CPU Usage Spikes to 100%

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

daniellekb

Thread Starter
Joined
Dec 2, 2004
Messages
25
I won't claim to know what I am talking about in any form, but I don't know if this is malware related or not. I just put this computer together less than a month ago, and it's been having this issue since the first week. The CPU usage spikes to 100% and locks up for about 15 seconds or less, then goes back to normal. It does this about, twice an hour at the most. It doesn't matter what game I have open, it does this even when I just have a browser open. It's not overheating, I watched that pretty carefully with HWMonitor. I can't imagine that I got into any spyware that quickly, but what do I know? That's why I am asking the professionals. If you don't see anything in my logs, feel free to point me to another area here that can help. Thank you!

Here's the required info:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:56 PM, on 1/21/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe
C:\Users\Kendra\Downloads\5ifuhz0e.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kendra\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3942461306-1116634762-632801916-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3942461306-1116634762-632801916-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kendra\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kendra\AppData\Roaming\ICQM\icq.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11278 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Kendra at 12:33:54 on 2013-01-21
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8191.2536 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\World of Warcraft\WoW-64.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Kendra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: QuickLaunchEnabled = dword:1
uPolicies-Explorer: TaskbarNoThumbnail = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{449EE881-2508-492E-9B1A-3320FFC15376} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\n7ua17a5.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-7 283200]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-12-6 136704]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-6 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-6 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-12-6 14136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-6 676968]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-6 44672]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-2 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-9 38096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-2 203104]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-12-10 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-10 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-7 1255736]
.
=============== Created Last 30 ================
.
2013-01-21 07:16:10 -------- d-----w- C:\Users\Kendra\AppData\Local\Programs
2013-01-21 07:14:28 0 ----a-w- C:\Users\Kendra\AppData\Roaming\adaware-installer-reboot-required.tmp
2013-01-20 08:32:02 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE22FC8-5390-46A2-A0B3-FED5E17E8469}\offreg.dll
2013-01-20 03:13:00 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE22FC8-5390-46A2-A0B3-FED5E17E8469}\mpengine.dll
2013-01-19 03:14:42 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-16 20:24:22 -------- d-----w- C:\Users\Kendra\AppData\Local\Thunderbird
2013-01-13 19:41:41 -------- d-----w- C:\Users\Kendra\AppData\Roaming\ICQM
2013-01-13 19:41:00 -------- d-----w- C:\Users\Kendra\AppData\Roaming\ICQ-Profile
2013-01-10 06:35:56 -------- d-----w- C:\Users\Kendra\AppData\Local\ElevatedDiagnostics
2013-01-09 01:48:12 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 01:48:11 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 01:46:46 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-08 00:02:06 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-01-08 00:01:36 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-01-08 00:01:13 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-01-03 02:45:35 -------- d-----w- C:\Users\Kendra\AppData\Roaming\Samsung
2013-01-03 02:45:35 -------- d-----w- C:\Users\Kendra\AppData\Local\Samsung
2013-01-03 02:45:07 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-01-03 02:45:07 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-01-03 02:42:05 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-01-03 02:41:57 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-01-03 02:41:03 -------- d-----w- C:\ProgramData\Samsung
2013-01-03 02:41:03 -------- d-----w- C:\Program Files (x86)\Samsung
2013-01-03 02:32:42 -------- d-----w- C:\Users\Kendra\AppData\Local\Downloaded Installations
2013-01-02 01:29:49 -------- d-----r- C:\Users\Kendra\Dropbox
2013-01-02 01:26:56 -------- d-----w- C:\Users\Kendra\AppData\Roaming\Dropbox
2012-12-27 01:02:01 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-27 01:02:01 6149904 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2012-12-27 01:02:01 26811240 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-12-27 01:02:01 20335976 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-12-27 01:02:01 15016256 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-12-27 01:02:01 11532648 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-12-27 01:01:59 841272 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-12-27 01:01:59 7819016 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-12-27 01:01:59 7446192 ----a-w- C:\Windows\System32\nvopencl.dll
2012-12-27 01:01:59 2784104 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-12-27 01:01:59 2606440 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-12-27 01:01:59 245432 ----a-w- C:\Windows\System32\nvinitx.dll
2012-12-27 01:01:59 2226024 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-12-27 01:01:59 201136 ----a-w- C:\Windows\SysWow64\nvinit.dll
2012-12-27 01:01:59 1874280 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-12-27 01:01:59 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-12-27 01:01:59 15122280 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-12-27 01:01:58 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll
.
==================== Find3M ====================
.
2013-01-09 05:49:14 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 05:49:14 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-17 11:43:13 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-07 07:13:35 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-12-07 07:04:23 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-12-07 00:55:18 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-07 00:55:18 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-07 00:55:18 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-12-07 00:53:20 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-07 00:53:20 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-07 00:53:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-03 15:47:14 983936 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-12-03 15:47:14 2816824 ----a-w- C:\Windows\System32\nvapi64.dll
2012-12-03 15:47:14 2496976 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-12-03 15:47:14 1805672 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-12-03 15:47:14 18045968 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-12-03 15:47:14 1504104 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2012-12-03 15:47:14 12603960 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2009-12-06 09:18:14 26624 --sh--w- C:\Windows\bfcs2.dll
.
============= FINISH: 12:34:15.11 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2012 6:29:33 AM
System Uptime: 1/15/2013 10:01:05 PM (134 hours ago)
.
Motherboard: MSI | | 760GM-P34(FX) (MS-7641)
Processor: AMD FX(tm)-4170 Quad-Core Processor | CPU1 | 4200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 93.36 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 1/9/2013 3:00:14 AM - Windows Update
RP46: 1/12/2013 1:32:47 PM - Windows Update
RP47: 1/15/2013 2:25:12 PM - Windows Update
RP48: 1/18/2013 10:14:06 PM - Windows Update
RP49: 1/21/2013 2:12:23 AM - Removed Raid Hub Client
RP50: 1/21/2013 2:13:42 AM - Removed Ad-Aware Antivirus.
RP51: 1/21/2013 2:18:31 AM - Removed Ad-Aware Antivirus.
.
==== Installed Programs ======================
.
µTorrent
«The Sims 3 Deluxe Edition» (build 7.0)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
Advanced Combat Tracker (remove only)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
Apple Application Support
AVG 2013
Canon MP250 series MP Drivers
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Coupon Printer for Windows
Curse Client
D3DX10
Daemon Tools Pro v4.10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
EQ2MAP Updater 1.2.10
EverQuest II
Gamers Unite! Snag Bar
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ICQ 8.0 (build 5981, for the current user)
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
Legends of Norrath
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Photo Common
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Spybot - Search & Destroy
Super-Charger
swMSM
TechPowerUp GPU-Z
The Sims Medieval
The Sims™ 3
The Sims™ 3 ? ????????
The Sims™ 3 ???-??????
The Sims™ 3 ??? ????????
The Sims™ 3 ??? ???????????
The Sims™ 3 ????? ?? ??????? ???????
The Sims™ 3 ???????
The Sims™ 3 ??????? ????
The Sims™ 3 ????????? ????? ???????
The Sims™ 3 ?????????? ????? ???????
The Sims™ 3 ?????????? ??????? ???????
The Sims™ 3 ??????????? ??????? ???????
The Sims™ 3 ??????????????????
The Sims™ 3 Diesel ???????
The Sims™ 3 Katy Perry ??????? ???????
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Ventrilo Client for Windows x64
Visual Studio 2010 x64 Redistributables
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
1/14/2013 11:16:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
1/14/2013 11:16:16 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/14/2013 11:15:30 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================


GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-21 13:10:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HDT722525DLA380 rev.V44OA96A 232.88GB
Running: 5ifuhz0e.exe; Driver: C:\Users\Kendra\AppData\Local\Temp\kwdiipob.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3432] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077e9000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3432] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077f1f85a 5 bytes JMP 0000000177ecd571
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
? C:\Windows\system32\mssprxy.dll [6452] entry point in ".rdata" section 00000000752571e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x860628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x860668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x8605a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x860528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x860728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x860768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x8606e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x8606a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x860468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x8604a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x860428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x8605e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x860568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x8604e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x9bb628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x9bb668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x9bb5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x9bb528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x9bb728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x9bb768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x9bb6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x9bb6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x9bb468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x9bb4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x9bb428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x9bb5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x9bb568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x9bb4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x565a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x565a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x5659a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x565928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x565b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x565b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x565ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x565aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x565868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x5658a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x565828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x5659e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x565968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x5658e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0xc82e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0xc82e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0xc82da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0xc82d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0xc82f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0xc82f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0xc82ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0xc82ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0xc82c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0xc82ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0xc82c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0xc82de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0xc82d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0xc82ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x50b228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x50b268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x50b1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x50b128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x50b328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x50b368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x50b2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x50b2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x50b068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x50b0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x50b028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x50b1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x50b168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x50b0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x1b2228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x1b2268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x1b21a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x1b2128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x1b2328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x1b2368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x1b22e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x1b22a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x1b2068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x1b20a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x1b2028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x1b21e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x1b2168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x1b20e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x3efa28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x3efa68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x3ef9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x3ef928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x3efb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x3efb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x3efae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x3efaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x3ef868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x3ef8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x3ef828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x3ef9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x3ef968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x3ef8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x46ea28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x46ea68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x46e9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x46e928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x46eb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x46eb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x46eae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x46eaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x46e868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x46e8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x46e828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x46e9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x46e968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x46e8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]

---- Threads - GMER 2.0 ----

Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6120] 000000005e40de13
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7208] 000000005e40de13
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1664] 000000005e40de13
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5428] 0000000077ed2e25
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1476] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:3516] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:672] 000000006a57e4a1
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6044] 00000000743227e1
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1200] 000000006a57e4a1
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5172] 000000006a554f9d
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1600] 0000000021101590
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5904] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:4672] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:3524] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7552] 000000005c5ff771
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6820] 000000002110fe30
Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7944] 0000000077ed3e45

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top