Hi people of the forum. Im new here and you can call me Josef.

And i have a problem with my computer.

Lets just say in the last week i installed a load of games and downloaded a lot of music. Everything is still silky smooth and fast as ever (my computer-both internet and the PC itself.)

And well, my computer suddenly became very VERY slow. I tried all methods i can find on the internet, downloaded these registry cleaners, driver updaters, malware/adware/spyware virus removers.

-MalwareBytes
-AVGFree
-IobitSecurity
-Gamebooster ( for my games that is )
-Advanced System Care 4
-Registry Easy
-Ccleaner

So i cleaned my PC up. Also i used msconfig and tried to defragment my computer.
But theres another thing, when i tried to defragment my computer it was already like 8 hours and it still hasnt finished!

By the way, i also even deleted and uninstalled programs so i can free up some space.
Currently my C-Drive has 61.3 GB free of 144 GB. And my D-Drive has 71 GB free of 144GB.

And here are the stats for my computer. (if thats what you call it)
Intel Core 2 Duo E4600 @ 2.40Ghz
2.00 GB Ram
Nvidia Geforce 8400.

And please. Im starting to get frustrated about this. Please help. Thanks !

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ===================================

Advanced System Care 4
Registry Easy

Start with uninstalling both.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

Hey, dude, thanks. I just came back from school and ill be able to notify you on this time during
mondays-fridays. On weekends im not so sure on what time ill be able to notify you.

Ok, heres the situation.

Yesterday i defragmented my computer. I started it at 3:00 am in the morning, i woke up at 6:00 am
checked the PC and its still defragging. So i let it be. I came back at 2.pm and it was done.
And whats good about that is that after it defragged succesfully my PC was back in its tip top shape!

It was fast and good.

So i went to a site that i frequently save pics from. (Pictures of cars and other stuff)
Ok and after that it was still running good. But then it went slow again! I dont know why!

Last few days i also tried leaving the thing scanning on MalwareBytes. After the few minutes that is scanned it was ok. Speed was good, after that i played Terraria (A pc game) for after 6 minutes. It already slowed down. So i really need your help.

And by the way, i already uninstalled the 2 programs you asked me to uninstall. So now what do i do?

Thanks bro!

Oh and im sorry that i didnt notice the rules to post GMER and stuff here it is.

Here it is. Tell me if im correct or wrong because its my 1st time doing this stuff.


GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-31 19:00:08
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-00L9A0 rev.01.03E01
Running: qdhhv0gl.exe; Driver: C:\Users\owner\AppData\Local\Temp\pwdoapow.sys


---- System - GMER 1.0.15 ----

SSDT 872F5360 ZwConnectPort

INT 0x51 ? 8656CCC8
INT 0x62 ? 8656CCC8
INT 0x72 ? 8656CCC8
INT 0x82 ? 8656CCC8
INT 0x92 ? 855EDCC8
INT 0xA2 ? 855EDCC8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 3F4 824FCA18 4 Bytes [60, 53, 2F, 87]
.text sptd.sys 82A99000 32 Bytes [9E, DF, 41, 82, 60, 4F, 41, ...]
.text sptd.sys 82A99024 4 Bytes [D2, 83, BC, 82]
.text sptd.sys 82A9917D 83 Bytes [74, 49, 82, FC, A1, 60, 82, ...]
.text sptd.sys 82A991D1 3 Bytes [70, 49, 82]
.text sptd.sys 82A991E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x82B90D38]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8E75346F 5 Bytes JMP 8656C1D8
.text apuepv5f.SYS 8C35D000 47 Bytes [26, 82, 41, 82, 10, 81, 41, ...]
.text apuepv5f.SYS 8C35D030 148 Bytes [D0, 65, 49, 82, 26, 1C, 47, ...]
.text apuepv5f.SYS 8C35D0C6 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP}
.text apuepv5f.SYS 8C35D0D8 14 Bytes [00, 00, 00, 00, 02, 00, 00, ...]
.text apuepv5f.SYS 8C35D0E7 31 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[476] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[476] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[476] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[476] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\Explorer.EXE[476] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A9AFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [82A9A574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A9A0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A9B1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A9A2A4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A9A362] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[HAL.dll!KfAcquireSpinLock] CDF753EA
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[HAL.dll!KfReleaseSpinLock] DB447886
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortPauseDevice] C468B93E
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortResumeDevice] 3424382C
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortInitialize] 40A3C25F
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortNotification] C31D1672
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[TDI.SYS!TdiDeregisterPnPHandlers] 950DFF41
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[TDI.SYS!TdiRegisterPnPHandlers] 01A83971
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskDeregister] E4B4D89C
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskReleaseProviderNPI] C1566490
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskRegister] 84CB7B61
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskCaptureProviderNPI] B632D570

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74628864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74669855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7462B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7461FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74627A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7461EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7465B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7462BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74620756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746206BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746171B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746AD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74647329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7461E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7461697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746169A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74622475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855F51F8
Device \Driver\usbuhci \Device\USBPDO-0 86AA9430
Device \Driver\usbuhci \Device\USBPDO-1 86AA9430
Device \Driver\usbuhci \Device\USBPDO-2 86AA9430
Device \Driver\usbuhci \Device\USBPDO-3 86AA9430
Device \Driver\usbehci \Device\USBPDO-4 86652430

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\cdrom \Device\CdRom0 866741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855F41F8
Device \Driver\atapi \Device\Ide\IdePort0 855F41F8
Device \Driver\atapi \Device\Ide\IdePort1 855F41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 855F41F8
Device \Driver\cdrom \Device\CdRom1 866741F8
Device \Driver\netbt \Device\NetBt_Wins_Export 872DB1F8
Device \Driver\Smb \Device\NetbiosSmb 872D91F8
Device \Driver\PCI_PNP9742 \Device\00000093 sptd.sys
Device \Driver\PCI_PNP9742 \Device\00000093 sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86B6B430

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\000000aa 872141F8
Device \Driver\USBSTOR \Device\000000ab 872141F8
Device \Driver\usbuhci \Device\USBFDO-0 86AA9430
Device \Driver\USBSTOR \Device\000000ac 872141F8
Device \Driver\usbuhci \Device\USBFDO-1 86AA9430
Device \Driver\USBSTOR \Device\000000ad 872141F8
Device \Driver\usbuhci \Device\USBFDO-2 86AA9430
Device \Driver\USBSTOR \Device\000000ae 872141F8
Device \Driver\usbuhci \Device\USBFDO-3 86AA9430
Device \Driver\usbehci \Device\USBFDO-4 86652430
Device \Driver\apuepv5f \Device\Scsi\apuepv5f1Port3Path0Target0Lun0 8677F430
Device \Driver\apuepv5f \Device\Scsi\apuepv5f1 8677F430
Device \FileSystem\cdfs \Cdfs 84E5A1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xD7 0xC9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xB2 0x7A 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujd ew 0xEF 0x3D 0x00 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0xAE 0xDC 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x4A 0xB7 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0xE1 0x2E 0x8B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xBB 0xD7 0xC9 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xB2 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEF 0x3D 0x00 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0xAE 0xDC 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x4A 0xB7 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0xE1 0x2E 0x8B ...

---- EOF - GMER 1.0.15 ----

All logs have to be pasted.
You're also missing Malwarebytes log.

K here is the Malware Bytes log.

Hey, i just looked at my Task Manager.

Its really looking bad. ( I think so )

I see the Physical Memory thing it says

Total 2045
Cached 1206
Free 5

Kernel Memory (MB)
Total 165
Paged 120
Nonpaged 45

Processes: 81 CPU Usage: 11% Physical Memory: 54%

So i dunno. I think i need to get the Free Physical memory up am i right? And how do i do that? Just asking.

Seriously dude, im getting kinda frustrated about this matter. I cant even play any games on my computer now, Need for Speed undercover runs so slow, Terraria also runs real slow, even flash games on the internet is super slow. Please help me.

One more time....
All logs have to be pasted, not attached.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_25
Run by owner at 19:09:46 on 2011-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.65.1033.18.2046.860 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\owner\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSEARCH PAGE =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar =
mStart Page = hxxp://en.sg.acer.yahoo.com
mDefault_Page_URL = hxxp://en.sg.acer.yahoo.com
mDefault_Search_URL = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! Search - Web Search
mSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*Yahoo! Search - Web Search
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! Search - Web Search
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationE rror.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: wit for ie: {75ed56af-4dc9-4243-a30c-4ef4dd0ca28f} - WitBHO Class
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationE rror.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\Iminent.WebBooster.dll
BHO: Iminent.LinkToContent: {a6e9baaf-53cd-4575-967b-2af710a7d21f} - LinkToContent Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [.IMinentUpdate] c:\users\owner\appdata\local\temp\NotifierSetup.ex e
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [IMBooster] c:\program files\iminent\imbooster\IMBooster.exe /warmup
mRun: [Iminent.Notifier] c:\program files\iminent\searchtheweb\Iminent.Notifier.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll/206
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=e n_US&apn_uid=2F964246-DA44-4596-87F5-935296380A0C&apn_ptnrs=FN&apn_sauid=1660BFCE-6478-490B-83AC-3F8EC8D8F82E&apn_dtid=TES002YYAU&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\webbooster@iminent.com\componen ts\Iminent.XPCOM.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExten sion.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug. dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dl l
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21. 53\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\local\rockmelt\update\1.2.1 89.1\npRockMeltOneClick8.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\lo ader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\extensions\activegs@freetoo lsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\pro files\0szwjv36.default\extensions\firefox@tvunetwo rks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {1bc63fdf-9689-2384-1acf-03c94fac9b2e} - c:\program files\mozilla firefox\extensions\{1bc63fdf-9689-2384-1acf-03c94fac9b2e}
FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\program files\mozilla firefox\extensions\webbooster@iminent.com
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\mozilla firefox\extensions\quickstores@quickstores.de
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Chameleon Tom: {6236BA26-C117-4007-928C-DE0716C7FA78} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA78}
FF - Ext: Chameleon Tom Toolbar: {e776fbbe-9f00-456f-9278-478f134d35c0} - %profile%\extensions\{e776fbbe-9f00-456f-9278-478f134d35c0}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FBLayouts: fblayouts@hotlayouts2u.com - %profile%\extensions\fblayouts@hotlayouts2u.com
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation .com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-8-7 21504]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-7-31 68136]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-5-23 312152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-14 102760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FAH@C:+Program Files+EA Games+Need for Speed Undercover+FAH.exe;FAH@C:+Program Files+EA Games+Need for Speed Undercover+FAH.exe;c:\program files\ea games\need for speed undercover\fah.exe -svcstart --> c:\program files\ea games\need for speed undercover\FAH.exe -svcstart [?]
S2 gupdate1ca14da6603c170;Google Update Service (gupdate1ca14da6603c170);c:\program files\google\update\GoogleUpdate.exe [2009-8-4 133104]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-1-31 112128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-4 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-31 100736]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsd efs\20061025.029\IDSvix86.sys [2007-4-14 202872]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2009-7-31 5504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-14 1174152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-30 12:15:52 -------- d-----w- c:\program files\Defraggler
2011-05-30 11:15:29 -------- d--h--w- C:\$AVG
2011-05-30 11:08:56 -------- d-----w- c:\users\owner\appdata\roaming\AVG10
2011-05-30 11:05:43 -------- d--h--w- c:\programdata\Common Files
2011-05-30 11:00:13 -------- d-----w- c:\programdata\AVG10
2011-05-30 10:57:54 -------- d-----w- c:\program files\AVG
2011-05-30 10:51:02 -------- d-----w- c:\programdata\MFAData
2011-05-30 09:46:46 -------- d-----w- c:\users\owner\appdata\local\ApplicationHistory
2011-05-30 08:37:13 -------- d-----w- C:\ERDNT
2011-05-30 08:37:09 -------- d-----w- c:\windows\ERUNT
2011-05-30 08:36:13 -------- d-----w- C:\!FixIEDef
2011-05-30 07:01:41 -------- d-----w- c:\windows\pss
2011-05-29 13:05:44 -------- d-----w- c:\users\owner\appdata\roaming\DeviceDoctorSoftwar e
2011-05-29 13:05:35 -------- d-----w- c:\program files\Device Doctor
2011-05-29 12:45:20 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2011-05-29 12:17:57 -------- d-----w- c:\programdata\Easy Driver Pro
2011-05-28 09:27:04 -------- d-----w- c:\windows\system32\wbem\mof\good
2011-05-28 09:27:04 -------- d-----w- c:\windows\system32\wbem\mof\bad
2011-05-27 10:09:11 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cbb1c590-2398-41b1-bf65-492fb981e2ca}\mpengine.dll
2011-05-25 08:08:14 -------- d-----w- c:\program files\Microsoft XNA
2011-05-25 08:04:13 -------- d-----w- c:\program files\Terraria
2011-05-24 05:19:13 -------- d-----w- c:\users\owner\appdata\roaming\engel
2011-05-23 06:44:26 -------- d-----w- c:\users\owner\appdata\roaming\IObit
2011-05-23 06:41:57 -------- d-----w- c:\programdata\IObit
2011-05-23 06:41:56 -------- d-----w- c:\program files\IObit
2011-05-21 17:23:43 -------- d-----w- c:\users\owner\appdata\local\Apps
2011-05-21 17:23:42 -------- d-----w- c:\users\owner\appdata\local\Deployment
2011-05-16 07:19:04 -------- d-----w- c:\users\owner\appdata\local\Rockstar Games
2011-05-16 06:42:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-12 12:51:18 -------- d--h--w- c:\programdata\{44CB9CE9-C39F-40C4-B32D-20D42E280495}
2011-05-12 12:38:51 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-12 12:34:10 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:34:10 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-12 12:34:10 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-12 12:34:10 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-12 12:34:10 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-12 12:34:09 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-12 12:34:09 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-12 12:34:09 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-12 12:34:09 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-12 12:34:08 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-12 12:33:31 -------- d-----w- C:\NVIDIA
2011-05-12 05:05:51 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-12 05:05:39 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-12 05:05:32 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-12 05:05:30 -------- d-----w- c:\users\owner\appdata\local\PunkBuster
2011-05-12 04:49:54 -------- d-----w- c:\program files\EA Games
2011-05-11 19:02:24 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-09 04:14:14 7552 ----a-w- c:\windows\system32\drivers\enodpl.sys
2011-05-09 04:14:14 6532 ----a-w- c:\windows\system32\ENODPL.VXD
2011-05-09 04:14:14 4736 ----a-w- c:\windows\system32\drivers\tandpl.sys
2011-05-09 04:14:13 6659 ----a-w- c:\windows\system32\TANDPL.VXD
2011-05-08 11:41:03 -------- d-----w- c:\users\owner\appdata\local\Graboid_Inc
2011-05-08 11:41:02 -------- d-----w- c:\users\owner\appdata\local\Graboid
2011-05-08 11:40:59 -------- d-----w- c:\users\owner\appdata\local\Geckofx
2011-05-08 11:39:44 -------- d-----w- c:\program files\VideoLAN
2011-05-08 11:39:28 -------- d-----w- c:\program files\Graboid
2011-05-08 09:07:06 -------- d-----w- C:\Editing Tools
2011-05-08 09:06:50 -------- d-----w- c:\users\owner\appdata\roaming\REDitor II
2011-05-04 21:45:55 -------- d-----w- c:\program files\common files\BioWare
2011-05-03 11:11:18 -------- d-----w- c:\users\owner\appdata\local\Garena
.
==================== Find3M ====================
.
2011-05-31 09:54:32 17488 ----a-w- c:\windows\gdrv.sys
2011-04-17 07:31:34 6144 ----a-w- c:\windows\system32\BReWErS.dll
2011-04-13 21:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 10:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 10:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 05:14:00 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14:00 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 14:45:08 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 14:45:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 14:45:06 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 14:45:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 14:44:58 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 14:44:48 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 1440 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 1429 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 1426 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 1425 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 1425 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:01:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 19:11:39.39 ===============



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: G31M-ES2L
Logical Drives Mask: 0x00000f9c

Kernel Drivers (total 157):
0x82444000 \SystemRoot\system32\ntkrnlpa.exe
0x82411000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x80610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80670000 \SystemRoot\system32\PSHED.dll
0x80681000 \SystemRoot\system32\BOOTVID.dll
0x80689000 \SystemRoot\system32\CLFS.SYS
0x806CA000 \SystemRoot\system32\CI.dll
0x82A0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A8B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A98000 \SystemRoot\System32\Drivers\sptd.sys
0x82BAB000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82BB4000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807AA000 \SystemRoot\system32\drivers\acpi.sys
0x82BDA000 \SystemRoot\system32\drivers\msisadrv.sys
0x8860D000 \SystemRoot\system32\drivers\pci.sys
0x88634000 \SystemRoot\System32\drivers\partmgr.sys
0x88643000 \SystemRoot\system32\drivers\volmgr.sys
0x88652000 \SystemRoot\System32\drivers\volmgrx.sys
0x8869C000 \SystemRoot\system32\drivers\intelide.sys
0x886A3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x886B1000 \SystemRoot\System32\drivers\mountmgr.sys
0x886C1000 \SystemRoot\system32\drivers\iastor.sys
0x88779000 \SystemRoot\system32\drivers\atapi.sys
0x88781000 \SystemRoot\system32\drivers\ataport.SYS
0x8879F000 \SystemRoot\system32\drivers\fltmgr.sys
0x887D1000 \SystemRoot\system32\drivers\fileinfo.sys
0x887E1000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x88800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88871000 \SystemRoot\system32\drivers\ndis.sys
0x8897C000 \SystemRoot\system32\drivers\msrpc.sys
0x889A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A0A000 \SystemRoot\System32\drivers\tcpip.sys
0x88AF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D15000 \SystemRoot\system32\drivers\volsnap.sys
0x88D4E000 \SystemRoot\System32\Drivers\spldr.sys
0x88D56000 \SystemRoot\system32\drivers\psdvdisk.sys
0x88D68000 \SystemRoot\system32\drivers\PSDNServ.sys
0x88D71000 \SystemRoot\System32\Drivers\mup.sys
0x88D80000 \SystemRoot\System32\drivers\ecache.sys
0x88DA7000 \SystemRoot\system32\drivers\disk.sys
0x88DB8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88DD9000 \SystemRoot\system32\drivers\crcdisk.sys
0x88B16000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88B21000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B2A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DC01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E632000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x8E634000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E6D3000 \SystemRoot\System32\drivers\watchdog.sys
0x8E6E0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E718000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E723000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E761000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C202000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C2F9000 \SystemRoot\system32\drivers\modem.sys
0x8C306000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C320000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8C32A000 \SystemRoot\system32\DRIVERS\parport.sys
0x8C342000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C35A000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8C35C000 \SystemRoot\System32\Drivers\apuepv5f.SYS
0x8C395000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E770000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3C3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C3CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C3E5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E7B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C3F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E7D4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E7E8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x88B39000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88B49000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88B54000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88B5F000 \SystemRoot\system32\DRIVERS\ks.sys
0x88B89000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88B93000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88BA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88BD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D20E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D443000 \SystemRoot\system32\drivers\portcls.sys
0x8D470000 \SystemRoot\system32\drivers\drmk.sys
0x8D495000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D49E000 \SystemRoot\System32\Drivers\Null.SYS
0x8D4A5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D4C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D4CF000 \SystemRoot\System32\drivers\vga.sys
0x8D4DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D4FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D504000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D50C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D517000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D525000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D52E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D540000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D542000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D558000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D56C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D59E000 \SystemRoot\system32\drivers\afd.sys
0x8D5E6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D200000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D4AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D60B000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8D637000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8D659000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8D66A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D6A6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D6B0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8D712000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D71B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D72B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8D748000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D75F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D776000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D77E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D787000 \SystemRoot\System32\Drivers\crashdmp.sys



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6729

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

1/6/2011 3:25:01 PM
mbam-log-2011-06-01 (15-25-01).txt

Scan type: Quick scan
Objects scanned: 165781
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-31 19:00:08
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-00L9A0 rev.01.03E01
Running: qdhhv0gl.exe; Driver: C:\Users\owner\AppData\Local\Temp\pwdoapow.sys


---- System - GMER 1.0.15 ----

SSDT 872F5360 ZwConnectPort

INT 0x51 ? 8656CCC8
INT 0x62 ? 8656CCC8
INT 0x72 ? 8656CCC8
INT 0x82 ? 8656CCC8
INT 0x92 ? 855EDCC8
INT 0xA2 ? 855EDCC8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 3F4 824FCA18 4 Bytes [60, 53, 2F, 87]
.text sptd.sys 82A99000 32 Bytes [9E, DF, 41, 82, 60, 4F, 41, ...]
.text sptd.sys 82A99024 4 Bytes [D2, 83, BC, 82]
.text sptd.sys 82A9917D 83 Bytes [74, 49, 82, FC, A1, 60, 82, ...]
.text sptd.sys 82A991D1 3 Bytes [70, 49, 82]
.text sptd.sys 82A991E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x82B90D38]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8E75346F 5 Bytes JMP 8656C1D8
.text apuepv5f.SYS 8C35D000 47 Bytes [26, 82, 41, 82, 10, 81, 41, ...]
.text apuepv5f.SYS 8C35D030 148 Bytes [D0, 65, 49, 82, 26, 1C, 47, ...]
.text apuepv5f.SYS 8C35D0C6 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP}
.text apuepv5f.SYS 8C35D0D8 14 Bytes [00, 00, 00, 00, 02, 00, 00, ...]
.text apuepv5f.SYS 8C35D0E7 31 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[476] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[476] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[476] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[476] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\Explorer.EXE[476] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[488] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[488] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[488] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[752] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[752] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[752] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[860] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\NOTEPAD.EXE[2112] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\NOTEPAD.EXE[2112] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2116] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2160] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] KERNEL32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2168] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[2176] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] KERNEL32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Iminent\IMBooster\IMBooster.exe[2188] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe[2200] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2272] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2316] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2316] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2316] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2356] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2364] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2592] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2744] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[2744] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[4000] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\Downloads\qdhhv0gl.exe[4460] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5148] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[5936] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtCreateKey 77637CB8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtCreateKey + 4 77637CBC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtSetValueKey 77638CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ntdll.dll!NtSetValueKey + 4 77638CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!CreateProcessW 771E1C01 6 Bytes JMP 5F0D0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!CreateProcessA 771E1C36 6 Bytes JMP 5F0A0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] kernel32.dll!LoadLibraryExW 772030C3 6 Bytes JMP 5F070F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateProcessAsUserW 76F0A8F5 6 Bytes JMP 5F100F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateServiceW 76F338FF 6 Bytes JMP 5F1C0F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateProcessWithLogonW 76F586A9 6 Bytes JMP 5F040F5A
.text C:\Users\owner\AppData\Local\Google\Chrome\Applica tion\chrome.exe[6024] ADVAPI32.dll!CreateServiceA 76F76C71 6 Bytes JMP 5F190F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A9AFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [82A9A574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A9A0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A9B1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A9A2A4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A9A362] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[HAL.dll!KfAcquireSpinLock] CDF753EA
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[HAL.dll!KfReleaseSpinLock] DB447886
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortPauseDevice] C468B93E
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortResumeDevice] 3424382C
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortInitialize] 40A3C25F
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[storport.sys!StorPortNotification] C31D1672
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[TDI.SYS!TdiDeregisterPnPHandlers] 950DFF41
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[TDI.SYS!TdiRegisterPnPHandlers] 01A83971
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskDeregister] E4B4D89C
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskReleaseProviderNPI] C1566490
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskRegister] 84CB7B61
IAT \SystemRoot\System32\Drivers\apuepv5f.SYS[NETIO.SYS!WskCaptureProviderNPI] B632D570

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74628864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74669855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7462B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7461FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74627A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7461EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7465B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7462BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74620756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746206BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746171B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746AD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74647329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7461E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7461697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746169A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74622475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855F51F8
Device \Driver\usbuhci \Device\USBPDO-0 86AA9430
Device \Driver\usbuhci \Device\USBPDO-1 86AA9430
Device \Driver\usbuhci \Device\USBPDO-2 86AA9430
Device \Driver\usbuhci \Device\USBPDO-3 86AA9430
Device \Driver\usbehci \Device\USBPDO-4 86652430

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\cdrom \Device\CdRom0 866741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855F41F8
Device \Driver\atapi \Device\Ide\IdePort0 855F41F8
Device \Driver\atapi \Device\Ide\IdePort1 855F41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 855F41F8
Device \Driver\cdrom \Device\CdRom1 866741F8
Device \Driver\netbt \Device\NetBt_Wins_Export 872DB1F8
Device \Driver\Smb \Device\NetbiosSmb 872D91F8
Device \Driver\PCI_PNP9742 \Device\00000093 sptd.sys
Device \Driver\PCI_PNP9742 \Device\00000093 sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86B6B430

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\000000aa 872141F8
Device \Driver\USBSTOR \Device\000000ab 872141F8
Device \Driver\usbuhci \Device\USBFDO-0 86AA9430
Device \Driver\USBSTOR \Device\000000ac 872141F8
Device \Driver\usbuhci \Device\USBFDO-1 86AA9430
Device \Driver\USBSTOR \Device\000000ad 872141F8
Device \Driver\usbuhci \Device\USBFDO-2 86AA9430
Device \Driver\USBSTOR \Device\000000ae 872141F8
Device \Driver\usbuhci \Device\USBFDO-3 86AA9430
Device \Driver\usbehci \Device\USBFDO-4 86652430
Device \Driver\apuepv5f \Device\Scsi\apuepv5f1Port3Path0Target0Lun0 8677F430
Device \Driver\apuepv5f \Device\Scsi\apuepv5f1 8677F430
Device \FileSystem\cdfs \Cdfs 84E5A1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xD7 0xC9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xB2 0x7A 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujd ew 0xEF 0x3D 0x00 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0xAE 0xDC 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x4A 0xB7 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0xE1 0x2E 0x8B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xBB 0xD7 0xC9 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xB2 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEF 0x3D 0x00 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0xAE 0xDC 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x4A 0xB7 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0xE1 0x2E 0x8B ...

---- EOF - GMER 1.0.15 ----


Ok there i pasted everything there now.