No more task manager?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ru3ster

Thread Starter
Joined
Feb 1, 2013
Messages
2
So my computer has been occasionally locking up, it initially didn't seem like a big deal. Nothing a reboot couldn't fix. Now it seems more frequent, and I've noticed when I hit ctrl alt del it says the administrator has disabled taskmanager. Is this a virus or did my 4 year old somehow set some weird admin privileges?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:45 PM, on 2/1/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.120.224.91:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iSafeCW] C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ruester\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Ruester\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ruester\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11877 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Ruester at 20:17:17 on 2013-02-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3012 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uProxyServer = 64.120.224.91:8080
mWinlogon: Userinit = userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "C:\Users\Ruester\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MusicManager] "C:\Users\Ruester\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Spotify Web Helper] "C:\Users\Ruester\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iSafeCW] C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Ruester\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoChangeStartMenu = dword:1
uPolicies-Explorer: NoClose = dword:1
uPolicies-Explorer: NoLogOff = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 75.76.84.102 75.76.84.103
TCP: Interfaces\{005F7DA1-0017-4C7C-8F3F-3F84C2692EFB} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
TCP: Interfaces\{0B291F8B-D4B1-48AB-A5A9-3005791667B7} : DHCPNameServer = 192.168.1.1 69.1.30.35 69.1.30.34
TCP: Interfaces\{0B291F8B-D4B1-48AB-A5A9-3005791667B7}\84453402E6564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{54B0C7A9-36E0-4291-9BE6-B71250425334} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
TCP: Interfaces\{6D75A7C9-7B3A-42A5-8168-5F3961221E79} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
TCP: Interfaces\{8AD7DAAA-29DE-423C-9CAB-108E0C1C7496} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
TCP: Interfaces\{DC9FF61C-603D-41DE-9317-DB287CECC864} : DHCPNameServer = 192.168.1.1 69.1.30.35 69.1.30.34
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-3-15 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-3-15 15920]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2012-1-26 1101600]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-23 591192]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-23 304472]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-23 24408]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-23 66904]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-23 44768]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-21 2666880]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-2-26 33872]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-02-01 18:54:22 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DDAA104-9820-4F0F-8C15-3DAA6E5B1BFC}\mpengine.dll
2013-02-01 18:14:00 388096 ----a-r- C:\Users\Ruester\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-01 18:13:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-02-01 03:23:31 -------- d-----w- C:\Program Files (x86)\Kqemu
2013-01-30 17:39:17 -------- d-----w- C:\Users\Ruester\AppData\Local\Temporary Projects
2013-01-30 16:22:07 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-01-29 21:39:49 -------- d-----w- C:\Users\Ruester\AppData\Local\Disney Interactive Studios
2013-01-29 21:38:23 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-01-29 21:31:09 -------- d-----w- C:\Program Files (x86)\Disney Interactive Studios
2013-01-29 04:05:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-01-21 23:27:07 -------- d-----w- C:\Users\Ruester\AppData\Roaming\Microsoft Corporation
2013-01-21 15:11:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-01-21 15:11:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-01-21 15:11:08 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-01-21 15:10:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-01-21 15:10:53 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-21 15:10:28 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2013-01-21 15:09:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-01-21 15:08:40 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2013-01-21 15:08:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2013-01-21 15:08:17 -------- d-----w- C:\Windows\PCHEALTH
2013-01-18 06:36:19 -------- d-----w- C:\Users\Ruester\AppData\Roaming\Doctor Who
2013-01-18 06:35:49 -------- d-----w- C:\Users\Ruester\AppData\Local\Doctor Who
2013-01-13 19:44:28 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-13 19:44:28 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-13 19:44:12 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-13 19:44:11 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-13 19:44:11 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-13 19:44:10 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-13 19:44:09 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-13 19:44:09 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-13 19:39:30 3147264 ----a-w- C:\Windows\System32\win32k.sys
2013-01-06 02:04:49 -------- d-----w- C:\Users\Ruester\AppData\Local\SKIDROW
2013-01-05 18:48:02 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2013-01-05 18:22:46 -------- d-----w- C:\c3ddc4f8fd285858734434d3
.
==================== Find3M ====================
.
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 09:54:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 09:54:25 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-31 01:07:08 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-31 01:07:07 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-19 20:00:00 3123272 ----a-r- C:\Windows\SysWow64\pbsvc.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 20:17:24.99 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2012 9:23:15 PM
System Uptime: 2/1/2013 7:46:22 PM (1 hours ago)
.
Motherboard: XFX | | MB-750I-72P9
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 34.26 GiB free.
E: is Removable
F: is FIXED (NTFS) - 931 GiB total, 46.939 GiB free.
Z: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
==== System Restore Points ===================
.
RP171: 1/28/2013 11:02:03 PM - Installed DirectX
RP172: 1/28/2013 11:47:37 PM - Zainstalowane Disney Interactive Studios
RP173: 1/29/2013 1:01:07 PM - Usuniete Disney Interactive Studios
RP174: 1/29/2013 4:31:14 PM - Installed Disney Universe
RP175: 1/29/2013 5:19:13 PM - Windows Update
RP177: 2/1/2013 1:13:13 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
3DVIA player 5.0.0.20
Absolute Sound Recorder version 3.7.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
Angry Birds Space
Any Video Converter Ultimate 4.3.3
Assassin's Creed (R) III
avast! Free Antivirus
Bejeweled 3
Bing Bar
Caillou Ready For School
Cisco Network Magic
Coupon Printer for Windows
Disney Universe
Doctor Who: The Adventure Games
DVD Shrink 3.2
EPSON Printer Software
EPSON Scan
Family Guy Back to the Multiverse
Game of Thrones version 1.0.0.0
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
HiJackThis
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
LEGO® Batman™ 2: DC Super Heroes
LEGO® The Lord of the Rings™ DEMO
Live 8.2.2
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MSXML 4.0 SP2 (KB973688)
Music Manager
Nero 11 Mini Repack
Nero Backup Drivers
Network Magic
Novacomd
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Graphics Driver 310.70
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenOffice.org 3.4.1
PDF Settings CS5
PunkBuster Services
Pure Networks Platform
QEMU Accelerator Module 1.3.0pre11
Respondus LockDown Browser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Skype Click to Call
Skype™ 5.10
Snagit 9.1.3
Splashtop Streamer
Spotify
SpyNet Field Office
Super Mario Bros X version 1.2.1
TeamViewer 7
The Elder Scrolls V Skyrim
The Walking Dead (c) 3 version 1
TheSkyX Student Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
WinRAR archiver
Xilisoft Video Converter Ultimate 6
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
2/1/2013 8:15:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/1/2013 8:08:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
2/1/2013 7:58:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/1/2013 7:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/1/2013 7:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/1/2013 7:49:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/1/2013 7:47:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/1/2013 7:47:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/1/2013 7:47:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2013 7:47:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/1/2013 7:47:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache spldr Wanarpv6
2/1/2013 7:47:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
2/1/2013 7:47:19 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/1/2013 7:46:25 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
2/1/2013 7:40:50 PM, Error: Service Control Manager [7000] - The kqemu driver service failed to start due to the following error: This driver has been blocked from loading
2/1/2013 7:40:50 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\kqemu.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/1/2013 10:57:26 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
1/31/2013 3:20:28 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
1/31/2013 12:14:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
1/28/2013 1:14:58 PM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
1/27/2013 12:45:57 AM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-01 21:00:28
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000064 WDC_WD16 rev.01.0 149.05GB
Running: d11ztoxl.exe; Driver: C:\Users\Ruester\AppData\Local\Temp\fgdiypod.sys


---- User code sections - GMER 2.0 ----

.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x4a6628; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x4a6668; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x4a65a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x4a6528; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x4a6728; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x4a6768; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x4a66e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x4a66a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x4a6468; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x4a64a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x4a6428; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x4a65e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x4a6568; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x4a64e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xc9ca28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xc9ca68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xc9c9a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xc9c928; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xc9cb28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xc9cb68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xc9cae8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xc9caa8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xc9c868; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xc9c8a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xc9c828; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xc9c9e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xc9c968; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xc9c8e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xcf8a28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xcf8a68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xcf89a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xcf8928; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xcf8b28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xcf8b68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xcf8ae8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xcf8aa8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xcf8868; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xcf88a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xcf8828; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xcf89e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xcf8968; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xcf88e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xd70e28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xd70e68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xd70da8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xd70d28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xd70f28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xd70f68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xd70ee8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xd70ea8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xd70c68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xd70ca8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xd70c28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xd70de8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xd70d68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xd70ce8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xb5ee28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xb5ee68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xb5eda8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xb5ed28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xb5ef28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xb5ef68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xb5eee8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xb5eea8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xb5ec68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xb5eca8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xb5ec28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xb5ede8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xb5ed68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xb5ece8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xffb228; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xffb268; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xffb1a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xffb128; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xffb328; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xffb368; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xffb2e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xffb2a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xffb068; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xffb0a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xffb028; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xffb1e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xffb168; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xffb0e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x5a8a28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x5a8a68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x5a89a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x5a8928; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x5a8b28; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x5a8b68; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x5a8ae8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x5a8aa8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x5a8868; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x5a88a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x5a8828; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x5a89e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x5a8968; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x5a88e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x18b228; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x18b268; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x18b1a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x18b128; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x18b328; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x18b368; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x18b2e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x18b2a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x18b068; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x18b0a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x18b028; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x18b1e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x18b168; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x18b0e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xb3628; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xb3668; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xb35a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xb3528; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xb3728; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xb3768; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xb36e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xb36a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xb3468; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xb34a8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xb3428; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xb35e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xb3568; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xb34e8; JMP RDX}
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
.text ... * 9
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
.text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [1848:1384] 000007fef77c9688

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xBE 0x22 0xEE 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xFC 0xA6 0x14 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC7 0x4B 0x89 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xBE 0x22 0xEE 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xFC 0xA6 0x14 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC7 0x4B 0x89 0xFE ...

---- EOF - GMER 2.0 ----


:confused:
 

ru3ster

Thread Starter
Joined
Feb 1, 2013
Messages
2
My computer is completely freezing. reenabled the task manager through the registry. task manager is showing the system idle process using the entire cpu as well as 50 percent o the ram. what can i do to fix this, i need my computer for my livelihood. please help!? :-{
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top