB-443C-4375-ACD0-A01A9A4F209C}\gapaengine.dll
2011-04-03 17:53 . 2011-04-03 17:53 -------- d-----w- c:\users\Genno\AppData\Roaming\dvdcss
2011-03-28 17:50 . 2011-03-29 16:02 -------- d-----w- c:\users\Genno\AppData\Roaming\gtk-2.0
2011-03-28 17:50 . 2011-03-28 17:50 -------- d-----w- c:\users\Genno\.thumbnails
2011-03-28 17:46 . 2011-03-29 16:02 -------- d-----w- c:\users\Genno\.gimp-2.6
2011-03-28 14:30 . 2011-03-28 14:30 -------- d-----w- c:\users\Genno\AppData\Local\World in Conflict
2011-03-25 16:06 . 2011-01-27 11:28 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-24 15:47 . 2011-03-24 15:47 -------- d-----w- c:\programdata\Ironclad Games
2011-03-21 21:03 . 2011-03-21 21:03 -------- d-----w- c:\programdata\framezoo.com
2011-03-21 21:03 . 2011-03-21 21:03 -------- d-----w- c:\program files\FBDevil
2011-03-21 15:07 . 2011-03-21 15:07 -------- d-----w- c:\users\Genno\AppData\Roaming\Microsys
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-----w- c:\program files\Microsys
2011-03-21 15:05 . 2011-03-21 15:05 -------- d-----w- c:\program files\GIMP-2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 06:58 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-14 19:12 . 2011-02-13 12:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-29 10:26 . 2010-11-10 12:38 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-29 10:25 . 2010-11-10 12:45 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-29 10:25 . 2010-11-10 12:38 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-27 09:42 . 2010-11-10 12:38 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-15 04:05 . 2010-09-09 16:15 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-13 07:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:30 . 2011-03-09 18:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 18:54 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 18:54 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-08 11:01 . 2010-11-10 12:38 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-08 09:23 . 2010-11-10 12:38 22328 ----a-w- c:\users\Genno\AppData\Roaming\PnkBstrK.sys
2011-02-03 05:54 . 2011-02-09 04:30 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-25 17:16 . 2011-01-25 17:16 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-25 17:16 . 2011-01-25 17:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-22 21:17 . 2011-01-22 21:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C571FD-3CE1-4699-9AE3-22C129EE35AD}]
2010-08-25 14:13 153056 ----a-w- c:\windows\System32\idcertremoval.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"nwiz"="nwiz.exe" [2009-03-04 1657376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 09:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-09 23:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-03 20:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
R1 MpKsl7b237f8b;MpKsl7b237f8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F10F6FA-C30E-40BD-B530-4AB162162B9D}\MpKsl7b237f8b.sys [x]
R1 MpKsld844b466;MpKsld844b466;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43874590-1618-4FE8-934F-30CFC96E8ACC}\MpKsld844b466.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 420920]
S1 MpKsle9d70513;MpKsle9d70513;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71DCDAC8-A4AF-4A15-BAB3-B318D328CD5C}\MpKsle9d70513.sys [2011-04-15 28752]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE9D70513
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Genno\AppData\Roaming\Mozilla\Firefox\Profiles\ei8is1pi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ee/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-362289519-3130866339-1422077900-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-15 13:51:49
ComboFix-quarantined-files.txt 2011-04-15 10:51
.
Pre-Run: 15 409 922 048 bytes free
Post-Run: 15 368 396 800 bytes free
.
- - End Of File - - 971E05BCDA1556729D70CA180F6057A1

Please download SINO by Artellos.

• Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  
• Then please check the following checkboxes:
  

  Code:

  System Info
Services
Boot Check
Tasklist
Startup Items
Event Log
Hosts file
  
  
• Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  
  
• A notepad window will pop up. Please copy all of the content into your next reply.

Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

System Investigator by Olrik
Log Created On: 1453_15-04-2011
SINO Version: 3.1.0.0

Total RAM: 2046 MB | Free RAM: 1415 MB | Pagefile Size: 2046 MB
C: | 14720 MB out of 57128 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
F: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: GENNO-PC
Username: Genno
Language Setting: ETI
Windows Directory: C:\Windows
Windows Version: Windows 7 Service Pack 1
UAC Status: On
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 372
[C:\Windows\system32\csrss.exe] - Process ID: 460
[C:\Windows\system32\wininit.exe] - Process ID: 520
[C:\Windows\system32\csrss.exe] - Process ID: 536
[C:\Windows\system32\services.exe] - Process ID: 580
[C:\Windows\system32\winlogon.exe] - Process ID: 608
[C:\Windows\system32\lsass.exe] - Process ID: 636
[C:\Windows\system32\lsm.exe] - Process ID: 652
[C:\Windows\system32\svchost.exe] - Process ID: 760
[C:\Windows\system32\nvvsvc.exe] - Process ID: 820
[C:\Windows\system32\svchost.exe] - Process ID: 844
[c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe] - Process ID: 920
[C:\Windows\System32\svchost.exe] - Process ID: 1000
[C:\Windows\System32\svchost.exe] - Process ID: 1068
[C:\Windows\system32\svchost.exe] - Process ID: 1104
[C:\Windows\system32\svchost.exe] - Process ID: 1288
[C:\Windows\system32\svchost.exe] - Process ID: 1436
[C:\Windows\System32\spoolsv.exe] - Process ID: 1560
[C:\Windows\system32\svchost.exe] - Process ID: 1600
[C:\Windows\system32\svchost.exe] - Process ID: 1644
[C:\Windows\system32\svchost.exe] - Process ID: 1740
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe] - Process ID: 1780
[C:\Program Files\Blaze Media Pro\NMSAccess32.exe] - Process ID: 1852
[C:\Windows\system32\PnkBstrA.exe] - Process ID: 1888
[C:\Program Files\CyberLink\Shared files\RichVideo.exe] - Process ID: 1940
[C:\Windows\system32\svchost.exe] - Process ID: 2008
[C:\Windows\system32\svchost.exe] - Process ID: 112
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE] - Process ID: 404
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe] - Process ID: 1628
[C:\Windows\system32\svchost.exe] - Process ID: 2156
[C:\Windows\system32\svchost.exe] - Process ID: 2256
[C:\Windows\system32\rundll32.exe] - Process ID: 2564
[C:\Windows\system32\taskhost.exe] - Process ID: 2740
[C:\Windows\system32\Dwm.exe] - Process ID: 2868
[C:\Windows\system32\CNAB4RPK.EXE] - Process ID: 3008
[C:\Program Files\DellTPad\Apoint.exe] - Process ID: 3260
[C:\Program Files\Microsoft Security Client\msseces.exe] - Process ID: 3276
[C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] - Process ID: 3292
[C:\Program Files\Common Files\Java\Java Update\jusched.exe] - Process ID: 3324
[C:\Windows\System32\rundll32.exe] - Process ID: 3428
[C:\Windows\System32\rundll32.exe] - Process ID: 3452
[C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe] - Process ID: 3524
[C:\Program Files\DellTPad\ApMsgFwd.exe] - Process ID: 3624
[C:\Program Files\DellTPad\HidFind.exe] - Process ID: 3680
[C:\Windows\system32\SearchIndexer.exe] - Process ID: 3832
[C:\Program Files\Windows Media Player\wmpnetwk.exe] - Process ID: 2680
[C:\Windows\System32\svchost.exe] - Process ID: 3544
[C:\Windows\system32\DllHost.exe] - Process ID: 3676
[C:\Windows\system32\svchost.exe] - Process ID: 748
[C:\Windows\Explorer.exe] - Process ID: 2428
[audiodg.exe] - Process ID: 2208
[c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe] - Process ID: 3476
[C:\Windows\system32\taskhost.exe] - Process ID: 3204
[C:\Users\Genno\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 2532
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 1632
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 3876

<<<< Startup Items >>>>

[McAfee Security Scan Plus.lnk] - - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[Apoint] - - C:\Program Files\DellTPad\Apoint.exe
[MSC] - - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[GrooveMonitor] - - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[Malwarebytes' Anti-Malware (reboot)] - - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[SunJavaUpdateSched] - - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[Adobe Reader Speed Launcher] - - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
[Adobe ARM] - - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[NvCplDaemon] - - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[NvMediaCenter] - - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[NVHotkey] - - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
[nwiz] - - nwiz.exe /install

<<<< MS Services >>>>

Application Experience (AeLookupSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Information (Appinfo) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Computer Browser (Browser) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Bluetooth Support Service (bthserv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k bthsvcs
Certificate Propagation (CertPropSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Offline Files (CscService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Extensible Authentication Protocol (EapHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Event Log (eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Provider Host (fdPHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Resource Publication (FDResPub) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Font Cache Service (FontCache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Human Interface Device Access (hidserv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
HomeGroup Listener (HomeGroupListener) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
HomeGroup Provider (HomeGroupProvider) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
CNG Key Isolation (KeyIso) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Microsoft Antimalware Service (MsMpSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Network List Service (netprofm) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Peer Networking Identity Manager (p2pimsvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Peer Networking Grouping (p2psvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Program Compatibility Assistant Service (PcaSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
Peer Name Resolution Protocol (PNRPsvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
IPsec Policy Agent (PolicyAgent) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Power (Power) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
RPC Endpoint Mapper (RpcEptMapper) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k RPCSS
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Smart Card (SCardSvr) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Image Acquisition (WIA) (StiSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic Service Host (WdiServiceHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Diagnostic System Host (WdiSystemHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
WLAN AutoConfig (Wlansvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Live ID Sign-in Assistant (wlidsvc) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Application Identity (AppIDSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
ActiveX Installer (AxInstSV) (AxInstSV) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k AxInstSVGroup
BitLocker Drive Encryption Service (BDESVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Disk Defragmenter (defragsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k defragsvc
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Encrypting File System (EFS) (EFS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\lsass.exe
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Fax (Fax) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\fxssvc.exe
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
KtmRm for Distributed Transaction Coordinator (KtmRm) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
BranchCache (PeerDistSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k PeerDist
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card Removal Policy (SCPolicySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Adaptive Brightness (SensrSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SNMP Trap (SNMPTRAP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
Software Protection (sppsvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\sppsvc.exe
SPP Notification Service (sppuinotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Secure Socket Tunneling Protocol Service (SstpSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Tablet PC Input Service (TabletInputService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Telephony (TapiSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
TPM Base Services (TBS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Services (TermService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Remote Desktop Services UserMode Port Redirector (UmRdpService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Credential Manager (VaultSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
Windows Time (W32Time) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Block Level Backup Engine Service (wbengine) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\system32\wbengine.exe"
Windows Biometric Service (WbioSrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k WbioSvcGroup
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
WebClient (WebClient) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Error Reporting Service (WerSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
WMI Performance Adapter (wmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe
Parental Controls (WPCSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
WWAN AutoConfig (WwanSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

<<<< Non-MS Services >>>>

Application Host Helper Service (AppHostSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k apphost
Infrared monitor service (Irmon) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Machine Debug Manager (MDM) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
Microsoft Network Inspection (NisSrv) - Running [Manual | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
NMSAccess (NMSAccess) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Blaze Media Pro\NMSAccess32.exe"
NVIDIA Display Driver Service (nvsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\nvvsvc.exe
PnkBstrA (PnkBstrA) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\PnkBstrA.exe
Cyberlink RichVideo Service(CRVS) (RichVideo) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\CyberLink\Shared files\RichVideo.exe"
World Wide Web Publishing Service (W3SVC) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k iissvcs
Windows Process Activation Service (WAS) - Running [Manual | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k iissvcs
Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FLEXnet Licensing Service (FLEXnet Licensing Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
InstallDriver Table Manager (IDriverT) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
McAfee Security Scan Component Host Service (McComponentHostService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"
Microsoft Office Groove Audit Service (Microsoft Office Groove Audit Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
NMIndexingService (NMIndexingService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
SwitchBoard (SwitchBoard) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

<<<< bcdedit >>>>


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {18786e49-bba0-11df-a362-e5a055c95ecb}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {18786e4b-bba0-11df-a362-e5a055c95ecb}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {18786e49-bba0-11df-a362-e5a055c95ecb}
nx OptIn

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: Genno-PC | ID: 1130 | Source: .NET Runtime Optimization Service | Type: Warning | Date: 15-4-11 11:43:19 | Log: Application
Message: .NET Runtime Optimization Service (2.0.50727.5420) - Version or flavor did not match with repository: Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets


Computer Name: Genno-PC | ID: 1 | Source: Microsoft-Windows-ApplicationExperienceInfrastructure | Type: Warning | Date: 15-4-11 10:41:47 | Log: Application
Message: The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled. Applications that require this driver will not function properly without a patch.


Computer Name: Genno-PC | ID: 1 | Source: Microsoft-Windows-ApplicationExperienceInfrastructure | Type: Warning | Date: 15-4-11 10:41:47 | Log: Application
Message: The application (Tages Protection, from vendor Tages SA) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows.


Computer Name: Genno-PC | ID: 215 | Source: ESENT | Type: Error | Date: 15-4-11 10:32:56 | Log: Application
Message: WinMail (3240) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.


Computer Name: Genno-PC | ID: 1 | Source: Microsoft-Windows-ApplicationExperienceInfrastructure | Type: Warning | Date: 15-4-11 10:32:42 | Log: Application
Message: The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled. Applications that require this driver will not function properly without a patch.


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: Genno-PC | ID: 7030 | Source: Service Control Manager | Type: Error | Date: 15-4-11 13:48:8 | Log: System
Message: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Computer Name: Genno-PC | ID: 7030 | Source: Service Control Manager | Type: Error | Date: 15-4-11 13:38:34 | Log: System
Message: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Computer Name: Genno-PC | ID: 7030 | Source: Service Control Manager | Type: Error | Date: 15-4-11 13:32:4 | Log: System
Message: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Computer Name: Genno-PC | ID: 1014 | Source: Microsoft-Windows-DNS-Client | Type: Warning | Date: 15-4-11 12:12:51 | Log: System
Message: Name resolution for the name flvtubesearch.co timed out after none of the configured DNS servers responded.


Computer Name: Genno-PC | ID: 37 | Source: Microsoft-Windows-Kernel-Processor-Power | Type: Warning | Date: 15-4-11 10:41:50 | Log: System
Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


<<<< Special Events >>>>

There were no special events found

<<<< Hosts File >>>>

The HOSTS file is 824 Bytes in size.

There were 0 lines which refer to an external IP address.



------ End of File ------

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x85D20338 [372] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x87F7E730 [408] C:\Windows\System32\PnkBstrA.exe
0x85E22A48 [464] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87B736D0 [528] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x85BE3030 [540] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87BC3850 [588] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x87BD2D40 [612] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x87BEE4F8 [640] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x87BEA858 [648] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x87C39BC0 [764] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87C6FA40 [828] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 179.67)
0x87C6AB38 [864] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84CE9030 [928] C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation, Antimalware Service Executable)
0x860CD9D0 [1040] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8610ED40 [1084] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x884E1480 [1100] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86097D40 [1140] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87FA9030 [1248] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x86170850 [1300] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86172D40 [1364] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x87FA87F0 [1440] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87EB2B38 [1456] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87887148 [1624] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x87841030 [1652] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x878A1030 [1696] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87FCF468 [1816] C:\Windows\System32\CNAB4RPK.EXE (CANON INC., Canon Advanced Printing Technology RPC Server Process)
0x87884D40 [1856] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x87899930 [1896] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87BE3948 [1936] C:\Program Files\CyberLink\Shared files\RichVideo.exe (-, RichVideo Module)
0x87880D40 [1952] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation, Machine Debug Manager)
0x8789EA90 [2020] C:\Program Files\Blaze Media Pro\NMSAccess32.exe
0x880B1878 [2132] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84DC3D40 [2160] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x881294A0 [2248] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88159930 [2296] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
0x881EAD40 [2424] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
0x87845A80 [2640] C:\Windows\System32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x8829AC98 [2672] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0x882CD930 [2688] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation, Microsoft Security Client User Interface)
0x882AFD40 [2748] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882FF030 [2800] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882E9428 [2812] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x87EB7C20 [2876] C:\Windows\System32\MustBeRandomlyNamed\4RajSdxu.exe (UG North, RKULE, SR2 Normandy)
0x8824DA50 [2988] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x85099558 [3000] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x88369D40 [3124] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x883B7D40 [3132] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x8805FB18 [3288] C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc., McAfee Security Scanner Scheduler)
0x883893E8 [3652] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x884BD3C8 [3840] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x85BC1030 [3892] C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd., ApMsgFwd)
0x883D3D40 [3972] C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver for Windows NT/2000/XP/Vista)
0x88386850 [3980] C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0x883F4D40 [4008] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x85071D40 [4028] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84C3F8E8 [4] System
0x8837DA88 [3388] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x90815000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67 )
0x9603E000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82C16000 C:\Windows\system32\ntoskrnl.exe 4210688 bytes (Microsoft Corporation, NT Kernel & System)
0x82C16000 PnpManager 4210688 bytes
0x82C16000 RAW 4210688 bytes
0x82C16000 WMIxWDM 4210688 bytes
0x93950000 Win32k 2416640 bytes
0x93950000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89D3D000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x899B5000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x89638000 PCI_PNP3663 1097728 bytes
0x89638000 C:\Windows\System32\Drivers\sptd.sys 1097728 bytes
0x90F48000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89C23000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8950E000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x8BE43000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BCBA000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8942E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x895B9000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x96598000 C:\Windows\System32\Drivers\ao88nooa.SYS 425984 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8FEE8000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8FDC6000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89B22000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FC53000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8BDE3000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9674D000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8BF7C000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93800000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x96498000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8984B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x89773000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8BC51000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x966F8000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x894CC000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FD5F000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89EC1000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89CDA000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x96451000 C:\Windows\system32\DRIVERS\b57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0x8BD8D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FE90000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8301A000 ACPI_HAL 225280 bytes
0x8301A000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x89970000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x966B6000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89F68000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FCAD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89E87000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9679D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x898AB000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x964F2000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x89F23000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x96537000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x89AE4000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x897CE000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x898FF000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x89BB5000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8974D000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x89FAB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89D18000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8FF4C000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x89944000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8BD6A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x96642000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8BEE4000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8FE50000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89BDC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89B96000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FEC9000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FCE6000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93BE0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8BC23000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x8FF70000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x89FD0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8BDC8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FD13000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0x8BC09000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8BD3F000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x967CC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8FE2A000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9651F000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9661F000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x96664000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9667C000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x96693000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FC30000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x898E0000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8FF96000 C:\Windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89B0F000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8BCA7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x89F10000 C:\Windows\System32\drivers\sfdrv01.sys 77824 bytes (Protection Technology (StarForce), FrontLine Environment Driver)
0x8FD2D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x89929000 00000239 73728 bytes
0x9660D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8FFB0000 C:\Windows\system32\DRIVERS\bthmodem.sys 73728 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x90800000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8FE71000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8BD58000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89929000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x89F9A000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x96009000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x899A4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9673C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x89400000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x894B3000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8FD40000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8BC41000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89F50000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8BC97000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FFE4000 C:\Windows\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0x8983B000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x964E3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FE42000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FD05000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FC22000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8989D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89B7F000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FD51000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x966EA000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8962A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x96031000 C:\Windows\system32\drivers\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x96600000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x967E5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x96570000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8FFC2000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x96563000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BF6F000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89800000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FDBA000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8FC00000 C:\Windows\System32\DRIVERS\scfilter.sys 49152 bytes (Microsoft Corporation, Microsoft Smart Card Reader Filter Driver)
0x8FC47000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x89FF1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x89419000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x967F2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8FF8B000 C:\Windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8FC0C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8FFD9000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89825000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x96637000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FFF4000 C:\Windows\System32\Drivers\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smart Card Driver Library)
0x96024000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x9648D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x897C3000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8FFCF000 C:\Windows\system32\DRIVERS\BthAvrcp.sys 40960 bytes (CSR, plc, Bluetooth Remote Control Driver)
0x9601A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8BFCC000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8FDAA000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FDA0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x966AA000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x8BEDA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9657D000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x89967000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8993B000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x96000000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x89B8D000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9658F000 C:\Windows\system32\drivers\irenum.sys 36864 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0x8BFF1000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93BB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89EB8000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8FE83000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x89744000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x894C4000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89411000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89F60000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA7000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x897BB000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8980D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89815000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8981D000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89F08000 C:\Windows\System32\drivers\sfhlp02.sys 32768 bytes (Protection Technology (StarForce), FrontLine Helper Driver)
0x96587000 C:\Windows\system32\DRIVERS\SMSCirda.sys 32768 bytes (SMSC, SMSC Fast Infrared Driver)
0x89F00000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89C18000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FFA9000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x89896000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x89C11000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x898D9000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FCDF000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8FDB4000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C9DB16C-6C8D-419D-B680-1BFC66161A25}\MpKslb99e16ae.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8BFE2000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C9DB16C-6C8D-419D-B680-1BFC66161A25}\MpKsld6ff4cc2.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8BE3E000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x8FE8C000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x966B4000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9602F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8590E1F8 unknown_irp_handler 3592 bytes
0x8590C1F8 unknown_irp_handler 3592 bytes
0x85C371F8 unknown_irp_handler 3592 bytes
0x8590D1F8 unknown_irp_handler 3592 bytes
0x85C3F1F8 unknown_irp_handler 3592 bytes
0x85C19430 unknown_irp_handler 3024 bytes
0x85EED430 unknown_irp_handler 3024 bytes
0x85CFB430 unknown_irp_handler 3024 bytes
0x85EE3430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x8BF2FF2E Unknown thread object [ ETHREAD 0x880B1CA0 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E3D2A32E.exe_8c7585d144f4dbfadeb9f2fc11bacc3a56ef72e_cab_0ea57097\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E3D2A32E.exe_8c7585d144f4dbfadeb9f2fc11bacc3a56ef72e_cab_0ea57097\WER6CA1.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E3D2A32E.exe_8c7585d144f4dbfadeb9f2fc11bacc3a56ef72e_cab_0ea57097\WER6CFF.tmp.WERInternalMetadata.xml
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E3D2A32E.exe_8c7585d144f4dbfadeb9f2fc11bacc3a56ef72e_cab_0ea57097\WER6D10.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E3D2A32E.exe_8c7585d144f4dbfadeb9f2fc11bacc3a56ef72e_cab_0ea57097\WER705B.tmp.mdmp
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\Windows\Performance\WinSAT\DataStore\2011-04-17 01.00.05.427.winsat.etl
!-->[Hidden] C:\Windows\Performance\WinSAT\DataStore\2011-04-17 01.00.15.037 DWM.Assessment (Recent).WinSAT.xml
!-->[Hidden] C:\Windows\Performance\WinSAT\DataStore\2011-04-17 01.00.15.037 Graphics3D.Assessment (Recent).WinSAT.xml
!-->[Hidden] C:\Windows\Performance\WinSAT\DataStore\2011-04-17 01.00.15.037 GraphicsMedia.Assessment (Recent).WinSAT.xml
!-->[Hidden] C:\Windows\Performance\WinSAT\DataStore\2011-04-17 01.02.34.972 Formal.Assessment (Recent).WinSAT.xml
!-->[Hidden] C:\Windows\Prefetch\MCUICNT.EXE-A0088047.pf
==============================================
>Hooks
==============================================
[1364]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1364]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->00000000 [apphelp.dll]
[1364]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3124]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3124]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->00000000 [apphelp.dll]
[3124]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3132]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3132]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->00000000 [apphelp.dll]
[3132]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e104176b4fa6de48869e35a518457d03
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-18 06:29:22
# local_time=2011-04-18 09:29:22 (+0200, FLE Daylight Time)
# country="Estonia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 249728 54733065 0 0
# compatibility_mode=8192 67108863 100 0 242 242 0 0
# scanned=141967
# found=2
# cleaned=2
# scan_time=6290
C:\Microgaming\Poker\triobetMPP\install.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Genno\Downloads\WinRAR.3.93.Final.32bit.64bit.FFF.DM999\Keygen.exe a variant of Win32/Keygen.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Hey Jay.
None of the symptoms described above.
Only the one I posted about in the first post about redirection of browser.
Also, my internet connection disconnects sometimes(cable), usually when I load up utorrent. Then reconnects.
And also there is an issue with my charger. The icon shows that it's "plugged in, not charging", although it is charging- this issue started when one of the chargers adapters broke and I replaced it, it has been so ever since.

I'm probably going to format my harddrive, because the main issue that I had has not resolved and I'm paranoid about the RKu report of possible activity.

Thank You Jay for having the will and patience to deal with these kinds of problems of other people.

Best Luck

EDIT: I reinstalled the browser and that did the trick- no redirect. still gonna go with the format tho

Last edited by Maryxu on 19th April 2011, 5:39 am; edited 1 time in total (Reason for editing : additional information)

Thanks for letting me know. Glad I could help.