1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

CPU Usage Spikes to 100%

Discussion in 'Virus & Other Malware Removal' started by daniellekb, Jan 21, 2013.

Thread Status:
Not open for further replies.
  1. daniellekb

    daniellekb Thread Starter

    Joined:
    Dec 2, 2004
    Messages:
    25
    I won't claim to know what I am talking about in any form, but I don't know if this is malware related or not. I just put this computer together less than a month ago, and it's been having this issue since the first week. The CPU usage spikes to 100% and locks up for about 15 seconds or less, then goes back to normal. It does this about, twice an hour at the most. It doesn't matter what game I have open, it does this even when I just have a browser open. It's not overheating, I watched that pretty carefully with HWMonitor. I can't imagine that I got into any spyware that quickly, but what do I know? That's why I am asking the professionals. If you don't see anything in my logs, feel free to point me to another area here that can help. Thank you!

    Here's the required info:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:07:56 PM, on 1/21/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe
    C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe
    C:\Users\Kendra\Downloads\5ifuhz0e.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Kendra\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3942461306-1116634762-632801916-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3942461306-1116634762-632801916-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: Dropbox.lnk = Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kendra\AppData\Roaming\ICQM\icq.exe (HKCU)
    O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kendra\AppData\Roaming\ICQM\icq.exe (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11278 bytes
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Kendra at 12:33:54 on 2013-01-21
    Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8191.2536 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\World of Warcraft\WoW-64.exe
    C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe
    C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Kendra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: QuickLaunchEnabled = dword:1
    uPolicies-Explorer: TaskbarNoThumbnail = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{449EE881-2508-492E-9B1A-3320FFC15376} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\n7ua17a5.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-7 283200]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-12-6 136704]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-6 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-6 46136]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-12-6 14136]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-6 676968]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-6 44672]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-2 102368]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-9 38096]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-2 203104]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-12-10 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-10 30208]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-7 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-21 07:16:10 -------- d-----w- C:\Users\Kendra\AppData\Local\Programs
    2013-01-21 07:14:28 0 ----a-w- C:\Users\Kendra\AppData\Roaming\adaware-installer-reboot-required.tmp
    2013-01-20 08:32:02 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE22FC8-5390-46A2-A0B3-FED5E17E8469}\offreg.dll
    2013-01-20 03:13:00 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE22FC8-5390-46A2-A0B3-FED5E17E8469}\mpengine.dll
    2013-01-19 03:14:42 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-16 20:24:22 -------- d-----w- C:\Users\Kendra\AppData\Local\Thunderbird
    2013-01-13 19:41:41 -------- d-----w- C:\Users\Kendra\AppData\Roaming\ICQM
    2013-01-13 19:41:00 -------- d-----w- C:\Users\Kendra\AppData\Roaming\ICQ-Profile
    2013-01-10 06:35:56 -------- d-----w- C:\Users\Kendra\AppData\Local\ElevatedDiagnostics
    2013-01-09 01:48:12 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 01:48:11 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 01:46:46 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-08 00:02:06 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2013-01-08 00:01:36 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2013-01-08 00:01:13 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2013-01-03 02:45:35 -------- d-----w- C:\Users\Kendra\AppData\Roaming\Samsung
    2013-01-03 02:45:35 -------- d-----w- C:\Users\Kendra\AppData\Local\Samsung
    2013-01-03 02:45:07 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2013-01-03 02:45:07 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2013-01-03 02:42:05 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2013-01-03 02:41:57 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
    2013-01-03 02:41:03 -------- d-----w- C:\ProgramData\Samsung
    2013-01-03 02:41:03 -------- d-----w- C:\Program Files (x86)\Samsung
    2013-01-03 02:32:42 -------- d-----w- C:\Users\Kendra\AppData\Local\Downloaded Installations
    2013-01-02 01:29:49 -------- d-----r- C:\Users\Kendra\Dropbox
    2013-01-02 01:26:56 -------- d-----w- C:\Users\Kendra\AppData\Roaming\Dropbox
    2012-12-27 01:02:01 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
    2012-12-27 01:02:01 6149904 ----a-w- C:\Windows\SysWow64\nvopencl.dll
    2012-12-27 01:02:01 26811240 ----a-w- C:\Windows\System32\nvoglv64.dll
    2012-12-27 01:02:01 20335976 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2012-12-27 01:02:01 15016256 ----a-w- C:\Windows\System32\nvwgf2umx.dll
    2012-12-27 01:02:01 11532648 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
    2012-12-27 01:01:59 841272 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
    2012-12-27 01:01:59 7819016 ----a-w- C:\Windows\SysWow64\nvcuda.dll
    2012-12-27 01:01:59 7446192 ----a-w- C:\Windows\System32\nvopencl.dll
    2012-12-27 01:01:59 2784104 ----a-w- C:\Windows\System32\nvcuvid.dll
    2012-12-27 01:01:59 2606440 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
    2012-12-27 01:01:59 245432 ----a-w- C:\Windows\System32\nvinitx.dll
    2012-12-27 01:01:59 2226024 ----a-w- C:\Windows\System32\nvcuvenc.dll
    2012-12-27 01:01:59 201136 ----a-w- C:\Windows\SysWow64\nvinit.dll
    2012-12-27 01:01:59 1874280 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
    2012-12-27 01:01:59 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2012-12-27 01:01:59 15122280 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-12-27 01:01:58 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 05:49:14 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 05:49:14 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-17 11:43:13 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-07 07:13:35 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-12-07 07:04:23 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-12-07 00:55:18 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-12-07 00:55:18 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-12-07 00:55:18 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-12-07 00:53:20 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-07 00:53:20 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-07 00:53:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-03 15:47:14 983936 ----a-w- C:\Windows\System32\nvumdshimx.dll
    2012-12-03 15:47:14 2816824 ----a-w- C:\Windows\System32\nvapi64.dll
    2012-12-03 15:47:14 2496976 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-12-03 15:47:14 1805672 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-12-03 15:47:14 18045968 ----a-w- C:\Windows\System32\nvd3dumx.dll
    2012-12-03 15:47:14 1504104 ----a-w- C:\Windows\System32\nvdispgenco64.dll
    2012-12-03 15:47:14 12603960 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2009-12-06 09:18:14 26624 --sh--w- C:\Windows\bfcs2.dll
    .
    ============= FINISH: 12:34:15.11 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate N
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/6/2012 6:29:33 AM
    System Uptime: 1/15/2013 10:01:05 PM (134 hours ago)
    .
    Motherboard: MSI | | 760GM-P34(FX) (MS-7641)
    Processor: AMD FX(tm)-4170 Quad-Core Processor | CPU1 | 4200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 93.36 GiB free.
    D: is CDROM (CDFS)
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP45: 1/9/2013 3:00:14 AM - Windows Update
    RP46: 1/12/2013 1:32:47 PM - Windows Update
    RP47: 1/15/2013 2:25:12 PM - Windows Update
    RP48: 1/18/2013 10:14:06 PM - Windows Update
    RP49: 1/21/2013 2:12:23 AM - Removed Raid Hub Client
    RP50: 1/21/2013 2:13:42 AM - Removed Ad-Aware Antivirus.
    RP51: 1/21/2013 2:18:31 AM - Removed Ad-Aware Antivirus.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    «The Sims 3 Deluxe Edition» (build 7.0)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player 11.6
    Advanced Combat Tracker (remove only)
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    Apple Application Support
    AVG 2013
    Canon MP250 series MP Drivers
    Catalyst Control Center
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Coupon Printer for Windows
    Curse Client
    D3DX10
    Daemon Tools Pro v4.10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    EQ2MAP Updater 1.2.10
    EverQuest II
    Gamers Unite! Snag Bar
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    ICQ 8.0 (build 5981, for the current user)
    Java 7 Update 9
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Legends of Norrath
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.2 (x86 en-US)
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    NVIDIA 3D Vision Controller Driver 310.70
    NVIDIA 3D Vision Driver 310.70
    NVIDIA Control Panel 310.70
    NVIDIA Graphics Driver 310.70
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Photo Common
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Spybot - Search & Destroy
    Super-Charger
    swMSM
    TechPowerUp GPU-Z
    The Sims Medieval
    The Sims™ 3
    The Sims™ 3 ? ????????
    The Sims™ 3 ???-??????
    The Sims™ 3 ??? ????????
    The Sims™ 3 ??? ???????????
    The Sims™ 3 ????? ?? ??????? ???????
    The Sims™ 3 ???????
    The Sims™ 3 ??????? ????
    The Sims™ 3 ????????? ????? ???????
    The Sims™ 3 ?????????? ????? ???????
    The Sims™ 3 ?????????? ??????? ???????
    The Sims™ 3 ??????????? ??????? ???????
    The Sims™ 3 ??????????????????
    The Sims™ 3 Diesel ???????
    The Sims™ 3 Katy Perry ??????? ???????
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Ventrilo Client for Windows x64
    Visual Studio 2010 x64 Redistributables
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (32-bit)
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/14/2013 11:16:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    1/14/2013 11:16:16 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    1/14/2013 11:15:30 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    .
    ==== End Of File ===========================


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-21 13:10:31
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HDT722525DLA380 rev.V44OA96A 232.88GB
    Running: 5ifuhz0e.exe; Driver: C:\Users\Kendra\AppData\Local\Temp\kwdiipob.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3432] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077e9000c 1 byte [C3]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3432] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077f1f85a 5 bytes JMP 0000000177ecd571
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe[2468] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    ? C:\Windows\system32\mssprxy.dll [6452] entry point in ".rdata" section 00000000752571e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x860628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x860668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x8605a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x860528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x860728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x860768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x8606e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x8606a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x860468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x8604a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x860428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x8605e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x860568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x8604e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x9bb628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x9bb668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x9bb5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x9bb528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x9bb728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x9bb768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x9bb6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x9bb6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x9bb468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x9bb4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x9bb428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x9bb5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x9bb568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x9bb4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x565a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x565a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x5659a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x565928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x565b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x565b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x565ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x565aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x565868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x5658a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x565828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x5659e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x565968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x5658e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0xc82e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0xc82e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0xc82da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0xc82d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0xc82f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0xc82f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0xc82ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0xc82ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0xc82c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0xc82ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0xc82c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0xc82de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0xc82d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0xc82ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x50b228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x50b268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x50b1a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x50b128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x50b328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x50b368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x50b2e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x50b2a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x50b068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x50b0a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x50b028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x50b1e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x50b168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x50b0e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x1b2228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x1b2268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x1b21a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x1b2128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x1b2328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x1b2368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x1b22e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x1b22a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x1b2068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x1b20a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x1b2028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x1b21e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x1b2168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x1b20e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x3efa28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x3efa68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x3ef9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x3ef928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x3efb28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x3efb68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x3efae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x3efaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x3ef868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x3ef8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x3ef828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x3ef9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x3ef968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x3ef8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e9f991 7 bytes {MOV EDX, 0x46ea28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e9fbd5 7 bytes {MOV EDX, 0x46ea68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e9fc05 7 bytes {MOV EDX, 0x46e9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e9fc1d 7 bytes {MOV EDX, 0x46e928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e9fc35 7 bytes {MOV EDX, 0x46eb28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e9fc65 7 bytes {MOV EDX, 0x46eb68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e9fce5 7 bytes {MOV EDX, 0x46eae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e9fcfd 7 bytes {MOV EDX, 0x46eaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e9fd49 7 bytes {MOV EDX, 0x46e868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e9fe41 7 bytes {MOV EDX, 0x46e8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077ea0099 7 bytes {MOV EDX, 0x46e828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077ea10a5 7 bytes {MOV EDX, 0x46e9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077ea111d 7 bytes {MOV EDX, 0x46e968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077ea1321 7 bytes {MOV EDX, 0x46e8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f51401 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f51419 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f51431 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f5144a 2 bytes [F5, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f514dd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f514f5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f5150d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f51525 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f5153d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f51555 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f5156d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f51585 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f5159d 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f515b5 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f515cd 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f516b2 2 bytes [F5, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f516bd 2 bytes [F5, 75]

    ---- Threads - GMER 2.0 ----

    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6120] 000000005e40de13
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7208] 000000005e40de13
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1664] 000000005e40de13
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5428] 0000000077ed2e25
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1476] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:3516] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:672] 000000006a57e4a1
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6044] 00000000743227e1
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1200] 000000006a57e4a1
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5172] 000000006a554f9d
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:1600] 0000000021101590
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:5904] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:4672] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:3524] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7552] 000000005c5ff771
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:6820] 000000002110fe30
    Thread C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\EverQuest2.exe [5856:7944] 0000000077ed3e45

    ---- EOF - GMER 2.0 ----
     
  2. daniellekb

    daniellekb Thread Starter

    Joined:
    Dec 2, 2004
    Messages:
    25
    Bump. Thanks.
     
  3. daniellekb

    daniellekb Thread Starter

    Joined:
    Dec 2, 2004
    Messages:
    25
    Still looking for some help, thank you :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Usage Spikes 100%
  1. aftabnawabsayyed
    Replies:
    0
    Views:
    386
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086264

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice