Topic: Sony Laptop Freezing and going Slow
View Single Post
  #11  
Old June 6th, 2013, 02:10 AM
SirSnoop SirSnoop is offline
Senior Member
  
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 35
Posts: 566
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075391465 2 bytes [39, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753914bb 2 bytes [39, 75]
.text ... * 2
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000f01f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000f03fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000f0804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000f0600
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000f0a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100101014
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100100804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100100a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100100c0c
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100100e10
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001001f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001003fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100100600
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010022075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002203a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100220b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100220ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010022163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100221284
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002219f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000d01f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000d03fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000d0804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000d0600
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000d0a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000e1014
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000e0804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000e0a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000e0c0c
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000e0e10
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000e01f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000e03fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000e0600
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
Reply With Quote