1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No more task manager?

Discussion in 'Virus & Other Malware Removal' started by ru3ster, Feb 2, 2013.

Thread Status:
Not open for further replies.
  1. ru3ster

    ru3ster Thread Starter

    Joined:
    Feb 1, 2013
    Messages:
    2
    So my computer has been occasionally locking up, it initially didn't seem like a big deal. Nothing a reboot couldn't fix. Now it seems more frequent, and I've noticed when I hit ctrl alt del it says the administrator has disabled taskmanager. Is this a virus or did my 4 year old somehow set some weird admin privileges?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:27:45 PM, on 2/1/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.120.224.91:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [iSafeCW] C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ruester\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [MusicManager] "C:\Users\Ruester\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ruester\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    O4 - HKCU\..\Run: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11877 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Ruester at 20:17:17 on 2013-02-01
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3012 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?PC=BNHP
    uProxyServer = 64.120.224.91:8080
    mWinlogon: Userinit = userinit.exe
    BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Google Update] "C:\Users\Ruester\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [MusicManager] "C:\Users\Ruester\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [Spotify Web Helper] "C:\Users\Ruester\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [iSafeCW] C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Ruester\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    uPolicies-Explorer: NoChangeStartMenu = dword:1
    uPolicies-Explorer: NoClose = dword:1
    uPolicies-Explorer: NoLogOff = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:1
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1 75.76.84.102 75.76.84.103
    TCP: Interfaces\{005F7DA1-0017-4C7C-8F3F-3F84C2692EFB} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
    TCP: Interfaces\{0B291F8B-D4B1-48AB-A5A9-3005791667B7} : DHCPNameServer = 192.168.1.1 69.1.30.35 69.1.30.34
    TCP: Interfaces\{0B291F8B-D4B1-48AB-A5A9-3005791667B7}\84453402E6564777F627B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{54B0C7A9-36E0-4291-9BE6-B71250425334} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
    TCP: Interfaces\{6D75A7C9-7B3A-42A5-8168-5F3961221E79} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
    TCP: Interfaces\{8AD7DAAA-29DE-423C-9CAB-108E0C1C7496} : DHCPNameServer = 192.168.1.1 75.76.84.102 75.76.84.103
    TCP: Interfaces\{DC9FF61C-603D-41DE-9317-DB287CECC864} : DHCPNameServer = 192.168.1.1 69.1.30.35 69.1.30.34
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 validation.sls.microsoft.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-3-15 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-3-15 15920]
    R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2012-1-26 1101600]
    S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-23 591192]
    S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-23 304472]
    S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-23 24408]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-23 66904]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-23 44768]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
    S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
    S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-21 2666880]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-2-26 33872]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-22 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2013-02-01 18:54:22 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DDAA104-9820-4F0F-8C15-3DAA6E5B1BFC}\mpengine.dll
    2013-02-01 18:14:00 388096 ----a-r- C:\Users\Ruester\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-02-01 18:13:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-02-01 03:23:31 -------- d-----w- C:\Program Files (x86)\Kqemu
    2013-01-30 17:39:17 -------- d-----w- C:\Users\Ruester\AppData\Local\Temporary Projects
    2013-01-30 16:22:07 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2013-01-29 21:39:49 -------- d-----w- C:\Users\Ruester\AppData\Local\Disney Interactive Studios
    2013-01-29 21:38:23 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2013-01-29 21:31:09 -------- d-----w- C:\Program Files (x86)\Disney Interactive Studios
    2013-01-29 04:05:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2013-01-21 23:27:07 -------- d-----w- C:\Users\Ruester\AppData\Roaming\Microsoft Corporation
    2013-01-21 15:11:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2013-01-21 15:11:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2013-01-21 15:11:08 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2013-01-21 15:10:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2013-01-21 15:10:53 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-01-21 15:10:28 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
    2013-01-21 15:09:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
    2013-01-21 15:08:40 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
    2013-01-21 15:08:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer
    2013-01-21 15:08:17 -------- d-----w- C:\Windows\PCHEALTH
    2013-01-18 06:36:19 -------- d-----w- C:\Users\Ruester\AppData\Roaming\Doctor Who
    2013-01-18 06:35:49 -------- d-----w- C:\Users\Ruester\AppData\Local\Doctor Who
    2013-01-13 19:44:28 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-13 19:44:28 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-13 19:44:12 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-13 19:44:11 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-13 19:44:11 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-13 19:44:10 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-13 19:44:09 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-13 19:44:09 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-13 19:39:30 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-06 02:04:49 -------- d-----w- C:\Users\Ruester\AppData\Local\SKIDROW
    2013-01-05 18:48:02 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
    2013-01-05 18:22:46 -------- d-----w- C:\c3ddc4f8fd285858734434d3
    .
    ==================== Find3M ====================
    .
    2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 09:54:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 09:54:25 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-31 01:07:08 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-31 01:07:07 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-19 20:00:00 3123272 ----a-r- C:\Windows\SysWow64\pbsvc.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 20:17:24.99 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/19/2012 9:23:15 PM
    System Uptime: 2/1/2013 7:46:22 PM (1 hours ago)
    .
    Motherboard: XFX | | MB-750I-72P9
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2333/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 34.26 GiB free.
    E: is Removable
    F: is FIXED (NTFS) - 931 GiB total, 46.939 GiB free.
    Z: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    ==== System Restore Points ===================
    .
    RP171: 1/28/2013 11:02:03 PM - Installed DirectX
    RP172: 1/28/2013 11:47:37 PM - Zainstalowane Disney Interactive Studios
    RP173: 1/29/2013 1:01:07 PM - Usuniete Disney Interactive Studios
    RP174: 1/29/2013 4:31:14 PM - Installed Disney Universe
    RP175: 1/29/2013 5:19:13 PM - Windows Update
    RP177: 2/1/2013 1:13:13 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3DVIA player 5.0.0.20
    Absolute Sound Recorder version 3.7.0
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop CS5.1
    Adobe Reader X (10.1.2)
    Angry Birds Space
    Any Video Converter Ultimate 4.3.3
    Assassin's Creed (R) III
    avast! Free Antivirus
    Bejeweled 3
    Bing Bar
    Caillou Ready For School
    Cisco Network Magic
    Coupon Printer for Windows
    Disney Universe
    Doctor Who: The Adventure Games
    DVD Shrink 3.2
    EPSON Printer Software
    EPSON Scan
    Family Guy Back to the Multiverse
    Game of Thrones version 1.0.0.0
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    HiJackThis
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 30
    JavaFX 2.1.1
    LEGO® Batman™ 2: DC Super Heroes
    LEGO® The Lord of the Rings™ DEMO
    Live 8.2.2
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Help Viewer 1.0
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Xbox 360 Accessories 1.2
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    Nero 11 Mini Repack
    Nero Backup Drivers
    Network Magic
    Novacomd
    NVIDIA 3D Vision Controller Driver 310.70
    NVIDIA 3D Vision Driver 310.70
    NVIDIA Control Panel 310.70
    NVIDIA Graphics Driver 310.70
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    OpenOffice.org 3.4.1
    PDF Settings CS5
    PunkBuster Services
    Pure Networks Platform
    QEMU Accelerator Module 1.3.0pre11
    Respondus LockDown Browser
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
    Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
    Skype Click to Call
    Skype™ 5.10
    Snagit 9.1.3
    Splashtop Streamer
    Spotify
    SpyNet Field Office
    Super Mario Bros X version 1.2.1
    TeamViewer 7
    The Elder Scrolls V Skyrim
    The Walking Dead (c) 3 version 1
    TheSkyX Student Edition
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Uplay
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.11
    Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    WinRAR archiver
    Xilisoft Video Converter Ultimate 6
    Xvid MPEG-4 Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/1/2013 8:15:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/1/2013 8:08:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    2/1/2013 7:58:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/1/2013 7:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/1/2013 7:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/1/2013 7:49:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/1/2013 7:47:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/1/2013 7:47:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/1/2013 7:47:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/1/2013 7:47:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/1/2013 7:47:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache spldr Wanarpv6
    2/1/2013 7:47:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    2/1/2013 7:47:19 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/1/2013 7:46:25 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/1/2013 7:40:50 PM, Error: Service Control Manager [7000] - The kqemu driver service failed to start due to the following error: This driver has been blocked from loading
    2/1/2013 7:40:50 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\kqemu.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/1/2013 10:57:26 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    1/31/2013 3:20:28 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
    1/31/2013 12:14:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
    1/28/2013 1:14:58 PM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
    1/27/2013 12:45:57 AM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-01 21:00:28
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000064 WDC_WD16 rev.01.0 149.05GB
    Running: d11ztoxl.exe; Driver: C:\Users\Ruester\AppData\Local\Temp\fgdiypod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x4a6628; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x4a6668; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x4a65a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x4a6528; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x4a6728; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x4a6768; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x4a66e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x4a66a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x4a6468; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x4a64a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x4a6428; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x4a65e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x4a6568; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x4a64e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xc9ca28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xc9ca68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xc9c9a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xc9c928; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xc9cb28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xc9cb68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xc9cae8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xc9caa8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xc9c868; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xc9c8a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xc9c828; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xc9c9e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xc9c968; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xc9c8e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xcf8a28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xcf8a68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xcf89a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xcf8928; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xcf8b28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xcf8b68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xcf8ae8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xcf8aa8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xcf8868; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xcf88a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xcf8828; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xcf89e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xcf8968; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xcf88e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xd70e28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xd70e68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xd70da8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xd70d28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xd70f28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xd70f68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xd70ee8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xd70ea8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xd70c68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xd70ca8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xd70c28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xd70de8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xd70d68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xd70ce8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xb5ee28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xb5ee68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xb5eda8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xb5ed28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xb5ef28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xb5ef68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xb5eee8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xb5eea8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xb5ec68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xb5eca8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xb5ec28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xb5ede8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xb5ed68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xb5ece8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xffb228; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xffb268; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xffb1a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xffb128; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xffb328; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xffb368; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xffb2e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xffb2a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xffb068; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xffb0a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xffb028; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xffb1e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xffb168; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xffb0e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x5a8a28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x5a8a68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x5a89a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x5a8928; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x5a8b28; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x5a8b68; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x5a8ae8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x5a8aa8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x5a8868; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x5a88a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x5a8828; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x5a89e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x5a8968; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x5a88e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0x18b228; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0x18b268; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0x18b1a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0x18b128; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0x18b328; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0x18b368; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0x18b2e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0x18b2a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0x18b068; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0x18b0a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0x18b028; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0x18b1e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0x18b168; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0x18b0e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f8f941 7 bytes {MOV EDX, 0xb3628; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f8fb85 7 bytes {MOV EDX, 0xb3668; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f8fbb5 7 bytes {MOV EDX, 0xb35a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f8fbcd 7 bytes {MOV EDX, 0xb3528; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f8fbe5 7 bytes {MOV EDX, 0xb3728; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f8fc15 7 bytes {MOV EDX, 0xb3768; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f8fc95 7 bytes {MOV EDX, 0xb36e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f8fcad 7 bytes {MOV EDX, 0xb36a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f8fcf9 7 bytes {MOV EDX, 0xb3468; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f8fdf1 7 bytes {MOV EDX, 0xb34a8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f90049 7 bytes {MOV EDX, 0xb3428; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f91055 7 bytes {MOV EDX, 0xb35e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f910cd 7 bytes {MOV EDX, 0xb3568; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f912d1 7 bytes {MOV EDX, 0xb34e8; JMP RDX}
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f41401 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f41419 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f41431 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f4144a 2 bytes [F4, 76]
    .text ... * 9
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f414dd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f414f5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f4150d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f41525 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f4153d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f41555 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f4156d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f41585 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f4159d 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f415b5 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f415cd 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f416b2 2 bytes [F4, 76]
    .text C:\Users\Ruester\AppData\Local\Google\Chrome\Application\chrome.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f416bd 2 bytes [F4, 76]

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\System32\svchost.exe [1848:1384] 000007fef77c9688

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xBE 0x22 0xEE 0x72 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xFC 0xA6 0x14 0xE6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC7 0x4B 0x89 0xFE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xBE 0x22 0xEE 0x72 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xFC 0xA6 0x14 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC7 0x4B 0x89 0xFE ...

    ---- EOF - GMER 2.0 ----


    :confused:
     
  2. ru3ster

    ru3ster Thread Starter

    Joined:
    Feb 1, 2013
    Messages:
    2
    My computer is completely freezing. reenabled the task manager through the registry. task manager is showing the system idle process using the entire cpu as well as 50 percent o the ram. what can i do to fix this, i need my computer for my livelihood. please help!? :-{
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice