removing Adpeak Scorpion Saver ?

1, hijackthis:

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:30 AM, on 1/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Users\lyhong\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - Global Startup: Lua Driver.lnk = C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0321/CTPID.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8342 bytes

2. dds:

Quote:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by lyhong at 2:15:25 on 2014-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5879 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
uProxyServer = localhost:21320
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYBIMN&co=US&userid=7ab05436-d65c-f91c-035b-ec2505e4bfe1&searchtype=ds&q={searchTerms}&installDate=24/12/2013
mWinlogon: Userinit = userinit.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LUADRI~1.LNK - C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1 184.16.4.22
TCP: Interfaces\{D9AA9BA6-A713-4ED6-B084-16788421775C} : DHCPNameServer = 192.168.1.1 184.16.4.22
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lyhong\AppData\Roaming\Mozilla\Firefox\Profiles\goxqv1zc.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2013-12-24 63904]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-24 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-24 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-24 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=8F71DB22-A8DF-4C0D-A26C-2142A9317F6A --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=8F71DB22-A8DF-4C0D-A26C-2142A9317F6A [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-12-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-12-25 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-25 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-24 1255736]
SUnknown euiwqzcu;euiwqzcu; [x]
.
=============== Created Last 30 ================
.
2014-01-09 20:19:40 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{102EE881-33A4-4CA3-92EC-D1005A219D8F}\mpengine.dll
2014-01-09 20:02:49 -------- d-----w- C:\Windows\System32\MpEngineStore
2014-01-09 05:57:56 -------- d-----w- C:\Windows\SysWow64\Adobe
2014-01-08 01:03:57 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 01:44:48 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2014-01-02 01:37:48 -------- d-----w- C:\Program Files (x86)\Tomb Raider - Legend
2014-01-01 23:16:04 -------- d-----w- C:\Users\lyhong\AppData\Local\Electronic Arts
2013-12-31 21:29:50 -------- d-----w- C:\Program Files (x86)\ROCCAT
2013-12-31 21:29:07 -------- d-----w- C:\Users\lyhong\AppData\Local\Downloaded Installations
2013-12-28 20:51:15 -------- d-----w- C:\Users\lyhong\AppData\Local\ElevatedDiagnostics
2013-12-28 20:49:40 -------- d-----w- C:\MATS
2013-12-28 16:20:31 -------- d-----w- C:\Program Files\CCleaner
2013-12-25 18:48:00 92272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-12-25 18:47:59 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-12-25 18:47:59 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-12-25 18:47:59 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-12-25 13:41:46 -------- d-----w- C:\Users\lyhong\AppData\Local\Risen
2013-12-25 13:28:16 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2013-12-25 13:28:14 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2013-12-25 13:28:11 -------- d-----w- C:\Windows\SysWow64\AGEIA
2013-12-25 13:28:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-25 13:21:57 -------- d-----w- C:\Program Files (x86)\Deep Silver
2013-12-25 08:59:59 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-25 08:59:59 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-25 08:59:59 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-25 08:59:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-25 08:59:59 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-25 08:59:58 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-25 08:59:58 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-25 08:54:21 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2013-12-25 08:54:21 53248 ------w- C:\Windows\Ctregrun.exe
2013-12-25 08:37:00 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2013-12-25 08:29:23 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2013-12-25 08:29:21 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2013-12-25 08:29:00 -------- d-----w- C:\Program Files\Creative
2013-12-25 08:27:45 12288 ----a-w- C:\Windows\System32\INRES.DLL
2013-12-25 08:01:52 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-12-25 05:41:22 -------- d-----w- C:\Users\lyhong\AppData\Roaming\JGsoft
2013-12-25 05:32:24 -------- d-----w- C:\Users\lyhong\AppData\Roaming\NoteTab Light
2013-12-25 05:23:41 -------- d-----w- C:\z-softwares
2013-12-25 05:23:41 -------- d-----w- C:\Users\lyhong\AppData\Local\GHISLER
2013-12-25 05:10:21 -------- d-----w- C:\Users\lyhong\AppData\Local\Macromedia
2013-12-25 05:09:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-25 05:09:54 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-25 05:03:40 -------- d-----w- C:\Users\lyhong\AppData\Local\Adobe
2013-12-25 04:30:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-12-25 04:30:41 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-25 04:07:53 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2306F329-F8C7-4189-A8C0-090C57A7EB3F}\gapaengine.dll
2013-12-25 04:03:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-12-25 04:03:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-12-25 03:57:43 -------- d-----w- C:\Windows\Migration
2013-12-25 03:33:44 -------- d-----w- C:\Users\lyhong\AppData\Local\Mozilla
2013-12-25 02:34:33 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-25 01:24:25 -------- d-----w- C:\Users\lyhong\AppData\Local\Thunderbird
2013-12-25 01:24:20 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-25 01:22:43 -------- d-----w- C:\temp
2013-12-25 01:22:36 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-12-25 01:09:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-25 01:09:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 01:08:41 -------- d-----w- C:\Users\lyhong\AppData\Local\Programs
2013-12-25 00:55:31 -------- d-----w- C:\Users\lyhong\AppData\Roaming\GHISLER
2013-12-25 00:51:14 545 ----a-w- C:\Windows\UC.PIF
2013-12-25 00:51:14 545 ----a-w- C:\Windows\RAR.PIF
2013-12-25 00:51:14 545 ----a-w- C:\Windows\LHA.PIF
2013-12-25 00:51:14 545 ----a-w- C:\Windows\ARJ.PIF
2013-12-25 00:51:13 545 ----a-w- C:\Windows\PKZIP.PIF
2013-12-25 00:51:13 545 ----a-w- C:\Windows\PKUNZIP.PIF
2013-12-25 00:51:13 545 ----a-w- C:\Windows\NOCLOSE.PIF
2013-12-25 00:51:02 -------- d-----w- C:\wincmd
2013-12-25 00:44:33 -------- d-----w- C:\Windows\Panther
2013-12-25 00:44:18 -------- d-sh--w- C:\Boot
2013-12-25 00:40:04 -------- d-sh--w- C:\Windows\Installer
2013-12-25 00:29:58 -------- d-----w- C:\936c0680310dee92193728bb
2013-12-25 00:25:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-12-25 00:25:12 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-12-24 23:45:50 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-24 23:45:50 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-24 23:45:49 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-24 23:45:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-24 23:15:15 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-24 22:59:29 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-24 22:59:26 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B2B73CF-8A9F-488C-94B7-23ACA4E808D3}\mpengine.dll
2013-12-24 22:44:46 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-12-24 22:44:46 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-12-24 22:44:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-12-24 22:44:46 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-12-24 22:44:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-12-24 22:44:46 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-12-24 22:44:46 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-12-24 22:38:51 -------- d-----w- C:\Windows\System32\MRT
2013-12-24 22:38:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-24 22:38:24 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-24 22:38:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-24 22:29:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-12-24 22:28:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-12-24 22:27:59 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-12-24 22:26:41 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-24 22:24:02 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-12-24 22:22:37 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-12-24 22:22:20 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-24 22:22:20 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-24 22:22:18 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-24 22:22:18 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-24 22:16:40 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-12-24 22:16:39 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-24 22:16:39 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-24 22:16:39 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-24 22:16:39 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-24 22:16:39 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-24 22:16:33 77312 ----a-w- C:\Windows\System32\packager.dll
2013-12-24 22:16:33 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-12-24 22:06:07 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-24 22:06:07 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-24 22:06:07 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-24 22:02:09 -------- d--h--w- C:\Windows\AxInstSV
2013-12-24 22:01:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-12-24 22:01:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-12-24 22:00:20 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-12-24 22:00:20 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-12-24 22:00:00 -------- d-----w- C:\Users\lyhong\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2013-12-25 08:34:24 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-12-25 08:34:24 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-12-25 08:34:24 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-12-25 08:34:24 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-12-24 23:03:50 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-23 08:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 2:15:47.34 ===============

Quote:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2013 4:59:34 PM
System Uptime: 1/9/2014 3:08:36 PM (11 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790FX-GD70(MS-7577)
Processor: AMD Phenom(tm) II X4 955 Processor | CPU1 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1863 GiB total, 1769.511 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: hlnfd
Device ID: ROOT\LEGACY_HLNFD\0000
Manufacturer:
Name: hlnfd
PNP Device ID: ROOT\LEGACY_HLNFD\0000
Service: hlnfd
.
==== System Restore Points ===================
.
RP37: 1/3/2014 6:04:24 PM - Windows Update
RP38: 1/6/2014 8:03:19 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Arx Fatalis
CCleaner
Creative ALchemy
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Left 4 Dead
Left 4 Dead 2
Mark of the Ninja
Microsoft .NET Framework 4.5.1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 en-GB)
Notepad++
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.15.2
NVIDIA Update Components
OpenAL
Risen
ROCCAT Lua Mouse Driver
Spybot - Search & Destroy
Steam
swMSM
The Incredible Adventures of Van Helsing
Tomb Raider: Legend 1.1
Total Commander 64-bit (Remove or Repair)
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 9:49:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/9/2014 9:45:34 AM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
1/9/2014 9:45:34 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/9/2014 9:38:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
1/9/2014 9:38:39 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0 The details view of this entry contains further information.
1/9/2014 9:38:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8008cca8f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\010914-33197-01.dmp. Report Id: 010914-33197-01.
1/9/2014 5:41:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/9/2014 3:09:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hlnfd
1/9/2014 3:09:10 PM, Error: Service Control Manager [7000] - The Level Quality Watcher service failed to start due to the following error: The system cannot find the file specified.
1/9/2014 3:02:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/9/2014 2:54:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
1/9/2014 2:51:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800924e038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\010914-33743-01.dmp. Report Id: 010914-33743-01.
1/9/2014 10:04:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/9/2014 10:04:27 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147024809
1/9/2014 1:25:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/8/2014 9:52:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/8/2014 9:38:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/8/2014 9:29:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80080005 Error description: Server execution failed
1/8/2014 8:14:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/8/2014 8:14:58 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2014 7:37:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8008a83748, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\010814-34507-01.dmp. Report Id: 010814-34507-01.
1/10/2014 1:53:20 AM, Error: nvlddmkm [14] -
.
==== End Of File ===========================

4, ark:

Quote:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-10 02:25:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD20EARX-00PASB0 rev.51.0AB51 1863.02GB
Running: 98mt2hnp.exe; Driver: C:\Users\lyhong\AppData\Local\Temp\awdirpog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002deb000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002deb042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\wininit.exe[452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\services.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\services.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\services.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\services.exe[512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\services.exe[512] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0xdf420]}
.text C:\Windows\system32\lsass.exe[540] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\lsass.exe[540] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\lsass.exe[540] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\lsass.exe[540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 9000027
.text C:\Windows\system32\lsass.exe[540] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0xdf420]}
.text C:\Windows\system32\lsm.exe[560] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\lsm.exe[560] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\lsm.exe[560] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\lsm.exe[560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\winlogon.exe[568] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\winlogon.exe[568] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\winlogon.exe[568] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\winlogon.exe[568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[692] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0x2ef420]}
.text C:\Windows\system32\nvvsvc.exe[756] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\nvvsvc.exe[756] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\nvvsvc.exe[756] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\nvvsvc.exe[756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 2 bytes CALL 71ab0000
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 496 0000000075ac2c94 1 byte [71]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[780] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a1000a
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 730077
.text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 9000027
.text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0x2ef420]}
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes JMP 1910191
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes JMP 6d04481
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes JMP 1e5ae81
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0x2ef420]}
.text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[380] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 2 bytes CALL 71ab0000
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 496 0000000075ac2c94 1 byte [71]
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1040] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a1000a
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 79000026
.text C:\Windows\System32\spoolsv.exe[1472] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\System32\spoolsv.exe[1472] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\System32\spoolsv.exe[1472] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\System32\spoolsv.exe[1472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1500] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[1500] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[1500] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[1500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1500] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 2ef420
.text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 2 bytes CALL 71ab0000
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 496 0000000075ac2c94 1 byte [71]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a1000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1316] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1316] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1316] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1316] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2028] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Windows\system32\taskhost.exe[2780] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\taskhost.exe[2780] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\taskhost.exe[2780] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\taskhost.exe[2780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 79000026
.text C:\Windows\system32\taskhost.exe[2780] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 0
.text C:\Windows\system32\Dwm.exe[2788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\Explorer.EXE[2812] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\Explorer.EXE[2812] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\Explorer.EXE[2812] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\Explorer.EXE[2812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 9000027
.text C:\Windows\Explorer.EXE[2812] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes {JMP QWORD [RIP+0x2ef420]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3016] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3016] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3016] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 26]
.text C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe[2188] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Ctxfihlp.exe[2588] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Windows\SysWOW64\Ctxfihlp.exe[2588] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Windows\SysWOW64\Ctxfihlp.exe[2588] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Windows\SysWOW64\Ctxfihlp.exe[2588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Windows\SysWOW64\Ctxfihlp.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[2684] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[2684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Windows\SysWOW64\CTXFISPI.EXE[2684] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[988] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[988] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[988] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\SearchIndexer.exe[1304] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\SearchIndexer.exe[1304] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\SearchIndexer.exe[1304] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\SearchIndexer.exe[1304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 9000027
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2384] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2384] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2384] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\svchost.exe[3412] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\System32\svchost.exe[3412] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\System32\svchost.exe[3412] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\System32\svchost.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\svchost.exe[3412] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd7d0c10 6 bytes JMP 1a8ed8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2240] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Windows\system32\taskeng.exe[3896] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\taskeng.exe[3896] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\taskeng.exe[3896] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\taskeng.exe[3896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075ac549c 5 bytes JMP 0000000100260800
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75]
.text C:\Program Files (x86)\Steam\Steam.exe[3232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075ac549c 5 bytes JMP 0000000100160800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2568] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\svchost.exe[2568] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\svchost.exe[2568] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\svchost.exe[2568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\taskhost.exe[3248] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\system32\taskhost.exe[3248] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\system32\taskhost.exe[3248] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\system32\taskhost.exe[3248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\svchost.exe[5064] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000772ca420 6 bytes {JMP QWORD [RIP+0x8d95c10]}
.text C:\Windows\System32\svchost.exe[5064] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000772e1b50 6 bytes {JMP QWORD [RIP+0x8d5e4e0]}
.text C:\Windows\System32\svchost.exe[5064] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077358810 6 bytes {JMP QWORD [RIP+0x8cc7820]}
.text C:\Windows\System32\svchost.exe[5064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd3f9055 3 bytes CALL 9000027
.text C:\Users\lyhong\Downloads\98mt2hnp.exe[3748] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076b7103d 6 bytes JMP 71a8000a
.text C:\Users\lyhong\Downloads\98mt2hnp.exe[3748] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076b71072 6 bytes JMP 71af000a
.text C:\Users\lyhong\Downloads\98mt2hnp.exe[3748] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076b9c965 6 bytes JMP 71a5000a
.text C:\Users\lyhong\Downloads\98mt2hnp.exe[3748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075ac2c91 4 bytes CALL 71ac0000
.text C:\Users\lyhong\Downloads\98mt2hnp.exe[3748] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076a95429 6 bytes JMP 71a2000a

---- EOF - GMER 2.1 ----

removing Adpeak Scorpion Saver ?

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112