1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random words on webpages are hotlinked, computer running extremely sluggishly

Discussion in 'Virus & Other Malware Removal' started by hermolt, Jan 28, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    As per the title, my computer has slowed down noticeably over the past few days. Random words in Chrome are hotlinked and point to obvious scam websites. I've had a rootkit warning pop up in Avast for some months now but nothing I did seemed to make it go away, and it didn't have any noticeable adverse effect until lately.

    Many thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:50:30 AM, on 28/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\DAEMON Tools Pro\DTAgent.exe
    C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe
    C:\Program Files\Steam\GameOverlayUI.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\mkv2vob\mkv2vob.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Ben\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: CrossriderApp0021804 - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: http://desktop.health.gov.au
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://desktop.health.gov.au/public/download/urxvpn.cab#version=7002,2011,623,529
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://desktop.health.gov.au/public/download/f5tunsrv.cab#version=7002,2011,623,519
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Ben\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://desktop.health.gov.au/public/download/f5InspectionHost.cab#version=7002,2011,0623,0454
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://desktop.health.gov.au/public/download/urxshost.cab#version=7002,2011,623,514
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://desktop.health.gov.au/public/download/urxhost.cab#version=7002,2011,623,545
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://desktop.health.gov.au/public/download/f5syschk.cab#Version=7002,2011,0623,0518
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe

    --
    End of file - 11001 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_10
    Run by Ben at 11:50:53 on 2013-01-28
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3069.288 [GMT 11:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Hpservice.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DAEMON Tools Pro\DTAgent.exe
    C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe
    C:\Program Files\Steam\GameOverlayUI.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\mkv2vob\mkv2vob.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\users\ben\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
    uRun: [Spotify] "c:\users\ben\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "c:\users\ben\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\mobile broadband manager\TelstraUCM.exe" -tsr
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://desktop.health.gov.au/public/download/urxvpn.cab#version=7002,2011,623,529
    DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://desktop.health.gov.au/public/download/f5tunsrv.cab#version=7002,2011,623,519
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\ben\appdata\local\temp\ixp000.tmp\InstallerControl.cab#-1,-1,-1,-1
    DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://desktop.health.gov.au/public/download/f5InspectionHost.cab#version=7002,2011,0623,0454
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://desktop.health.gov.au/public/download/urxshost.cab#version=7002,2011,623,514
    DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://desktop.health.gov.au/public/download/urxhost.cab#version=7002,2011,623,545
    DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://desktop.health.gov.au/public/download/f5syschk.cab#Version=7002,2011,0623,0518
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\259716E69446F6C6 : DHCPNameServer = 218.186.1.58 202.156.1.48 202.156.1.38
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\34F4C4C4F402A494D40214E44402A4F4449454 : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\75C414E4 : DHCPNameServer = 10.1.1.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\8616774727F6E6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\C49444D414E423 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\C4F657963702B496E6763747F6E6 : DHCPNameServer = 10.1.1.1
    TCP: Interfaces\{34635D79-4528-4824-8707-9E8B37E6D16C}\E4544574541425 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D9D2EA16-D514-4BD2-98FB-B3D9985BAA37} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{DF8D06EB-1D6D-4F5E-A683-FA2DC3F450B1} : DHCPNameServer = 10.4.81.103 10.4.182.20
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\pdi0hh9j.default\
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\users\ben\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\ben\appdata\roaming\mozilla\firefox\profiles\pdi0hh9j.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2013-01-28 01:32; extension2[email protected]; c:\users\ben\appdata\roaming\mozilla\firefox\profiles\pdi0hh9j.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-13 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-13 353688]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-13 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-13 57656]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-9 44808]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-12-6 32256]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-20 100184]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-21 328808]
    R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2011-6-7 38992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2012-3-8 13944]
    S3 massfilter;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-10 7168]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-27 40776]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-17 15872]
    S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-3-8 215552]
    S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-3-8 83968]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-3-8 208128]
    S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-12-8 154752]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-17 52224]
    .
    =============== Created Last 30 ================
    .
    2013-01-27 23:29:37 -------- d-----w- c:\users\ben\appdata\local\Macromedia
    2013-01-27 14:35:13 -------- d-----w- c:\users\ben\appdata\roaming\RegistryOptimizerFree
    2013-01-27 14:35:13 -------- d-----w- c:\programdata\RegistryOptimizerFree
    2013-01-27 14:34:28 -------- d-----w- c:\program files\RegistryOptimizerFree
    2013-01-27 14:32:35 -------- d-----w- c:\users\ben\appdata\local\Coupon Companion Plugin
    2013-01-27 14:32:12 -------- d-----w- c:\users\ben\appdata\local\Updater21804
    2013-01-27 14:31:47 -------- d-----w- c:\program files\Coupon Companion Plugin
    2013-01-27 14:25:08 -------- d-----w- c:\users\ben\appdata\roaming\Nico Mak Computing
    2013-01-27 14:25:02 17224 ----a-w- c:\windows\system32\roboot.exe
    2013-01-27 14:24:51 -------- d-----w- c:\program files\WinZip Registry Optimizer
    2013-01-27 10:59:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-27 10:58:03 -------- d-----w- c:\users\ben\appdata\local\{346C3CFF-8FFD-4239-87A2-7473A202555F}
    2013-01-27 10:46:00 -------- d-----w- c:\users\ben\appdata\local\Programs
    2013-01-27 08:08:22 -------- d-----w- c:\program files\AVIAddXSubs
    2013-01-25 16:10:06 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{af9db16d-46fc-441d-81d6-a1196a8bd4f9}\mpengine.dll
    2013-01-22 11:29:55 -------- d-----w- c:\users\ben\appdata\local\Hewlett-Packard
    2013-01-22 06:16:11 -------- d-----w- c:\users\ben\appdata\local\{71439A0C-C7F3-454A-A4BA-D455D0E6A023}
    2013-01-21 10:01:55 -------- d-----w- c:\users\ben\appdata\local\{257DC1DE-AB38-4375-89B0-FC186C6C01D1}
    2013-01-20 06:14:50 -------- d-----w- c:\users\ben\appdata\roaming\mkvtoolnix
    2013-01-20 06:13:39 -------- d-----w- c:\program files\MKVToolNix
    2013-01-19 15:54:11 -------- d-----w- c:\users\ben\appdata\local\{FA7A629A-96AD-4FDF-9747-754FAB14BFCF}
    2013-01-17 08:24:34 29184 ----a-r- c:\users\ben\appdata\roaming\microsoft\installer\{21ae04e8-ebf6-40db-9aa9-b7a80c5d057d}\Icon21AE04E8.exe
    2013-01-17 08:24:30 -------- d-----w- c:\program files\mkv2vob
    2013-01-17 08:23:32 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2013-01-15 19:46:57 -------- d-----w- c:\users\ben\appdata\local\{9921191F-2064-48B8-86AB-0969FF3D0528}
    2013-01-14 19:59:36 -------- d-----w- c:\users\ben\appdata\local\{7219F781-E9D9-4C5B-AC83-E22EC55C6B22}
    2013-01-14 03:54:58 -------- d-----w- c:\users\ben\appdata\local\{3FCB41C4-FA38-4EC6-B496-B74D33B59DD0}
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-01-12 00:56:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-01-09 01:47:31 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 01:47:01 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 01:46:29 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 01:45:19 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 01:43:47 46592 ----a-w- c:\windows\system32\fpb.rs
    2013-01-09 01:42:59 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 01:42:28 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-08 10:00:20 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-08 09:58:44 -------- d-----w- c:\program files\iPod
    2013-01-08 09:58:41 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-08 09:58:41 -------- d-----w- c:\program files\iTunes
    2013-01-08 09:55:42 -------- d-----w- c:\program files\Bonjour
    2013-01-07 20:37:01 -------- d-----w- c:\users\ben\appdata\local\{9894546F-7F3F-4EAD-93F7-D4F81F4722F4}
    2013-01-02 20:19:39 -------- d-----w- c:\users\ben\appdata\local\{65BE87FC-473A-46B1-9680-A6F1D8D81EC5}
    2013-01-02 16:01:54 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-02 16:01:52 34304 ----a-w- c:\windows\system32\atmlib.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 11:00:27 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 11:00:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 05:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-12 11:52:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    .
    ============= FINISH: 12:05:05.67 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/10/2009 3:43:40 PM
    System Uptime: 28/01/2013 5:24:16 AM (7 hours ago)
    .
    Motherboard: Quanta | | 3603
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | CPU | 2801/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 9.605 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.165 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    J: is FIXED (FAT32) - 931 GiB total, 136.753 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    avast! Free Antivirus
    AviSynth 2.5
    BIG-IP Edge Client Components (All Users)
    BlackBerry Desktop Software 6.0
    Bonjour
    CCleaner
    Citrix XenApp Web Plugin
    Combined Community Codec Pack 2009-09-09
    ConvertXtoDVD 3.5.3.139
    CopyTrans Suite Remove Only
    Coupon Companion Plugin
    Crusader Kings II
    D3DX10
    DAEMON Tools Pro
    Defraggler
    DVD Rip Master Pro v8.0.4.1
    Express Burn
    FMRTE
    Football Manager 2013
    Google Chrome
    Google Update Helper
    HP 3D DriveGuard
    HP Battery Check
    ImgBurn
    iTunes
    Java(TM) 6 Update 10
    JMicron JMB38X Flash Media Controller
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    mkv2vob
    MKVToolNix 5.9.0
    Mobile Broadband Manager
    Mozilla Firefox 17.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    Mp3tag v2.43
    MSVCRT
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PVSonyDll
    QuickTime
    Registry Optimizer Free
    SABnzbd 0.6.14
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    SopCast 3.2.4
    Spotify
    Stanza
    Steam
    StreamTorrent 1.0
    Synaptics Pointing Device Driver
    Telstra Mobile Broadband Manager
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veetle TV 0.9.18
    VLC media player 0.9.9
    VMware View Client (DoHA Thinapp)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR archiver
    WinZip Registry Optimizer
    .
    ==== End Of File ===========================

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-28 17:14:53
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC44C 232.89GB
    Running: blldwoqu.exe; Driver: C:\Users\Ben\AppData\Local\Temp\uwldqpow.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x93C3B536]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x943307BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x93C3BF52]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x93C46D7A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x93C46DC6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x93C46F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x93C46CE8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x94330BAC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x93C46D30]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x93C3C146]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x93C3C2CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x93C46F02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x93C3C8CA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x93C3B584]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9433089E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x93C3B1EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x93C3B5D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x93C402A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x93C3D292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x93C46DA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x93C46DE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x93C46F6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x93C46D0E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x93C46E8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x93C46D58]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x93C46F26]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94330A1E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x93C3D15E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x93C3CE9A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x93C3B620]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x93C3B66E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x93C3C74A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x93C3B276]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x93C3B426]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x93C3B3CC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x93C3CA2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x93C3CB88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x93C3B496]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x94330AE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x93C3C5CA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x93C3B6BC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x94330954]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x94348744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8427FA49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 842B94D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 842C0500 4 Bytes [36, B5, C3, 93] {MOV CH, 0xc3; XCHG EBX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 842C0528 4 Bytes [BA, 07, 33, 94]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 842C0588 4 Bytes [52, BF, C3, 93]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 842C05DC 8 Bytes [7A, 6D, C4, 93, C6, 6D, C4, ...] {JP 0x6f; LES EDX, [EBX-0x6c3b923a]}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 842C05E8 4 Bytes [48, 6F, C4, 93]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8444EC88 5 Bytes JMP 9434561C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 844672B0 5 Bytes JMP 94347116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8447C3F7 4 Bytes CALL 93C3D959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8449620E 4 Bytes CALL 93C3D96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 8452010E 7 Bytes JMP 94348748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8C79FB2E]
    .text USBPORT.SYS!DllUnload 95B2EDB9 5 Bytes JMP 878BB410
    .text anfredtm.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 95BAC900 11 Bytes [C6, 35, 83, 32, 0D, BA, 27, ...]
    .text anfredtm.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + C 95BAC90C 36 Bytes [A6, 26, C1, 0D, F1, 73, 90, ...]
    ? C:\Windows\System32\Drivers\anfredtm.SYS suspicious PE modification
    .text kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text user32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes [E9, 0A, 5C, 74, 89] {JMP 0x89745c0f}
    .text user32.dll!UnhookWinEvent 76ACB750 5 Bytes [E9, A7, 4C, 74, 89] {JMP 0x89744cac}
    .text user32.dll!SetWindowsHookExW 76ACE30C 5 Bytes [E9, F3, 24, 74, 89] {JMP 0x897424f8}
    .text user32.dll!SetWinEventHook 76AD24DC 5 Bytes [E9, 17, DD, 73, 89] {JMP 0x8973dd1c}
    .text user32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes [E9, EF, 98, 71, 89] {JMP 0x897198f4}

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[108] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600
    .text C:\Program Files\iPod\bin\iPodService.exe[368] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\iPod\bin\iPodService.exe[368] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\iPod\bin\iPodService.exe[368] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[368] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00110A08
    .text C:\Program Files\iPod\bin\iPodService.exe[368] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001103FC
    .text C:\Program Files\iPod\bin\iPodService.exe[368] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00110804
    .text C:\Program Files\iPod\bin\iPodService.exe[368] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001101F8
    .text C:\Program Files\iPod\bin\iPodService.exe[368] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00110600
    .text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8
    .text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[468] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600
    .text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[580] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8
    .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[616] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600
    .text C:\Windows\system32\services.exe[628] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[648] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[656] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[692] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[740] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\Dwm.exe[740] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\Dwm.exe[740] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[740] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\Dwm.exe[740] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\Dwm.exe[740] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804
    .text C:\Windows\system32\Dwm.exe[740] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\Dwm.exe[740] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[844] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe[956] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600
    .text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00310A08
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003103FC
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00310804
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003101F8
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00310600
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 008C0A08
    .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 008C03FC
    .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 008C0804
    .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 008C01F8
    .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 008C0600
    .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\Hpservice.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1260] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001A0A08
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001A03FC
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001A0804
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001A01F8
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001A0600
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00230A08
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002303FC
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00230804
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002301F8
    .text C:\Program Files\Steam\GameOverlayUI.exe[1304] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00230600
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8
    .text C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1308] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000903FC
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000901F8
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!LoadLibraryExA 76D144AE 5 Bytes JMP 7719004A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!LoadLibraryExW 76D150C1 5 Bytes JMP 7719000A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!LoadLibraryA 76D1DC65 5 Bytes JMP 771900CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!LoadLibraryW 76D1EF42 5 Bytes JMP 7719008A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!FreeLibrary 76D1EF67 5 Bytes JMP 7719010A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!RegisterRawInputDevices 76AC5B52 4 Bytes JMP 771906CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!ShowCursor 76AC64D3 5 Bytes JMP 771902CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetAsyncKeyState 76ACA256 5 Bytes JMP 771903CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetCursorPos 76ACA4B3 5 Bytes JMP 7719028A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00370A08
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003703FC
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00370804
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetMessageA 76AD1899 5 Bytes JMP 7719050A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!PeekMessageA 76AD19A5 5 Bytes JMP 7719058A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003701F8
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetKeyState 76AD2B4D 5 Bytes JMP 7719040A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!DispatchMessageA 76AD2E32 5 Bytes JMP 7719048A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetCursor 76AD3075 4 Bytes JMP 7719030A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!PeekMessageW 76AD634A 5 Bytes JMP 771905CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!DispatchMessageW 76ADCC61 5 Bytes JMP 771904CA
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetMessageW 76ADCDE8 5 Bytes JMP 7719054A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!ClipCursor 76ADF8F7 4 Bytes JMP 7719064A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetCapture 76AF6932 4 Bytes JMP 7719034A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetKeyboardState 76AF6946 4 Bytes JMP 7719044A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!ReleaseCapture 76AF69F2 5 Bytes JMP 7719038C
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00370600
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!SetCursorPos 76B0C1B0 5 Bytes JMP 7719024A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetRawInputBuffer 76B17190 5 Bytes JMP 7719060A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] USER32.dll!GetClipCursor 76B24B09 4 Bytes JMP 7719068A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] SHELL32.dll!ShellExecuteExW 758F1DF6 5 Bytes JMP 7719020A
    .text C:\Program Files\Steam\steamapps\common\Football Manager 2013\fm.exe[1360] SHELL32.dll!ShellExecuteEx 75B17422 5 Bytes JMP 771901CA
    .text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 76D1F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1472] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Steam\Steam.exe[1520] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000703FC
    .text C:\Program Files\Steam\Steam.exe[1520] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000701F8
    .text C:\Program Files\Steam\Steam.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Steam\Steam.exe[1520] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00120A08
    .text C:\Program Files\Steam\Steam.exe[1520] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001203FC
    .text C:\Program Files\Steam\Steam.exe[1520] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00120804
    .text C:\Program Files\Steam\Steam.exe[1520] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001201F8
    .text C:\Program Files\Steam\Steam.exe[1520] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00120600
    .text C:\Windows\system32\nvvsvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\PEV.DAT[1632] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\PEV.DAT[1632] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\PEV.DAT[1632] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1680] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8
    .text C:\Program Files\DAEMON Tools Pro\DTAgent.exe[1764] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600
    .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000A03FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000A01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2212] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600
    .text C:\Windows\system32\AUDIODG.EXE[2320] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2520] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2520] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2520] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 003403FC
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 003401F8
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 003F0A08
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003F03FC
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 003F0804
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003F01F8
    .text C:\Program Files\uTorrent\uTorrent.exe[2584] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 003F0600
    .text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08
    .text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC
    .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804
    .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8
    .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600
    .text C:\Windows\Explorer.EXE[2820] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\Explorer.EXE[2820] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\Explorer.EXE[2820] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2820] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00110A08
    .text C:\Windows\Explorer.EXE[2820] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001103FC
    .text C:\Windows\Explorer.EXE[2820] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00110804
    .text C:\Windows\Explorer.EXE[2820] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001101F8
    .text C:\Windows\Explorer.EXE[2820] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00110600
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000B03FC
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000B01F8
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00150A08
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001503FC
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00150804
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001501F8
    .text C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe[2996] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00150600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3092] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600
    .text C:\Windows\system32\svchost.exe[3172] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[3172] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[3172] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3172] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00900A08
    .text C:\Windows\system32\svchost.exe[3172] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 009003FC
    .text C:\Windows\system32\svchost.exe[3172] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00900804
    .text C:\Windows\system32\svchost.exe[3172] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 009001F8
    .text C:\Windows\system32\svchost.exe[3172] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00900600
    .text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[3336] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3336] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00220A08
    .text C:\Windows\System32\svchost.exe[3336] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002203FC
    .text C:\Windows\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00220804
    .text C:\Windows\System32\svchost.exe[3336] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002201F8
    .text C:\Windows\System32\svchost.exe[3336] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00220600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600
    .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\SearchIndexer.exe[3552] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3552] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08
    .text C:\Windows\system32\SearchIndexer.exe[3552] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC
    .text C:\Windows\system32\SearchIndexer.exe[3552] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804
    .text C:\Windows\system32\SearchIndexer.exe[3552] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8
    .text C:\Windows\system32\SearchIndexer.exe[3552] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3636] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3668] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00190A08
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001903FC
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00190804
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001901F8
    .text C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe[3836] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00190600
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3940] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600
    .text C:\Windows\system32\taskhost.exe[3984] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskhost.exe[3984] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskhost.exe[3984] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[3984] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000E0A08
    .text C:\Windows\system32\taskhost.exe[3984] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000E03FC
    .text C:\Windows\system32\taskhost.exe[3984] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000E0804
    .text C:\Windows\system32\taskhost.exe[3984] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000E01F8
    .text C:\Windows\system32\taskhost.exe[3984] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000E0600
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] ntdll.dll!DbgBreakPoint 7737410C 1 Byte [C3]
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] ntdll.dll!DbgUiRemoteBreakin 773DF17D 5 Bytes JMP 7739E342 C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8
    .text C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe[3988] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 88, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 8B, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 88, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 89, 1C, 00] {TEST AL, 0x89; SBB AL, 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 76387A2C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 8A, 1C, 00] {TEST AL, 0x8a; SBB AL, 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 89, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 8A, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76387ABD C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 88, 1C, 00] {TEST AL, 0x88; SBB AL, 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 76387C7B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 89, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 8A, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 8B, 1C, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001E03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001E01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 003A0A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003A03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 003A0804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003A01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4204] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 003A0600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, D0, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, D3, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, D0, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, D1, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 7638A374 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, D2, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, D1, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, D2, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 7638A405 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, D0, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 7638A5C3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, D1, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, D2, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, D3, 45, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 004703FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 004701F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00570A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 005703FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00570804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 005701F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00570600
    .text C:\Windows\System32\svchost.exe[4432] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[4432] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[4432] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[4432] user32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 002D0A08
    .text C:\Windows\System32\svchost.exe[4432] user32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002D03FC
    .text C:\Windows\System32\svchost.exe[4432] user32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 002D0804
    .text C:\Windows\System32\svchost.exe[4432] user32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002D01F8
    .text C:\Windows\System32\svchost.exe[4432] user32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 002D0600
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001503FC
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001501F8
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 002F0A08
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002F03FC
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 002F0804
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002F01F8
    .text C:\Users\Ben\AppData\Local\Temp\nssDBD6.tmp\nsF975.tmp[4672] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 002F0600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 38, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 3B, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 38, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 39, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 763909DC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 3A, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 39, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 3A, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76390A6D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 38, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 76390C2B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 39, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 3A, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 3B, AC, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 00AD03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 00AD01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00B90A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 00B903FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00B90804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 00B901F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4908] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00B90600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 34, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 37, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 34, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 35, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 763946D8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 36, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 35, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 36, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76394769 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 34, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 76394927 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 35, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 36, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 37, E9, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 00EB03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 00EB01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00F40A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 00F403FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00F40804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 00F401F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[4976] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00F40600
    .text C:\Windows\system32\conhost.exe[5048] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000303FC
    .text C:\Windows\system32\conhost.exe[5048] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000301F8
    .text C:\Windows\system32\conhost.exe[5048] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\conhost.exe[5048] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08
    .text C:\Windows\system32\conhost.exe[5048] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC
    .text C:\Windows\system32\conhost.exe[5048] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804
    .text C:\Windows\system32\conhost.exe[5048] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8
    .text C:\Windows\system32\conhost.exe[5048] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001503FC
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001501F8
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8
    .text C:\Program Files\mkv2vob\mkv2vob.exe[5052] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00210A08
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002103FC
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00210804
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002101F8
    .text C:\Users\Ben\Downloads\blldwoqu.exe[5480] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00210600
    .text C:\Windows\system32\DllHost.exe[5560] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000503FC
    .text C:\Windows\system32\DllHost.exe[5560] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000501F8
    .text C:\Windows\system32\DllHost.exe[5560] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\DllHost.exe[5560] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00070A08
    .text C:\Windows\system32\DllHost.exe[5560] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000703FC
    .text C:\Windows\system32\DllHost.exe[5560] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00070804
    .text C:\Windows\system32\DllHost.exe[5560] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000701F8
    .text C:\Windows\system32\DllHost.exe[5560] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00070600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 70, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 73, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 70, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 71, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 76387D14 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 72, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 71, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 72, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76387DA5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 70, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 76387F63 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 71, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 72, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 73, 1F, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 002103FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 002101F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 003D0A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003D03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 003D0804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003D01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 003D0600
    .text C:\Users\Ben\Downloads\dds.scr[5872] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Users\Ben\Downloads\dds.scr[5872] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Users\Ben\Downloads\dds.scr[5872] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\Downloads\dds.scr[5872] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08
    .text C:\Users\Ben\Downloads\dds.scr[5872] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC
    .text C:\Users\Ben\Downloads\dds.scr[5872] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804
    .text C:\Users\Ben\Downloads\dds.scr[5872] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8
    .text C:\Users\Ben\Downloads\dds.scr[5872] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 20, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 23, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 20, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 21, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 763925C4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 22, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 21, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 22, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76392655 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 20, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 76392813 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 21, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 22, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 23, C8, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 00C903FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 00C901F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00D90A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 00D903FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00D90804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 00D901F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6012] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00D90600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 98, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 9B, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 98, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 99, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 7638AC3C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 9A, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 99, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 9A, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 7638ACCD C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 98, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 7638AE8B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 99, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 9A, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 9B, 4E, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 005003FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 005001F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 005C0A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 005C03FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 005C0804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 005C01F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6024] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 005C0600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, E4, D5, 00] {SUB AH, AH; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, E7, D5, 00] {SUB BH, AH; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, E4, D5, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, E5, D5, 00] {TEST AL, 0xe5; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 76393388 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, E6, D5, 00] {TEST AL, 0xe6; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, E5, D5, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, E6, D5, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 76393419 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, E4, D5, 00] {TEST AL, 0xe4; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 763935D7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, E5, D5, 00] {SUB CH, AH; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, E6, D5, 00] {SUB DH, AH; AAD 0x0}
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, E7, D5, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 00D703FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 00D701F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00F30A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 00F303FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00F30804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 00F301F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00F30600
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + 6 773855CE 4 Bytes [28, 00, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + B 773855D3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77385C2E 1 Byte [28]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77385C2E 4 Bytes [28, 03, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + B 77385C33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + 6 77385CDE 4 Bytes [68, 00, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + B 77385CE3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + 6 77385D8E 4 Bytes [A8, 01, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + B 77385D93 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + 6 77385D9E 4 Bytes CALL 7638EDA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + B 77385DA3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6 77385DAE 4 Bytes [A8, 02, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B 77385DB3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + 6 77385E0E 4 Bytes [68, 01, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + B 77385E13 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + 6 77385E1E 4 Bytes [68, 02, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + B 77385E23 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6 77385E2E 4 Bytes CALL 7638EE35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B 77385E33 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + 6 77385F3E 4 Bytes [A8, 00, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + B 77385F43 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + 6 77385FEE 4 Bytes CALL 7638EFF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B 77385FF3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + 6 7738663E 4 Bytes [28, 01, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + B 77386643 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + 6 7738669E 4 Bytes [28, 02, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + B 773866A3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 1 Byte [68]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 773869BE 4 Bytes [68, 03, 90, 00]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + B 773869C3 1 Byte [E2]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 009203FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 009201F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00A10A08
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 00A103FC
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00A10804
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 00A101F8
    .text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[6068] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00A10600
    .text C:\Windows\system32\NOTEPAD.EXE[6676] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 000903FC
    .text C:\Windows\system32\NOTEPAD.EXE[6676] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 000901F8
    .text C:\Windows\system32\NOTEPAD.EXE[6676] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\NOTEPAD.EXE[6676] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00170A08
    .text C:\Windows\system32\NOTEPAD.EXE[6676] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001703FC
    .text C:\Windows\system32\NOTEPAD.EXE[6676] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00170804
    .text C:\Windows\system32\NOTEPAD.EXE[6676] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001701F8
    .text C:\Windows\system32\NOTEPAD.EXE[6676] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00170600
    .text C:\Windows\system32\cmd.exe[7568] ntdll.dll!LdrUnloadDll 7739C86E 5 Bytes JMP 001603FC
    .text C:\Windows\system32\cmd.exe[7568] ntdll.dll!LdrLoadDll 773A223E 5 Bytes JMP 001601F8
    .text C:\Windows\system32\cmd.exe[7568] kernel32.dll!GetBinaryTypeW + 70 76D369F4 1 Byte [62]
    .text C:\Windows\system32\cmd.exe[7568] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08
    .text C:\Windows\system32\cmd.exe[7568] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC
    .text C:\Windows\system32\cmd.exe[7568] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804
    .text C:\Windows\system32\cmd.exe[7568] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8
    .text C:\Windows\system32\cmd.exe[7568] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186ac0c60
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x85 0xC4 0x9A 0x94 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x8B 0xA4 0xB9 0x4E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x44 0x43 0x9B 0xD8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA3 0xFC 0xC7 0x1A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\swcustcfg
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186ac0c60 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xC0 0x4B 0x33 0x75 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x8B 0xA4 0xB9 0x4E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x44 0x43 0x9B 0xD8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA3 0xFC 0xC7 0x1A ...
    Reg HKLM\SYSTEM\ControlSet002\services\swcustcfg (not active ControlSet)

    ---- EOF - GMER 2.0 ----
     
  2. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    Just giving this one a bump - apologies if I haven't waited long enough before doing so.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  4. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    Thanks for your help, Derek. Here's the contents of that log:

    # AdwCleaner v2.109 - Logfile created 02/02/2013 at 22:24:10
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Ben - BEN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Ben\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\pdi0hh9j.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1112 octets] - [02/02/2013 22:24:10]

    ########## EOF - C:\AdwCleaner[R1].txt - [1172 octets] ##########
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that didn't find what it normally does, but Chrome is almost impossible to find malicious addons in
    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  6. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    Thanks, I've done that. Am I able to re-sync at any point, or do I need to manually add all of my bookmarks etc again?
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you can possibly just be able to sync bookmarks, without reinstalling all the problematic addons

    did it cure it though or are you still having problems
     
  8. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    Great, thank you.

    The random linking is gone, but Avast! still popped up with a rootkit virus when I booted.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets see what this shows us for the rootkit

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  10. hermolt

    hermolt Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    6
    The Combofix log below:

    ComboFix 13-02-02.05 - Ben 03/02/2013 3:30.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3069.2316 [GMT 11:00]
    Running from: c:\users\Ben\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Ben\AppData\Roaming\inst.exe
    c:\users\Ben\AppData\Roaming\vso_ts_preview.xml
    c:\windows\system32\roboot.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-02 01:09 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADC77DA4-35FD-4242-A3BC-DEB033ADC02B}\mpengine.dll
    2013-01-27 23:29 . 2013-01-27 23:29 -------- d-----w- c:\users\Ben\AppData\Local\Macromedia
    2013-01-27 14:35 . 2013-01-27 14:35 -------- d-----w- c:\programdata\RegistryOptimizerFree
    2013-01-27 14:35 . 2013-01-27 14:35 -------- d-----w- c:\users\Ben\AppData\Roaming\RegistryOptimizerFree
    2013-01-27 14:34 . 2013-01-27 14:35 -------- d-----w- c:\program files\RegistryOptimizerFree
    2013-01-27 14:32 . 2013-01-29 19:49 -------- d-----w- c:\users\Ben\AppData\Local\Coupon Companion Plugin
    2013-01-27 14:25 . 2013-01-27 14:25 -------- d-----w- c:\users\Ben\AppData\Roaming\Nico Mak Computing
    2013-01-27 14:24 . 2013-01-27 14:25 -------- d-----w- c:\program files\WinZip Registry Optimizer
    2013-01-27 10:59 . 2013-01-27 11:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-27 10:46 . 2013-01-27 10:46 -------- d-----w- c:\users\Ben\AppData\Local\Programs
    2013-01-27 08:08 . 2013-01-27 08:12 -------- d-----w- c:\program files\AVIAddXSubs
    2013-01-22 11:29 . 2013-01-22 11:29 -------- d-----w- c:\users\Ben\AppData\Local\Hewlett-Packard
    2013-01-22 11:12 . 2013-01-22 11:29 -------- d-----w- c:\programdata\Hewlett-Packard
    2013-01-20 06:14 . 2013-01-20 06:14 -------- d-----w- c:\users\Ben\AppData\Roaming\mkvtoolnix
    2013-01-20 06:13 . 2013-01-20 06:14 -------- d-----w- c:\program files\MKVToolNix
    2013-01-17 08:24 . 2013-01-17 08:24 29184 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
    2013-01-17 08:24 . 2013-01-17 08:24 -------- d-----w- c:\program files\mkv2vob
    2013-01-17 08:23 . 2013-01-17 08:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-12 00:56 . 2013-01-12 00:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-01-12 00:56 . 2013-01-12 00:56 -------- d-----w- c:\program files\QuickTime
    2013-01-09 01:47 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 01:47 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 01:46 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 01:45 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 01:43 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
    2013-01-09 01:42 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 01:42 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-08 10:00 . 2012-08-21 02:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-08 09:58 . 2013-01-08 09:58 -------- d-----w- c:\program files\iPod
    2013-01-08 09:58 . 2013-01-08 10:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-08 09:58 . 2013-01-08 10:00 -------- d-----w- c:\program files\iTunes
    2013-01-08 09:55 . 2013-01-08 09:55 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-16 14:28 . 2009-10-30 05:16 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 11:00 . 2012-05-10 22:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-09 11:00 . 2011-05-24 08:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 14:13 . 2013-01-02 16:01 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2013-01-02 16:01 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-14 05:49 . 2010-08-03 07:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-12 11:52 . 2012-12-12 08:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42 . 2012-12-12 08:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2008-08-16 06:42 . 2013-01-27 23:40 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 06:42 . 2013-01-27 23:40 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 06:42 . 2013-01-27 23:40 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 06:42 . 2013-01-27 23:40 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 06:43 . 2013-01-27 23:40 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 06:42 . 2013-01-27 23:40 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 06:42 . 2013-01-27 23:40 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-20 21:41 . 2013-01-27 23:40 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-20 21:41 . 2013-01-27 23:40 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-20 21:41 . 2013-01-27 23:40 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 02:58 . 2013-01-27 23:40 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 06:42 . 2013-01-27 23:40 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2013-01-27 23:40 . 2013-01-27 23:40 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\Steam.exe" [2012-12-03 1354736]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-27 969104]
    "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
    "Spotify"="c:\users\Ben\AppData\Roaming\Spotify\Spotify.exe" [2012-11-03 7880664]
    "Spotify Web Helper"="c:\users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-03 1199576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 136600]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "BigPondWirelessBroadbandCM"="c:\program files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-08-11 6198168]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2012-03-08 08:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [x]
    R3 massfilter;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [x]
    R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [x]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 11:00]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 21:09]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 21:09]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-372342477-3707376604-3207891551-1000Core.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-02 12:52]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-372342477-3707376604-3207891551-1000UA.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-02 12:52]
    .
    2013-02-02 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
    - c:\program files\WinZip Registry Optimizer\Winzipro.exe [2013-01-27 23:33]
    .
    2013-01-29 c:\windows\Tasks\Registry Optimizer_UPDATES.job
    - c:\program files\WinZip Registry Optimizer\Winzipro.exe [2013-01-27 23:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: health.gov.au\desktop
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\pdi0hh9j.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    .
    Binary file temp00 matches
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-03 03:46:36
    ComboFix-quarantined-files.txt 2013-02-02 16:46
    .
    Pre-Run: 3,776,008,192 bytes free
    Post-Run: 3,811,352,576 bytes free
    .
    - - End Of File - - 4811856A7C5A8149E5E7AF78958C4314
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    so far nothing is finding any rootkits
    What exactly does Avast say when it detects it
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice