API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 21st, 2013
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 116.39 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19163 - http://www.gmer.net
  2. Rootkit scan 2013-07-21 17:44:48
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 M4-CT128 rev.000F 119,24GB
  4. Running: ow6cus0p.exe; Driver: C:\Users\Yves\AppData\Local\Temp\fwloqpod.sys
  5.  
  6.  
  7. ---- User code sections - GMER 2.1 ----
  8.  
  9. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001001d091c
  10. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001001d0048
  11. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001d02ee
  12. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001d04b2
  13. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001d09fe
  14. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001001d0ae0
  15. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010003004c
  16. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001001d012a
  17. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001001d0758
  18. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001001d0676
  19. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001d03d0
  20. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001001d0594
  21. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001001d083a
  22. .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001001d020c
  23. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010027091c
  24. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100270048
  25. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002702ee
  26. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002704b2
  27. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002709fe
  28. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100270ae0
  29. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  30. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010027012a
  31. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100270758
  32. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100270676
  33. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002703d0
  34. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100270594
  35. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010027083a
  36. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010027020c
  37. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100270f52
  38. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100280210
  39. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100280048
  40. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a69a9d1}
  41. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100270ca6
  42. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002803d8
  43. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010028012c
  44. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002802f4
  45. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100270e6e
  46. .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[468] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002804bc
  47. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001001a091c
  48. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001001a0048
  49. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001a02ee
  50. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001a04b2
  51. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001a09fe
  52. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001001a0ae0
  53. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  54. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001001a012a
  55. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001001a0758
  56. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001001a0676
  57. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001a03d0
  58. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001001a0594
  59. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001001a083a
  60. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001001a020c
  61. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001001b059e
  62. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001001a0f52
  63. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001001b0210
  64. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001001b0048
  65. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a5ca9d1}
  66. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001001a0ca6
  67. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001001b03d8
  68. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001001b012c
  69. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001001b02f4
  70. .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001001a0e6e
  71. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001001d091c
  72. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001001d0048
  73. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001d02ee
  74. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001d04b2
  75. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001d09fe
  76. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001001d0ae0
  77. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  78. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001001d012a
  79. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001001d0758
  80. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001001d0676
  81. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001d03d0
  82. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001001d0594
  83. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001001d083a
  84. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001001d020c
  85. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001001d0f52
  86. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100260210
  87. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100260048
  88. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a67a9d1}
  89. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001001d0ca6
  90. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002603d8
  91. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010026012c
  92. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002602f4
  93. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001001d0e6e
  94. .text C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe[1952] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002604bc
  95. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010029091c
  96. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100290048
  97. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002902ee
  98. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002904b2
  99. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002909fe
  100. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100290ae0
  101. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010003004c
  102. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010029012a
  103. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100290758
  104. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100290676
  105. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002903d0
  106. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100290594
  107. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010029083a
  108. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010029020c
  109. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002a04bc
  110. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100290f52
  111. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001002a0210
  112. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001002a0048
  113. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a6ba9d1}
  114. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100290ca6
  115. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002a03d8
  116. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001002a012c
  117. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002a02f4
  118. .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2116] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100290e6e
  119. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010031091c
  120. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100310048
  121. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001003102ee
  122. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001003104b2
  123. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001003109fe
  124. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100310ae0
  125. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010003004c
  126. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010031012a
  127. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100310758
  128. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100310676
  129. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001003103d0
  130. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100310594
  131. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010031083a
  132. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010031020c
  133. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100310f52
  134. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100320210
  135. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100320048
  136. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a73a9d1}
  137. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100310ca6
  138. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001003203d8
  139. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010032012c
  140. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001003202f4
  141. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100310e6e
  142. .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[2152] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001003204bc
  143. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001003d091c
  144. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001003d0048
  145. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001003d02ee
  146. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001003d04b2
  147. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001003d09fe
  148. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001003d0ae0
  149. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 00000001001f004c
  150. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001003d012a
  151. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001003d0758
  152. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001003d0676
  153. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001003d03d0
  154. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001003d0594
  155. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001003d083a
  156. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001003d020c
  157. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001003e059e
  158. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001003d0f52
  159. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001003e0210
  160. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001003e0048
  161. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a7fa9d1}
  162. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001003d0ca6
  163. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001003e03d8
  164. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001003e012c
  165. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001003e02f4
  166. .text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2188] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001003d0e6e
  167. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010009091c
  168. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100090048
  169. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001000902ee
  170. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001000904b2
  171. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001000909fe
  172. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100090ae0
  173. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  174. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010009012a
  175. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100090758
  176. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100090676
  177. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001000903d0
  178. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100090594
  179. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010009083a
  180. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010009020c
  181. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100090f52
  182. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001000a0210
  183. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001000a0048
  184. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a4ba9d1}
  185. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100090ca6
  186. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001000a03d8
  187. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001000a012c
  188. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001000a02f4
  189. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100090e6e
  190. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001000a04bc
  191. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772c1465 2 bytes [2C, 77]
  192. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772c14bb 2 bytes [2C, 77]
  193. .text ... * 2
  194. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001001c091c
  195. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001001c0048
  196. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001c02ee
  197. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001c04b2
  198. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001c09fe
  199. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001001c0ae0
  200. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  201. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001001c012a
  202. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001001c0758
  203. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001001c0676
  204. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001c03d0
  205. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001001c0594
  206. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001001c083a
  207. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001001c020c
  208. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001001d059e
  209. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001001c0f52
  210. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001001d0210
  211. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001001d0048
  212. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a5ea9d1}
  213. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001001c0ca6
  214. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001001d03d8
  215. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001001d012c
  216. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001001d02f4
  217. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001001c0e6e
  218. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072341a22 2 bytes [34, 72]
  219. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072341ad0 2 bytes [34, 72]
  220. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072341b08 2 bytes [34, 72]
  221. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072341bba 2 bytes [34, 72]
  222. .text C:\Windows\SysWOW64\PnkBstrA.exe[3068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072341bda 2 bytes [34, 72]
  223. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001001d091c
  224. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001001d0048
  225. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001d02ee
  226. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001d04b2
  227. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001d09fe
  228. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001001d0ae0
  229. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  230. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001001d012a
  231. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001001d0758
  232. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001001d0676
  233. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001d03d0
  234. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001001d0594
  235. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001001d083a
  236. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001001d020c
  237. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 000000010026059e
  238. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001001d0f52
  239. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100260210
  240. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100260048
  241. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a67a9d1}
  242. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001001d0ca6
  243. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002603d8
  244. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010026012c
  245. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002602f4
  246. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001001d0e6e
  247. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 0000000073e013c6 2 bytes [E0, 73]
  248. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 0000000073e013f6 2 bytes [E0, 73]
  249. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 0000000073e014ad 2 bytes [E0, 73]
  250. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 0000000073e014db 2 bytes [E0, 73]
  251. .text ... * 2
  252. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000073e01577 2 bytes [E0, 73]
  253. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 0000000073e015d7 2 bytes [E0, 73]
  254. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000073e01794 2 bytes [E0, 73]
  255. .text C:\Windows\SysWOW64\vmnat.exe[2656] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 0000000073e018c1 2 bytes [E0, 73]
  256. .text D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772c1465 2 bytes [2C, 77]
  257. .text D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772c14bb 2 bytes [2C, 77]
  258. .text ... * 2
  259. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010024091c
  260. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100240048
  261. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002402ee
  262. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002404b2
  263. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002409fe
  264. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100240ae0
  265. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  266. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010024012a
  267. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100240758
  268. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100240676
  269. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002403d0
  270. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100240594
  271. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010024083a
  272. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010024020c
  273. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002504bc
  274. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100240f52
  275. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100250210
  276. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100250048
  277. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a66a9d1}
  278. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100240ca6
  279. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002503d8
  280. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010025012c
  281. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002502f4
  282. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100240e6e
  283. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000772c1465 2 bytes [2C, 77]
  284. .text C:\Users\Yves\AppData\Roaming\Dropbox\bin\Dropbox.exe[3228] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000772c14bb 2 bytes [2C, 77]
  285. .text ... * 2
  286. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 00000001000a091c
  287. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 00000001000a0048
  288. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001000a02ee
  289. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001000a04b2
  290. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001000a09fe
  291. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 00000001000a0ae0
  292. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010003004c
  293. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 00000001000a012a
  294. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 00000001000a0758
  295. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 00000001000a0676
  296. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001000a03d0
  297. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 00000001000a0594
  298. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 00000001000a083a
  299. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 00000001000a020c
  300. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001000b059e
  301. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 00000001000a0f52
  302. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001000b0210
  303. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001000b0048
  304. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a4ca9d1}
  305. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 00000001000a0ca6
  306. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001000b03d8
  307. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001000b012c
  308. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001000b02f4
  309. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3444] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 00000001000a0e6e
  310. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010029091c
  311. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100290048
  312. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002902ee
  313. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002904b2
  314. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002909fe
  315. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100290ae0
  316. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  317. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010029012a
  318. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100290758
  319. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100290676
  320. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002903d0
  321. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100290594
  322. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010029083a
  323. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010029020c
  324. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002a0762
  325. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100290f52
  326. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001002a0210
  327. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001002a0048
  328. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a6ba9d1}
  329. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100290ca6
  330. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002a03d8
  331. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001002a012c
  332. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002a02f4
  333. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100290e6e
  334. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772c1465 2 bytes [2C, 77]
  335. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772c14bb 2 bytes [2C, 77]
  336. .text ... * 2
  337. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010029091c
  338. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100290048
  339. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002902ee
  340. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002904b2
  341. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002909fe
  342. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100290ae0
  343. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  344. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010029012a
  345. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100290758
  346. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100290676
  347. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002903d0
  348. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100290594
  349. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010029083a
  350. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010029020c
  351. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100290f52
  352. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 00000001002a0210
  353. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 00000001002a0048
  354. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a6ba9d1}
  355. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100290ca6
  356. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002a03d8
  357. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 00000001002a012c
  358. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002a02f4
  359. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100290e6e
  360. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002a059e
  361. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010018091c
  362. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100180048
  363. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001802ee
  364. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001804b2
  365. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001809fe
  366. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100180ae0
  367. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  368. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010018012a
  369. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100180758
  370. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100180676
  371. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001803d0
  372. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100180594
  373. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010018083a
  374. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010018020c
  375. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001001904bc
  376. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100180f52
  377. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100190210
  378. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100190048
  379. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a5aa9d1}
  380. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100180ca6
  381. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001001903d8
  382. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010019012c
  383. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001001902f4
  384. .text C:\Windows\SysWOW64\vmnetdhcp.exe[4660] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100180e6e
  385. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010027091c
  386. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100270048
  387. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002702ee
  388. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002704b2
  389. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002709fe
  390. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100270ae0
  391. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  392. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010027012a
  393. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100270758
  394. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100270676
  395. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002703d0
  396. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100270594
  397. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010027083a
  398. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010027020c
  399. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100270f52
  400. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100290210
  401. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100290048
  402. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a6aa9d1}
  403. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100270ca6
  404. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002903d8
  405. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010029012c
  406. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002902f4
  407. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100270e6e
  408. .text D:\Program Files\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[1244] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002904bc
  409. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010014091c
  410. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100140048
  411. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001402ee
  412. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001404b2
  413. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001409fe
  414. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100140ae0
  415. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  416. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010014012a
  417. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100140758
  418. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100140676
  419. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001403d0
  420. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100140594
  421. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010014083a
  422. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010014020c
  423. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100140f52
  424. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100150210
  425. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100150048
  426. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a56a9d1}
  427. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100140ca6
  428. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001001503d8
  429. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010015012c
  430. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001001502f4
  431. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100140e6e
  432. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6856] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001001504bc
  433. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010014091c
  434. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100140048
  435. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001001402ee
  436. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001001404b2
  437. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001001409fe
  438. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100140ae0
  439. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010012004c
  440. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010014012a
  441. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100140758
  442. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100140676
  443. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001001403d0
  444. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100140594
  445. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010014083a
  446. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010014020c
  447. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100140f52
  448. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100150210
  449. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100150048
  450. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a56a9d1}
  451. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100140ca6
  452. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001001503d8
  453. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010015012c
  454. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001001502f4
  455. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100140e6e
  456. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7044] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001001504bc
  457. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fc90 5 bytes JMP 000000010028091c
  458. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007778fdf4 5 bytes JMP 0000000100280048
  459. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007778fe88 5 bytes JMP 00000001002802ee
  460. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007778ffe4 5 bytes JMP 00000001002804b2
  461. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077790018 5 bytes JMP 00000001002809fe
  462. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077790048 5 bytes JMP 0000000100280ae0
  463. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077790064 5 bytes JMP 000000010002004c
  464. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007779077c 5 bytes JMP 000000010028012a
  465. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007779086c 5 bytes JMP 0000000100280758
  466. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077790884 5 bytes JMP 0000000100280676
  467. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077790dd4 5 bytes JMP 00000001002803d0
  468. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077791900 5 bytes JMP 0000000100280594
  469. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077791bc4 5 bytes JMP 000000010028083a
  470. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077791d50 5 bytes JMP 000000010028020c
  471. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075be524f 7 bytes JMP 0000000100280f52
  472. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075be53d0 7 bytes JMP 0000000100290210
  473. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075be5677 1 byte JMP 0000000100290048
  474. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075be5679 5 bytes {JMP 0xffffffff8a6aa9d1}
  475. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075be589a 7 bytes JMP 0000000100280ca6
  476. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075be5a1d 7 bytes JMP 00000001002903d8
  477. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075be5c9b 7 bytes JMP 000000010029012c
  478. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075be5d87 7 bytes JMP 00000001002902f4
  479. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075be7240 7 bytes JMP 0000000100280e6e
  480. .text C:\Users\Yves\Downloads\ow6cus0p.exe[2592] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076f81492 7 bytes JMP 00000001002904bc
  481.  
  482. ---- Threads - GMER 2.1 ----
  483.  
  484. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2444] 00000000777c3e45
  485. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2888] 00000000757cf5e1
  486. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2892] 00000000757cf5e1
  487. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2896] 00000000757cf5e1
  488. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2904] 00000000757cf5e1
  489. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2912] 00000000757cf5e1
  490. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2916] 00000000757cf5e1
  491. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2920] 00000000757cf5e1
  492. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2924] 00000000757cf5e1
  493. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2928] 00000000757cf5e1
  494. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2932] 00000000757cf5e1
  495. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2936] 00000000757cf5e1
  496. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2940] 00000000757cf5e1
  497. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3612] 00000000777c3e45
  498. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3152] 00000000757cf5e1
  499. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:4032] 00000000757cf5e1
  500. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:4028] 00000000777c2e25
  501. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3992] 0000000042cf2820
  502. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3552] 00000000757cf5e1
  503. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3548] 00000000757cf5e1
  504. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3404] 00000000757cf5e1
  505. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:2460] 00000000757cf5e1
  506. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:3640] 00000000757cf5e1
  507. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:5424] 00000000757cf5e1
  508. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:524] 00000000757cf5e1
  509. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:4456] 00000000777c7111
  510. Thread D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2432:6620] 00000000757cf5e1
  511.  
  512. ---- Registry - GMER 2.1 ----
  513.  
  514. Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Yves\AppData\Local\Temp\JREInstall\x3031 1
  515.  
  516. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!