Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unresponsive Internet Explorer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:19 pm

.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am
Advertisement
Register to Remove

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:20 pm

.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001001a0a08
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010040075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004003a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100400b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100400ecc
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:22 pm

.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001001a0a08
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010040075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004003a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100400b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100400ecc
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:25 pm

.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001001a0a08
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010040075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004003a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100400b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100400ecc
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby deltalima » June 6th, 2013, 2:09 pm

Hi heyoka05,

Please Uninstall the following prtograms.

Yontoo 1.12.02
Freecorder 5
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Firefox
Freecorder extension x64
Freecorder Toolbar


Next

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledAddons: addon@freecorder.com :7.0.0.13
    O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
    O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    :services
    :reg
    :files
    C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\addon@freecorder.com
    C:\Program Files (x86)\Freecorder extension
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:49 pm

Here's the rest of the GMER txt .......your system became unresponsive as I was uploading it

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100400ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010040163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100401284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004019f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3084] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100120a08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3172] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\svchost.exe[3868] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\svchost.exe[4020] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 00000001003d075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001003d03a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 00000001003d0b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 00000001003d0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001003d163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 00000001003d1284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:50 pm

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001003d19f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[384] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\SearchIndexer.exe[3540] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010021075c
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001002103a4
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100210b14
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100210ecc
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010021163c
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100211284
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:50 pm

C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001002119f4
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\System32\hkcmd.exe[4184] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4224] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010022075c
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001002203a4
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100220b14
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100220ecc
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010022163c
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100221284
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001002219f4
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\taskeng.exe[4308] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010045075c
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004503a4
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100450b14
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100450ecc
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010045163c
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100451284
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:51 pm

C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004519f4
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\System32\igfxpers.exe[4332] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\IDT\WDM\sttray64.exe[4460] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100271014
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100270804
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100270a08
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100270c0c
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100270e10
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002701f8
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002703fc
.text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4612] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100270600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4672] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000b0a08
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000e01f8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000e03fc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000e0804
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000e0600
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000e0a08
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001001e1014
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001001e0804
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001001e0a08
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001001e0c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001001e0e10
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001e01f8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001e03fc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4732] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001001e0600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000b1014
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000b0c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000b0e10
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4744] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000b0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010039075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001003903a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100390b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100390ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010039163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100391284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001003919f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4816] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4880] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:51 pm

C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001002a03a4
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 00000001002a0b14
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 00000001002a0ecc
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001002a163c
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 00000001002a1284
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001002a19f4
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\System32\svchost.exe[5100] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\DllHost.exe[5288] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002e01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002e03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001002e0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001002e0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001002e0a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 00000001003a0b14
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001003a163c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 00000001003a1284
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001003a19f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6048] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010014075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001001403a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100140b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100140ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010014163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100141284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001001419f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:52 pm

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6132] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4920] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100110a08
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010016075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001001603a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100160b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010016163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100161284
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001001619f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2808] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\System32\svchost.exe[4560] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 00000001001e075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001001e03a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 00000001001e0b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001001e163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 00000001001e1284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001001e19f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[3704] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 6 bytes {NOP ; JMP 0xffffffff8938cc7c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 6 bytes {NOP ; JMP 0xffffffff89388914}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 6 bytes {NOP ; JMP 0xffffffff8935f684}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 6 bytes {NOP ; JMP 0xffffffff8935f9dc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 6 bytes {NOP ; JMP 0xffffffff8936006c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 6 bytes {NOP ; JMP 0xffffffff8935fa74}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 6 bytes {NOP ; JMP 0xffffffff8935f1b4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 6 bytes {NOP ; JMP 0xffffffff8001afac}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 6 bytes {NOP ; JMP 0xffffffff8001a064}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 6 bytes {NOP ; JMP 0xffffffff80018e50}
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 6 bytes {NOP ; JMP 0xffffffff80019060}
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\user32.DLL!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002e01f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002e03fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001002e0804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001002e0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001002e0a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001801f8
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001803fc
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100180804
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100180600
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100180a08
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe[3428] C:\Windows\SysWOW64\sechost.dll!DeleteService
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:52 pm

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002de45984 4 bytes [BF, 49, 1D, 1B]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000b1014
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000b0c0c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000b0e10
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000771df9c0 5 bytes JMP 00000001729c5f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 00000000771df9d8 5 bytes JMP 00000001729c6411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000771dfa08 5 bytes JMP 00000001729c016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000771dfa20 5 bytes JMP 00000001729bfbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000771dfa70 5 bytes JMP 00000001729bfa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000771dfa88 2 bytes JMP 00000001729bfb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 00000000771dfa8b 2 bytes [7E, FB]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000771dfb20 5 bytes JMP 00000001729c0424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000771dfc18 5 bytes JMP 00000001729c4369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000771dfd2c 5 bytes JMP 00000001729bf9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000771dfd44 5 bytes JMP 00000001729c4959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000771dfd78 5 bytes JMP 00000001729c39de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000771dfe24 5 bytes JMP 00000001729c5fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000771dfe3c 5 bytes JMP 00000001729c4adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771e0094 5 bytes JMP 00000001729c4791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771e01a4 5 bytes JMP 00000001729bfc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000771e09c4 5 bytes JMP 00000001729c4584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000771e09dc 5 bytes JMP 00000001729bcc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000771e0a24 5 bytes JMP 00000001729bcd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 00000000771e0b60 5 bytes JMP 00000001729bccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000771e0f50 5 bytes JMP 00000001729bfcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771e0f68 5 bytes JMP 00000001729bff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000771e0ff8 5 bytes JMP 00000001729c01fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000771e131c 5 bytes JMP 00000001729c4b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000771e145c 5 bytes JMP 00000001729bfec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000771e1508 5 bytes JMP 00000001729c6389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 00000000771e16f8 1 byte JMP 00000001729bd138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2 00000000771e16fa 3 bytes {JMP 0xfffffffffb7dba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000771e1a38 5 bytes JMP 00000001729bfacc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000771e1b7c 5 bytes JMP 00000001729c616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 00000000753c103d 5 bytes JMP 00000001729993a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 00000000753c1072 5 bytes JMP 00000001729994e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 00000000753ec9b5 5 bytes JMP 000000017299971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!SetDllDirectoryW 00000000754400c3 5 bytes JMP 0000000172999efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!SetDllDirectoryA 000000007544016b 5 bytes JMP 000000017299a231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000075442c91 5 bytes JMP 0000000172999aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!AllocConsole 0000000075466b3e 5 bytes JMP 00000001729c7431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNEL32.dll!AttachConsole 0000000075466c02 5 bytes JMP 00000001729c7443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076692aa4 5 bytes JMP 000000017299a43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766e8a29 5 bytes JMP 00000001729c7419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000766ed22e 5 bytes JMP 00000001729c7401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076aed2b2 5 bytes JMP 00000001729a7617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 0000000076aed7bb 5 bytes JMP 00000001729a75fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000076981e3a 7 bytes JMP 00000001729aa3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 000000007698b466 7 bytes JMP 00000001729ab2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000769a78ff 7 bytes JMP 00000001729aaa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000769a79bb 7 bytes JMP 00000001729aac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000769aa3e2 7 bytes JMP 00000001729ab3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000769c2538 5 bytes JMP 000000017299985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 00000000769e1b94 7 bytes JMP 00000001729aab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 00000000769e1c31 7 bytes JMP 00000001729aacc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 00000000769e2021 7 bytes JMP 00000001729ab21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000769e2104 7 bytes JMP 00000001729aa470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 00000000769e2221 5 bytes JMP 00000001729ab15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000076ce4d5c 7 bytes JMP 00000001729aa1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076ce4dc3 7 bytes JMP 00000001729aa527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076ce4e4b 7 bytes JMP 00000001729aa28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076ce4eaf 7 bytes JMP 00000001729aa31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000076ce4f35 7 bytes JMP 00000001729aa079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!StartServiceA 0000000076ce508d 7 bytes JMP 00000001729aa10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 0000000076ce50f4 7 bytes JMP 00000001729ab02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076ce5a83 7 bytes JMP 00000001729aae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076ce5b29 7 bytes JMP 00000001729aadc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076ce5ca0 7 bytes JMP 00000001729a9535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076ce5d8c 7 bytes JMP 00000001729a94bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 0000000076ce63ad 7 bytes JMP 00000001729a9a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 0000000076ce64f0 7 bytes JMP 00000001729a9b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076ce6633 7 bytes JMP 00000001729aaf90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 0000000076ce680c 7 bytes JMP 00000001729aaef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000076ce714b 7 bytes JMP 00000001729a9bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000076ce7245 7 bytes JMP 00000001729a9c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 00000000767dc56e 5 bytes JMP 00000001729b11c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 00000000767dea09 7 bytes JMP 00000001729b1795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!OleRun 00000000767e07de 5 bytes JMP 00000001729b1650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000767e21e1 5 bytes JMP 00000001729b22c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000767eeba1 6 bytes JMP 00000001729b156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000767eefd7 5 bytes JMP 00000001729b14ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000767f26b9 5 bytes JMP 00000001729b133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768054ad 5 bytes JMP 00000001729b2853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000768109ad 5 bytes JMP 00000001729b13af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000768186d3 5 bytes JMP 00000001729b1431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076819d0b 5 bytes JMP 00000001729b3b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076819d4e 5 bytes JMP 00000001729b1c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007683bb09 7 bytes JMP 00000001729b16c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007685eacf 5 bytes JMP 00000001729b0c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007689340b 5 bytes JMP 00000001729b2d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 00000000768dcfd9 5 bytes JMP 00000001729b15da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 00000000750a279e 5 bytes JMP 00000001729b0eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 00000000750a3294 5 bytes JMP 00000001729b0fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5348] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 00000000750b8f40 5 bytes JMP 00000001729b1048
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4248] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\user32.DLL!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\user32.DLL!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002501f8
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002503fc
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100250804
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100250600
.text C:\Users\bigdog\Desktop\cumfnxfg.exe[7012] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100250a08
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 5:53 pm

hreads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4816:4384] 000007fefb652a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4816:2720] 000007fef20dd618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4816:2752] 000007fef20dd618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4816:4632] 000007fef7a85124

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 13
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 332384
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afa1f6af
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 13
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 332384
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afa1f6af (not active ControlSet)

---- EOF - GMER 2.1 ----
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby deltalima » June 6th, 2013, 5:58 pm

Hi heyoka05,

Please Uninstall the following prtograms.

Yontoo 1.12.02
Freecorder 5
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Firefox
Freecorder extension x64
Freecorder Toolbar


Next

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledAddons: addon@freecorder.com :7.0.0.13
    O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
    O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
    :services
    :reg
    :files
    C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\addon@freecorder.com
    C:\Program Files (x86)\Freecorder extension
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 6:24 pm

Internet Explorer seems to be running normally again

here's the text


Files\Folders moved on Reboot...
C:\Users\bigdog\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTVSQD2R\01[1].htm not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTVSQD2R\md[3].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTVSQD2R\RSltPrc[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1I9BC7C\um[1].htm moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ9M05GN\4676077267[1].htm not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ9M05GN\DtCol[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ9M05GN\yql[3].js moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N21XCHNY\aceUAC[1].htm moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N21XCHNY\st[1] not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N21XCHNY\visit[1].js moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M65K52YL\st[1] not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M65K52YL\swp[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWI5T8QA\getInPage[1].htm moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWI5T8QA\st[1] not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1G35DLU\cs[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1G35DLU\swp[1].htm moved successfully.
File\Folder C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3HXN10\01[1].htm not found!
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3HXN10\adServerESI[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3HXN10\RSltPrc[1].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3HXN10\visit[1].js moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D3HXN10\welcome[9].htm moved successfully.
C:\Users\bigdog\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj04.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware