Solved Google search results redirecting

[Resolved] Google search results redirecting

I am helping a cousin fix his computer, so far I have removed a program called Malware Protection. I did this by deleting defender.exe in the Users\AppData\Roaming folder. After I deleted defender.exe I was able to install and run programs. Malware Protection wasn't letting me run any programs.

I then scanned with avast! and it found 2 things and removed them: Win32:Cycbot-FZ [Trj] and JSdfka-AAQ [Expl].

I think Cycbot could be related to my google search results redirecting problem.

I also scanned with Spybot-S&D! and it removed some things.

I also scanned with Malwarebytes and it removed some things but I don't have the original log of the first scan.

I also scanned with SUPERAntiSpyware and it removed Malware.Trace. It also deleted a registry key, I don't remember the full name but I did a Google search and found someone else with a similar problem. The registry key they posted looks similar to the one that was removed on my computer HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL.

Whenever I search for something at Google.com or use the toolbar that's built into Firefox I get my search results. After I click the link it redirects me to another site and avast! blocks the site. Usually I just hit the back button and click the link again and it'll bring me to the site I originally wanted to go.

The site always redirects me to sites like: http://68.169.92.53/click.php?c=eNo...VEguRW7yUmhEGOGAkF4KbGBIMPs7hghQYAdsC5B9zseAn

It always starts with: http://68.169.92.53/click.php?c=

I have also noticed after I do a search and I hover my mouse over the 1st link it shows something like: googleads.g.doubleclic.net/pagead/nclk?sa=L&ai=1&u= instead of the actual link my mouse is hovered over. But for the rest of the search result links it shows the real link. Whenever it shows the googleads.g.doubleclic.net link I know I am about to be redirected. It doesn't always show for the first search result link. It seems to be random. For the first search result link when I know I'm about to be redirected there is also a small link on the bottom that says Block all googleads.g.doubleclick.net

The redirects doesn't happen every time I search, it seems to be random.

Here is my Malwarebytes (MBAM) log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7463

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/14/2011 12:32:17 AM
mbam-log-2011-08-14 (00-32-17).txt

Scan type: Quick scan
Objects scanned: 164179
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-14 00:08:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004e ST316081 rev.4.AA
Running: 40khukjp.exe; Driver: C:\Users\TAN~1\AppData\Local\Temp\uxdirfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C47A202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C47C7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C47C848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C47C95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C47C746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8C47C898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C47C79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C47C90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C47A226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8C479FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C47A24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C47CD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C47ACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C47C820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C47C870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C47C988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C47C772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C47C8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C47C7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C47C936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C47ABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C47A26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C47A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C47A04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C47A186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C47A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C47A1AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9A993640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C47A2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 820AD890 4 Bytes [02, A2, 47, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1D1 820AD954 8 Bytes [F0, C7, 47, 8C, 48, C8, 47, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 820AD960 4 Bytes [5E, C9, 47, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820AD978 4 Bytes [46, C7, 47, 8C]
.text ntkrnlpa.exe!KeSetEvent + 215 820AD998 8 Bytes [98, C8, 47, 8C, 9A, C7, 47, ...]
.text ...
.text win32k.sys!EngCreateRectRgn + 4537 93A8FC80 5 Bytes JMP 8C47D440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 93AA8EA9 5 Bytes JMP 8C47DE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 93AA9C95 5 Bytes JMP 8C47DF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 93AB23F7 5 Bytes JMP 8C47CD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 93AB334E 5 Bytes JMP 8C47DBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 93ABEA94 5 Bytes JMP 8C47D316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 93ABFEFF 5 Bytes JMP 8C47CF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 93AD9A35 5 Bytes JMP 8C47D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 93AD9A89 5 Bytes JMP 8C47D326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 93B00A8E 5 Bytes JMP 8C47DB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 93B033ED 5 Bytes JMP 8C47CE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 93B09D2E 5 Bytes JMP 8C47CFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 93B141CC 5 Bytes JMP 8C47E014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 93B170B4 5 Bytes JMP 8C47CE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 93B354E5 5 Bytes JMP 8C47DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 93B3BBB3 5 Bytes JMP 8C47DBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 93B3F32A 5 Bytes JMP 8C47DCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 93B46C49 5 Bytes JMP 8C47CEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 93B651BC 5 Bytes JMP 8C47D0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 93B6AA3A 5 Bytes JMP 8C47D008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 93B6E572 5 Bytes JMP 8C47DECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 93B8CA97 5 Bytes JMP 8C47D03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 93B992F1 5 Bytes JMP 8C47D0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[276] KERNEL32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[324] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[324] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[324] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[324] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[324] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[324] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[324] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[324] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[324] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[332] KERNEL32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[372] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[372] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000703FC
.text C:\Windows\system32\winlogon.exe[372] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\winlogon.exe[372] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\winlogon.exe[372] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[372] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[372] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[372] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[372] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[412] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[412] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[412] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[412] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[412] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[412] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[412] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[412] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[412] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[428] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[428] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[428] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[428] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[428] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[428] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[428] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[428] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[428] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[436] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[436] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[436] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[436] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[600] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[600] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[600] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[600] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[600] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[600] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00120804
.text C:\Windows\system32\svchost.exe[600] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\svchost.exe[600] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[600] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\nvvsvc.exe[656] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[656] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[656] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 002703FC
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00270600
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00271014
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00270804
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00270A08
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00270C0C
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00270E10
.text C:\Windows\system32\nvvsvc.exe[656] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 002701F8
.text C:\Windows\system32\nvvsvc.exe[656] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00280600
.text C:\Windows\system32\nvvsvc.exe[656] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00280804
.text C:\Windows\system32\nvvsvc.exe[656] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00280A08
.text C:\Windows\system32\nvvsvc.exe[656] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 002801F8
.text C:\Windows\system32\nvvsvc.exe[656] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 002803FC
.text C:\Windows\system32\svchost.exe[688] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[688] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[688] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[688] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[688] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[688] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[688] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[688] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[688] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[720] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[720] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[720] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[720] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[720] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[720] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\svchost.exe[720] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\svchost.exe[720] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\svchost.exe[720] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\svchost.exe[808] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[808] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00250600
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00250804
.text C:\Windows\System32\svchost.exe[808] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00250A08
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 002501F8
.text C:\Windows\System32\svchost.exe[808] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 002503FC
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00C00600
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00C00804
.text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00C00A08
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 00C001F8
.text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 00C003FC
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 001D0600
.text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 001D0804
.text C:\Windows\system32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 001D0A08
.text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001D01F8
.text C:\Windows\system32\svchost.exe[888] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001D03FC
.text C:\Windows\system32\AUDIODG.EXE[948] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00180600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00181014
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00180804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00180A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00180C0C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00180E10
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001801F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWindowsHookExA 778D6322 3 Bytes JMP 00190600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWindowsHookExA + 4 778D6326 1 Byte [88]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWindowsHookExW 778D87AD 3 Bytes JMP 00190804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWindowsHookExW + 4 778D87B1 1 Byte [88]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00190A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWinEventHook 778D9F3A 3 Bytes JMP 001901F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!SetWinEventHook + 4 778D9F3E 1 Byte [88]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1144] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\nvvsvc.exe[1168] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1168] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[1168] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[1168] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[1168] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[1168] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[1168] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[1168] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC

 

GMER log continued:
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00A40600
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00A40804
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00A40A08
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 00A401F8
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 00A403FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 76B9A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1828] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1828] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1828] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1828] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1828] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00150600
.text C:\Windows\System32\spoolsv.exe[1828] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00150804
.text C:\Windows\System32\spoolsv.exe[1828] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00150A08
.text C:\Windows\System32\spoolsv.exe[1828] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001501F8
.text C:\Windows\System32\spoolsv.exe[1828] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00091014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00090C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00090E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2072] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\agrsmsvc.exe[2108] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[2108] ntdll.dll!LdrUnloadDll 779FB740 3 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[2108] ntdll.dll!LdrUnloadDll + 4 779FB744 1 Byte [88]
.text C:\Windows\system32\agrsmsvc.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[2108] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[2108] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[2108] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[2108] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\agrsmsvc.exe[2108] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[2108] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[2132] KERNEL32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2240] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2240] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2240] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2240] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2240] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2240] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2280] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2280] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2280] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00160600
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00160804
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00160A08
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001603FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00171014
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00170C0C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00170E10
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2344] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2424] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2424] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2448] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000D01F8
.text C:\Windows\system32\SearchIndexer.exe[2448] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000D03FC
.text C:\Windows\system32\SearchIndexer.exe[2448] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000F03FC
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000F0600
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000F1014
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000F0804
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000F0A08
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000F0C0C
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000F0E10
.text C:\Windows\system32\SearchIndexer.exe[2448] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000F01F8
.text C:\Windows\system32\SearchIndexer.exe[2448] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[2448] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2448] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2448] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2448] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\WUDFHost.exe[2612] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\WUDFHost.exe[2612] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\WUDFHost.exe[2612] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\WUDFHost.exe[2612] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\WUDFHost.exe[2612] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\WUDFHost.exe[2612] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\WUDFHost.exe[2612] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\WUDFHost.exe[2612] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\WUDFHost.exe[2612] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC

 

GMER log continued:
.text C:\Windows\system32\Dwm.exe[3480] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3480] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3480] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3480] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3480] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3480] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3480] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3480] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3480] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3512] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3512] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3512] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3512] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3512] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[3512] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[3512] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[3512] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[3512] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000903FC
.text C:\Windows\Explorer.EXE[3524] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3524] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3524] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000B03FC
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 000B0600
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 000B1014
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 000B0804
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 000B0A08
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 000B0C0C
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 000B0E10
.text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000B01F8
.text C:\Windows\Explorer.EXE[3524] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[3524] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[3524] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[3524] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[3524] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[3680] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3680] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3680] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3680] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3680] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3680] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3680] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3680] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3680] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3808] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC
.text C:\Windows\RtHDVCpl.exe[3852] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3852] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3852] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3852] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3852] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[3852] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[3852] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[3852] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3852] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00181014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00180C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00180E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3968] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001801F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4012] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4020] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[5104] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5104] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[5104] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[5104] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 000701F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ntdll.dll!LdrLoadDll 779E93A8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ntdll.dll!LdrUnloadDll 779FB740 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00170600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00170804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001703FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 00180600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!SetServiceObjectSecurity 76266CD9 5 Bytes JMP 00181014
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 00180804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 00180A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!ChangeServiceConfig2A 76267099 5 Bytes JMP 00180C0C
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!ChangeServiceConfig2W 762671E1 5 Bytes JMP 00180E10
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5540] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\ctfmon.exe[5868] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]
.text C:\Users\Tank\Desktop\GMER\40khukjp.exe[7252] kernel32.dll!GetBinaryTypeW + 70 76BC2467 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

 

MBRCheck log:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-14 00:09:39
-----------------------------
00:09:39.620 OS Version: Windows 6.0.6002 Service Pack 2
00:09:39.620 Number of processors: 1 586 0x7F02
00:09:39.620 ComputerName: TANK-PC UserName: Tank
00:09:40.634 Initialize success
00:09:40.931 AVAST engine defs: 11081301
00:10:10.663 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004e
00:10:10.663 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 6
00:10:12.722 Disk 0 MBR read successfully
00:10:12.722 Disk 0 MBR scan
00:10:12.722 Disk 0 unknown MBR code
00:10:12.737 Disk 0 scanning sectors +312579760
00:10:13.018 Disk 0 scanning C:\Windows\system32\drivers
00:11:00.661 Service scanning
00:11:01.893 Modules scanning
00:11:13.889 Disk 0 trace - called modules:
00:11:13.905 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
00:11:13.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85360620]
00:11:13.921 3 CLASSPNP.SYS[879ac8b3] -> nt!IofCallDriver -> [0x84f0d700]
00:11:14.420 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\0000004e[0x84b20c90]
00:11:14.841 AVAST engine scan C:\Windows
00:11:18.569 AVAST engine scan C:\Windows\system32
00:14:16.815 AVAST engine scan C:\Windows\system32\drivers
00:15:13.256 AVAST engine scan C:\Users\Tank
00:17:08.554 AVAST engine scan C:\ProgramData
00:18:14.807 Scan finished successfully
00:18:36.688 Disk 0 MBR has been saved successfully to "C:\Users\Tank\Desktop\MBR.dat "
00:18:36.704 The log file has been saved successfully to "C:\Users\Tank\Desktop\aswMBR.txt "

 

DDS(2 logs) DDS.txt:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Tank at 0:23:48 on 2011-08-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.836 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uInternet Settings,ProxyServer = http=127.0.0.1:57010
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [Skytel] Skytel.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\users\tan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BFB533A5-E40C-4049-B88D-505E626EDA04} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tank\appdata\roaming\mozilla\firefox\profiles\n1osriqy.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-10 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-10 309848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-10 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-10 42184]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-3-31 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-12 2255464]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-13 12:51:35 -------- d-----w- c:\program files\Magical Jelly Bean
2011-08-13 11:33:27 -------- d-----w- c:\users\tank\appdata\local\OpenCandy
2011-08-13 11:33:25 -------- d-----w- c:\users\tank\appdata\roaming\OpenCandy
2011-08-13 10:45:20 -------- d-----w- c:\program files\common files\PC Tools
2011-08-13 10:39:27 -------- d-----w- c:\programdata\PC Tools
2011-08-12 18:07:43 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-12 18:07:43 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-12 18:07:43 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-12 18:07:42 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-12 18:07:42 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-12 18:07:41 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-12 18:07:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-12 18:04:00 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-12 18:04:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-12 18:04:00 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-12 18:04:00 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-12 18:03:59 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-12 18:03:59 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-12 18:03:59 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-12 18:03:59 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-12 18:03:59 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-12 18:03:59 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-12 18:03:59 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-12 18:02:56 -------- d-----w- C:\NVIDIA
2011-08-12 17:40:30 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-12 16:51:43 -------- d-----w- c:\programdata\Malwarebytes
2011-08-12 15:51:58 -------- d-----w- c:\windows\system32\Adobe
2011-08-12 15:51:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 15:22:21 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3bec370b-94e2-4a06-9370-91ac4488f15e}\mpengine.dll
2011-08-11 10:27:59 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-08-11 10:27:59 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-08-11 10:27:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-11 10:27:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-11 10:27:59 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-08-11 10:27:59 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-08-11 07:52:39 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-08-11 07:52:36 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-11 06:35:14 -------- d-----w- c:\program files\LSI SoftModem
2011-08-11 05:23:54 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-11 05:23:53 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 05:23:46 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 05:23:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 05:23:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-11 05:22:38 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 05:22:38 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 05:22:34 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:42:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-10 09:42:02 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-10 09:41:20 40112 ----a-w- c:\windows\avastSS.scr
2011-08-10 09:41:07 -------- d-----w- c:\programdata\AVAST Software
2011-08-10 09:41:07 -------- d-----w- c:\program files\AVAST Software
2011-08-10 09:13:41 0 ---ha-w- c:\users\tank\appdata\local\BITD437.tmp
2011-08-10 08:59:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-10 08:59:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-10 08:39:38 -------- d-----w- c:\users\tank\appdata\local\Microsoft Games
.
==================== Find3M ====================
.
2011-08-11 05:56:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:24:04.74 ===============

DDS(2 logs) Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2009 11:55:47 AM
System Uptime: 8/13/2011 10:27:03 PM (2 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon(tm) Processor LE-1640 | Socket AM2 | 2700/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 93.802 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP730: 8/5/2011 12:00:01 AM - Scheduled Checkpoint
RP731: 8/10/2011 2:40:52 AM - avast! Free Antivirus Setup
RP732: 8/10/2011 10:22:31 PM - Windows Update
RP733: 8/10/2011 10:52:48 PM - Removed Java(TM) 6 Update 5
RP734: 8/10/2011 10:54:13 PM - Removed Java(TM) 6 Update 22
RP735: 8/10/2011 10:56:07 PM - Installed Java(TM) 6 Update 26
RP736: 8/10/2011 11:19:34 PM - Windows Update
RP737: 8/11/2011 1:50:52 AM - Windows Update
RP738: 8/12/2011 8:22:02 AM - Windows Update
RP739: 8/12/2011 8:32:00 AM - Removed Adobe Reader 8.3.0
RP740: 8/12/2011 8:48:26 AM - Installed Adobe Reader X (10.1.0).
RP741: 8/12/2011 11:06:25 AM - Device Driver Package Install: NVIDIA Display adapters
RP742: 8/12/2011 11:09:02 AM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers
RP744: 8/12/2011 11:09:29 AM - Installed NVIDIA 3D Vision Controller Driver
RP745: 8/13/2011 2:26:38 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92PP Soft Modem
avast! Free Antivirus
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD
Digital Media Reader
eMachines Games
eMachines Recovery Management
GearDrvs
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
LSI PCI-SV92PP Soft Modem
Magical Jelly Bean KeyFinder
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0.1 (x86 en-US)
MSVCRT
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 280.19
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA Update 1.4.28
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Spybot - Search & Destroy
swMSM
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB946691)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
8/13/2011 11:16:02 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
8/13/2011 10:29:59 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
8/12/2011 8:49:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/12/2011 8:49:00 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2011 8:48:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/12/2011 10:10:33 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
8/11/2011 2:54:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Event Manager service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/11/2011 2:54:13 AM, Error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
8/11/2011 2:54:13 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
8/11/2011 2:54:13 AM, Error: Service Control Manager [7034] - The LiveUpdate Notice service terminated unexpectedly. It has done this 1 time(s).
8/11/2011 2:54:13 AM, Error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
8/11/2011 2:54:13 AM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/11/2011 2:54:13 AM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 2:16:14 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 2:15:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/10/2011 2:15:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/10/2011 2:15:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/10/2011 2:15:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2011 2:15:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/10/2011 12:54:58 AM, Error: EventLog [6008] - The previous system shutdown at 8:31:05 PM on 8/7/2011 was unexpected.
8/10/2011 11:32:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: nVidia - Display - NVIDIA GeForce 6150SE nForce 430.
8/10/2011 11:01:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Tank-PC\Tank SID (S-1-5-21-1193293842-3377536650-3804063580-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

I did some more researching and found out that XULRunner 1.9.1 and Google Toolbar might be the cause of my search redirect problem. There is no remove button for the XULRunner 1.9.1 so I originally thought it was a legit add-on.

I have used the Add/remove programs and removed Yahoo! Toolbar, Google Toolbar, and Google Desktop but am not sure if this is good enough.

In my Users\AppData\Local folder there are some suspicious folders. First is a folder called {D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F} and I think it is related with the XULRunner 1.9.1. There is an install.rdf, _cfg.js, and overlay.xul files inside.

Second folder is in Users\AppData\Local\Mozilla\Firefox\Profiles\n1osriqy.default with a file XUL.mfl.

Third folder is Users\AppData\Local\Google\ with folders like Google Desktop and Toolbar History. Inside the Toolbar History there is a folder called thumbnails. In the thumbnails folder there is a bunch of .png files with what looks like something has been taking screenshots of my desktop to see what kind of websites I have been visiting. Is this normal operation of what Google Toolbar is supposed to do? Google Toolbar seems like a legitimate program but I removed it anyways.

Can I delete these 3 folders? Or should I use some kind of program to clean them up?

I have noticed a lot of Google redirect and Internet Options - Proxy Settings threads. What is the main cause for all of these?

 

I'm not sure, I never use IE. I could start testing it out if you'd like.

Looks like I was right about XULRunner 1.9.1. After running ComboFix it deleted the add-on and also the {D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F} folder with everything else inside of it.

After running ComboFix it made an IE icon on my desktop named "The Internet ". If I right-click and go to properties the "Home page" points to http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05. What is this new IE icon on my desktop?

ComboFix.txt log:
ComboFix 11-08-15.07 - Tank 08/15/2011 12:21:26.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1117 [GMT -7:00]
Running from: c:\users\Tank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}
c:\users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}\chrome.manifest
c:\users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}\chrome\content\_cfg.js
c:\users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}\chrome\content\overlay.xul
c:\users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}\install.rdf
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 19:30 . 2011-08-15 19:30 -------- d-----w- c:\users\Tank\AppData\Local\temp
2011-08-15 19:30 . 2011-08-15 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-14 07:27 . 2011-08-14 07:27 -------- d-----w- c:\users\Tank\AppData\Roaming\Malwarebytes
2011-08-14 07:27 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 07:27 . 2011-08-14 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 07:27 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 12:51 . 2011-08-13 12:51 -------- d-----w- c:\program files\Magical Jelly Bean
2011-08-13 11:33 . 2011-08-14 05:27 -------- d-----w- c:\users\Tank\AppData\Local\OpenCandy
2011-08-13 11:33 . 2011-08-13 11:33 -------- d-----w- c:\users\Tank\AppData\Roaming\OpenCandy
2011-08-13 10:45 . 2011-08-13 11:06 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-13 10:39 . 2011-08-13 11:05 -------- d-----w- c:\programdata\PC Tools
2011-08-12 18:08 . 2011-08-12 18:08 -------- d-----w- c:\users\UpdatusUser
2011-08-12 18:07 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-12 18:07 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-12 18:07 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-12 18:07 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-12 18:07 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-12 18:07 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-12 18:07 . 2011-08-12 18:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-12 18:04 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-12 18:04 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-12 18:04 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-12 18:04 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-12 18:03 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-12 18:03 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-12 18:03 . 2011-08-03 11:50 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-12 18:03 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-12 18:03 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-12 18:03 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-12 18:03 . 2011-08-03 11:50 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-12 18:02 . 2011-08-12 18:02 -------- d-----w- C:\NVIDIA
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- c:\users\Tank\AppData\Roaming\SystemRequirementsLab
2011-08-12 16:51 . 2011-08-12 16:51 -------- d-----w- c:\programdata\Malwarebytes
2011-08-12 15:51 . 2011-08-12 15:54 -------- d-----w- c:\windows\system32\Adobe
2011-08-12 15:51 . 2011-08-12 21:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 15:45 . 2011-08-12 15:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-12 15:22 . 2011-07-20 16:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BEC370B-94E2-4A06-9370-91AC4488F15E}\mpengine.dll
2011-08-11 07:52 . 2010-08-12 18:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-08-11 07:52 . 2011-08-12 18:09 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-11 06:35 . 2011-08-11 06:35 -------- d-----w- c:\program files\LSI SoftModem
2011-08-11 05:57 . 2011-08-11 05:57 -------- d-----w- c:\program files\Common Files\Java
2011-08-11 05:56 . 2011-08-11 05:56 -------- d-----w- c:\program files\Java
2011-08-11 05:23 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 05:23 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 05:23 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 05:23 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-11 05:22 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 05:22 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 05:22 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:42 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-10 09:42 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-10 09:42 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-10 09:42 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-10 09:42 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-10 09:42 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-10 09:41 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-10 09:41 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-10 09:41 . 2011-08-10 09:41 -------- d-----w- c:\programdata\AVAST Software
2011-08-10 09:41 . 2011-08-10 09:41 -------- d-----w- c:\program files\AVAST Software
2011-08-10 09:13 . 2011-08-10 09:13 0 ---ha-w- c:\users\Tank\AppData\Local\BITD437.tmp
2011-08-10 08:59 . 2011-08-12 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-10 08:59 . 2011-08-10 09:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-10 08:39 . 2011-08-10 08:39 -------- d-----w- c:\users\Tank\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 05:56 . 2010-10-16 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-10 07:57 . 2011-06-26 23:18 0 ----a-w- c:\users\Tank\AppData\Local\Aqubakucura.bin
2011-06-02 13:34 . 2011-07-13 03:28 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-08-11 10:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-07-23 6183456]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Skytel "= "Skytel.exe" [2008-07-23 1826816]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Tank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uInternet Settings,ProxyServer = http=127.0.0.1:57010
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Tank\AppData\Roaming\Mozilla\Firefox\Profiles\n1osriqy.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 12:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2011-08-15 12:33:59
ComboFix-quarantined-files.txt 2011-08-15 19:33
.
Pre-Run: 100,204,179,456 bytes free
Post-Run: 100,200,587,264 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - C10674BC94793420EADC31DA7B954B13

 

I have done a few searches with both browsers and they both don't seem to be redirecting anymore. The redirection was random before and I'll continue to do more searches and see if it happens again.

I have edited my last post and don't believe you read it before your last reply.

I ran ComboFix again with the CFScript.txt and after the scan completed CFScript.txt was erased. Is this normal?

What are these two files? BITD437.tmp and Aqubakucura.bin

Combofix.txt log:
ComboFix 11-08-15.07 - Tank 08/15/2011 14:22:18.2.1 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1074 [GMT -7:00]
Running from: c:\users\Tank\Desktop\ComboFix.exe
Command switches used :: c:\users\Tank\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Tank\AppData\Local\Aqubakucura.bin "
"c:\users\Tank\AppData\Local\BITD437.tmp "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tank\AppData\Local\Aqubakucura.bin
c:\users\Tank\AppData\Local\BITD437.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 21:30 . 2011-08-15 21:30 -------- d-----w- c:\users\Tank\AppData\Local\temp
2011-08-15 21:30 . 2011-08-15 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-14 07:27 . 2011-08-14 07:27 -------- d-----w- c:\users\Tank\AppData\Roaming\Malwarebytes
2011-08-14 07:27 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 07:27 . 2011-08-14 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 07:27 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 12:51 . 2011-08-13 12:51 -------- d-----w- c:\program files\Magical Jelly Bean
2011-08-13 11:33 . 2011-08-14 05:27 -------- d-----w- c:\users\Tank\AppData\Local\OpenCandy
2011-08-13 11:33 . 2011-08-13 11:33 -------- d-----w- c:\users\Tank\AppData\Roaming\OpenCandy
2011-08-13 10:45 . 2011-08-13 11:06 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-13 10:39 . 2011-08-13 11:05 -------- d-----w- c:\programdata\PC Tools
2011-08-12 18:08 . 2011-08-12 18:08 -------- d-----w- c:\users\UpdatusUser
2011-08-12 18:07 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-12 18:07 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-12 18:07 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-12 18:07 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-12 18:07 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-12 18:07 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-12 18:07 . 2011-08-12 18:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-12 18:04 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-12 18:04 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-12 18:04 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-12 18:04 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-12 18:03 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-12 18:03 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-12 18:03 . 2011-08-03 11:50 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-12 18:03 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-12 18:03 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-12 18:03 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-12 18:03 . 2011-08-03 11:50 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-12 18:02 . 2011-08-12 18:02 -------- d-----w- C:\NVIDIA
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- c:\users\Tank\AppData\Roaming\SystemRequirementsLab
2011-08-12 16:51 . 2011-08-12 16:51 -------- d-----w- c:\programdata\Malwarebytes
2011-08-12 15:51 . 2011-08-12 15:54 -------- d-----w- c:\windows\system32\Adobe
2011-08-12 15:51 . 2011-08-12 21:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 15:45 . 2011-08-12 15:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-12 15:22 . 2011-07-20 16:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BEC370B-94E2-4A06-9370-91AC4488F15E}\mpengine.dll
2011-08-11 07:52 . 2010-08-12 18:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-08-11 07:52 . 2011-08-12 18:09 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-11 06:35 . 2011-08-11 06:35 -------- d-----w- c:\program files\LSI SoftModem
2011-08-11 05:57 . 2011-08-11 05:57 -------- d-----w- c:\program files\Common Files\Java
2011-08-11 05:56 . 2011-08-11 05:56 -------- d-----w- c:\program files\Java
2011-08-11 05:23 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 05:23 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 05:23 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 05:23 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-11 05:22 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 05:22 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 05:22 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:42 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-10 09:42 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-10 09:42 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-10 09:42 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-10 09:42 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-10 09:42 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-10 09:41 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-10 09:41 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-10 09:41 . 2011-08-10 09:41 -------- d-----w- c:\programdata\AVAST Software
2011-08-10 09:41 . 2011-08-10 09:41 -------- d-----w- c:\program files\AVAST Software
2011-08-10 08:59 . 2011-08-12 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-10 08:59 . 2011-08-10 09:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-10 08:39 . 2011-08-10 08:39 -------- d-----w- c:\users\Tank\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 05:56 . 2010-10-16 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 13:34 . 2011-07-13 03:28 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-08-11 10:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-07-23 6183456]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Skytel "= "Skytel.exe" [2008-07-23 1826816]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Tank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Tank\AppData\Roaming\Mozilla\Firefox\Profiles\n1osriqy.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 14:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2011-08-15 14:33:06
ComboFix-quarantined-files.txt 2011-08-15 21:33
.
Pre-Run: 102,944,284,672 bytes free
Post-Run: 102,913,105,920 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E0DB2DB07862571F82F443E04A4CC6A0

 

OTL.Txt log:
OTL logfile created on: 8/15/2011 5:03:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Tank\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 63.46% Memory free
3.98 Gb Paging File | 3.20 Gb Available in Paging File | 80.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 95.66 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

Computer Name: TANK-PC | User Name: Tank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/15 17:00:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tank\Desktop\OTL.exe
PRC - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 04:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2008/07/23 11:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/22 19:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/07/22 19:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 04:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/25 05:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
IE - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/10 02:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/11 03:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}: C:\Users\Tank\AppData\Local\{D7785E8D-4D3F-41BD-90FE-B5ABBBA6AB9F}

[2011/08/11 03:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tank\AppData\Roaming\Mozilla\Extensions
[2011/08/13 22:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tank\AppData\Roaming\Mozilla\Firefox\Profiles\n1osriqy.default\extensions
[2011/08/11 03:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/10 02:41:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\TANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1OSRIQY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009/09/13 17:06:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/15 14:30:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1193293842-3377536650-3804063580-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O24 - Desktop WallPaper: C:\Users\Tank\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tank\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 17:00:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Tank\Desktop\OTL.exe
[2011/08/15 14:33:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/15 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/15 14:33:08 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Local\temp
[2011/08/15 12:19:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/15 12:19:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/15 12:19:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/15 12:19:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/15 12:19:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/15 12:15:40 | 004,172,996 | R--- | C] (Swearware) -- C:\Users\Tank\Desktop\ComboFix.exe
[2011/08/14 00:27:59 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Roaming\Malwarebytes
[2011/08/14 00:27:53 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/14 00:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/14 00:27:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/14 00:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/14 00:18:57 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Tank\Desktop\dds.scr
[2011/08/14 00:09:06 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Tank\Desktop\aswMBR.exe
[2011/08/13 23:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tank\Desktop\GMER
[2011/08/13 05:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/08/13 05:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2011/08/13 04:33:27 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Local\OpenCandy
[2011/08/13 04:33:25 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Roaming\OpenCandy
[2011/08/13 03:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/13 03:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/12 11:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/12 11:04:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/08/12 11:02:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/08/12 10:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/08/12 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Roaming\SystemRequirementsLab
[2011/08/12 09:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/12 08:51:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/08/12 08:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/12 08:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/11 03:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/11 00:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/10 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/08/10 22:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/10 22:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/10 02:42:04 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/10 02:42:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/10 02:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/10 02:42:03 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/08/10 02:42:03 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/10 02:42:03 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/10 02:42:02 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/10 02:41:20 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/10 02:41:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/10 02:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/10 02:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/10 01:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/10 01:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/10 01:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/10 01:39:38 | 000,000,000 | ---D | C] -- C:\Users\Tank\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2011/08/15 17:00:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tank\Desktop\OTL.exe
[2011/08/15 16:38:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 16:38:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 14:42:27 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/15 14:42:27 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/15 14:38:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/08/15 14:37:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/15 14:37:52 | 2011,557,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/15 14:30:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/15 12:16:08 | 004,172,996 | R--- | M] (Swearware) -- C:\Users\Tank\Desktop\ComboFix.exe
[2011/08/14 05:14:04 | 000,008,192 | ---- | M] () -- C:\Users\Tank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 00:27:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 00:19:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Tank\Desktop\dds.scr
[2011/08/14 00:18:36 | 000,000,512 | ---- | M] () -- C:\Users\Tank\Desktop\MBR.dat
[2011/08/14 00:09:23 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Tank\Desktop\aswMBR.exe
[2011/08/13 22:27:41 | 000,379,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/13 05:51:35 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011/08/13 03:46:09 | 002,173,906 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/08/12 11:09:28 | 000,001,356 | ---- | M] () -- C:\Users\Tank\AppData\Local\d3d9caps.dat
[2011/08/12 08:48:57 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/11 03:28:01 | 000,000,872 | ---- | M] () -- C:\Users\Tank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/11 03:28:01 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 02:40:44 | 000,000,945 | ---- | M] () -- C:\Users\Tank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/11 02:34:51 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/11 02:34:51 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/11 02:34:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/10 23:44:36 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/08/10 02:42:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/03 04:50:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/08/03 04:50:00 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/07/17 12:33:16 | 000,428,178 | ---- | M] () -- C:\Users\Tank\Desktop\nubies.jpg

========== Files Created - No Company Name ==========

[2011/08/15 12:19:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/15 12:19:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/15 12:19:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/15 12:19:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/15 12:19:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/14 00:27:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 00:18:36 | 000,000,512 | ---- | C] () -- C:\Users\Tank\Desktop\MBR.dat
[2011/08/13 05:51:35 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011/08/13 03:45:42 | 002,173,906 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/08/12 11:11:04 | 2011,557,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/12 11:04:00 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/08/12 08:48:57 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/12 08:48:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/11 03:28:01 | 000,000,872 | ---- | C] () -- C:\Users\Tank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/11 03:28:01 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/11 03:28:01 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 02:40:44 | 000,000,945 | ---- | C] () -- C:\Users\Tank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/11 02:34:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/07/17 12:33:14 | 000,428,178 | ---- | C] () -- C:\Users\Tank\Desktop\nubies.jpg
[2011/07/13 03:02:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/26 16:18:20 | 000,000,120 | ---- | C] () -- C:\Users\Tank\AppData\Local\Nbeyocohuvili.dat
[2011/06/26 16:12:56 | 000,021,654 | ---- | C] () -- C:\Users\Tank\AppData\Roaming\FAAA.C87
[2010/06/23 10:12:01 | 000,001,356 | ---- | C] () -- C:\Users\Tank\AppData\Local\d3d9caps.dat
[2010/01/20 12:41:04 | 000,008,192 | ---- | C] () -- C:\Users\Tank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 16:28:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/18 10:08:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 10:08:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/31 12:00:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/03/31 11:53:15 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/19 20:02:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,379,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/13 04:33:25 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\OpenCandy
[2011/08/12 10:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\SystemRequirementsLab
[2011/08/15 14:37:08 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/01/19 19:35:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/03/31 12:05:07 | 000,000,032 | ---- | M] () -- C:\cds.log
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 11:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2011/08/15 14:37:52 | 2011,557,888 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/19 21:03:29 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2011/08/15 14:37:51 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys
[2009/01/19 20:50:13 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 05:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/27 16:35:56 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/11 02:40:44 | 000,000,286 | -HS- | M] () -- C:\Users\Tank\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/08/14 00:09:23 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Tank\Desktop\aswMBR.exe
[2011/08/15 12:16:08 | 004,172,996 | R--- | M] (Swearware) -- C:\Users\Tank\Desktop\ComboFix.exe
[2011/08/15 17:00:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tank\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/12 14:05:05 | 000,000,402 | -HS- | M] () -- C:\Users\Tank\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/03/31 12:05:03 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/31 12:04:20 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >


Extras.Txt log:
OTL Extras logfile created on: 8/15/2011 5:03:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Tank\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 63.46% Memory free
3.98 Gb Paging File | 3.20 Gb Available in Paging File | 80.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 95.66 Gb Free Space | 68.80% Space Free | Partition Type: NTFS

Computer Name: TANK-PC | User Name: Tank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1193293842-3377536650-3804063580-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast" = avast! Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PROR" = Microsoft Office Professional 2007
"SystemRequirementsLab" = System Requirements Lab
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 12:22:19 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2011 12:22:19 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2011 12:22:19 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2011 12:22:19 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2011 12:23:26 PM | Computer Name = Tank-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2011 12:26:25 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/29/2011 12:26:25 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/29/2011 12:26:25 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/29/2011 12:26:26 PM | Computer Name = Tank-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe ".
Dependent
Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/29/2011 12:27:49 PM | Computer Name = Tank-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/14/2011 2:16:02 AM | Computer Name = Tank-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 8/15/2011 3:08:27 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/15/2011 3:21:14 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 3:25:45 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 3:30:18 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 3:50:21 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/15/2011 5:21:50 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 5:26:11 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 5:30:18 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2011 5:40:18 PM | Computer Name = Tank-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

These entries are from my last OTL scan, are they normal?
OTL.Txt log:
[2011/08/11 03:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tank\AppData\Roaming\Mozilla\Extensions
[2011/08/13 22:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tank\AppData\Roaming\Mozilla\Firefox\Profiles\n1osriqy.default\ext ensions
[2011/08/11 03:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --

() (No name found) -- C:\USERS\TANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1OSRIQY.DEFAULT\EXT ENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

Extras.Txt log:
[HKEY_USERS\S-1-5-21-1193293842-3377536650-3804063580-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


Here is my scan with OTL from your last reply. After the scan finished notepad opened up and I saved the log to my desktop, does it automatically save the log to any other location?
08152011_201017.txt log:
All processes killed
========== OTL ==========
Error: No service named gupdatem) Google Update Service (gupdatem was found to stop!
Service\Driver key gupdatem) Google Update Service (gupdatem not found.
Error: No service named gupdate) Google Update Service (gupdate was found to stop!
Service\Driver key gupdate) Google Update Service (gupdate not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1193293842-3377536650-3804063580-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1193293842-3377536650-3804063580-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tank
->Temp folder emptied: 33325 bytes
->Temporary Internet Files folder emptied: 42115497 bytes
->Java cache emptied: 161766 bytes
->FireFox cache emptied: 445879695 bytes
->Flash cache emptied: 2086404 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 468.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tank
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.4 log created on 08152011_201017

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is my Security Check results
checkup.txt log:
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

I am not sure if Temp File Cleaner (TFC) ran successfully. In the middle of the scan a pop up window opened. The message said something like "Windows needs to restart, click OK to restart now" so I just ignored the message and let TFC continue running. TFC said it finished running then a pop up came up and asked me to restart. I was then going to write down exactly what the windows pop up message said but then all of a sudden the computer restarted by itself. Is this normal?

I am now about to run ESET Online Scanner. Do I also check Remove found threats? There is also a message that says "Another antivirus software was detected. This may affect the performance and quality of the scan. Show list" When I click Show list it says Microsoft - Windows Defender. Do I have to disable Windows Defender before I continue?

 

I disabled Windows Defender but it still said "Another antivirus software was detected. This may affect the performance and quality of the scan. Show list ".

I continued with the scan anyways and it found no threats.

 

I did this but when I open the System Restore program there are still restore points from 6 days ago. Did I do something wrong? Here is the results
08162011_185619.log:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tank
->Temp folder emptied: 40429 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52655389 bytes
->Flash cache emptied: 456 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tank
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.4 log created on 08162011_185619

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

If I have Windows Vista I won't have to defrag?