GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-02-12 10:44:06 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006f WDC_WD32 rev.01.0 Running: iwr3o8oy.exe; Driver: C:\Users\WOJCIE~1\AppData\Local\Temp\pxldqpow.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DCC57A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-12 11:34:36 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006f WDC_WD32 rev.01.0 Running: iwr3o8oy.exe; Driver: C:\Users\WOJCIE~1\AppData\Local\Temp\pxldqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D838FC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DCB1510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D83B456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D83B4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D83B5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D83B3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D83B4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D83B400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D83B572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D838FE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DCB15C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D838DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D83900C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D83B9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D839AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D83B486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D83B4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D83B5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D83B3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D83B53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D83B42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D83B59C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DCB1658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D83996A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D839030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D839054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D838E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D838F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D838F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D838F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D839078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DCC57A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83043369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83083D80 4 Bytes [C4, 8F, 83, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83083DA8 4 Bytes [10, 15, CB, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83083E5C 8 Bytes [56, B4, 83, 8D, AE, B4, 83, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83083E68 4 Bytes [C4, B5, 83, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83083E84 4 Bytes [AC, B3, 83, 8D] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83210BE8 5 Bytes JMP 8DCC269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 832291D0 5 Bytes JMP 8DCC4174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323E317 4 Bytes CALL 8D83A025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832580E9 4 Bytes CALL 8D83A03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 832E1F30 7 Bytes JMP 8DCC57A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E41A000, 0x35356D, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A52EC000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A52EC123 629 Bytes [75, 2E, A5, FE, 05, 34, 75, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A52EC399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A52EC3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A52EC4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... .text kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\Dwm.exe[292] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[292] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[292] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[292] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00130A08 .text C:\Windows\system32\Dwm.exe[292] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001303FC .text C:\Windows\system32\Dwm.exe[292] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00130804 .text C:\Windows\system32\Dwm.exe[292] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001301F8 .text C:\Windows\system32\Dwm.exe[292] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00130600 .text C:\Windows\Explorer.EXE[324] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[324] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[324] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[324] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[324] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[324] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[324] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[324] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00110600 .text C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[500] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[500] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[500] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[576] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[584] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[612] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00050600 .text C:\Windows\System32\spoolsv.exe[680] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[680] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[680] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[680] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00090A08 .text C:\Windows\System32\spoolsv.exe[680] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000903FC .text C:\Windows\System32\spoolsv.exe[680] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00090804 .text C:\Windows\System32\spoolsv.exe[680] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000901F8 .text C:\Windows\System32\spoolsv.exe[680] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[724] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[724] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001D0A08 .text C:\Windows\system32\svchost.exe[724] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001D03FC .text C:\Windows\system32\svchost.exe[724] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001D0804 .text C:\Windows\system32\svchost.exe[724] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001D01F8 .text C:\Windows\system32\svchost.exe[724] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001D0600 .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[804] user32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00480A08 .text C:\Windows\system32\svchost.exe[804] user32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 004803FC .text C:\Windows\system32\svchost.exe[804] user32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00480804 .text C:\Windows\system32\svchost.exe[804] user32.dll!SetWinEventHook 765824DC 5 Bytes JMP 004801F8 .text C:\Windows\system32\svchost.exe[804] user32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00480600 .text C:\Windows\system32\atiesrxx.exe[864] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Windows\system32\atiesrxx.exe[864] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Windows\system32\atiesrxx.exe[864] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[864] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00180A08 .text C:\Windows\system32\atiesrxx.exe[864] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001803FC .text C:\Windows\system32\atiesrxx.exe[864] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00180804 .text C:\Windows\system32\atiesrxx.exe[864] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001801F8 .text C:\Windows\system32\atiesrxx.exe[864] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00180600 .text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00400A08 .text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 004003FC .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00400804 .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 004001F8 .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00400600 .text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00520A08 .text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 005203FC .text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00520804 .text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 005201F8 .text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00520600 .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00C70A08 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 00C703FC .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00C70804 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 00C701F8 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00C70600 .text C:\Windows\system32\taskhost.exe[1096] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[1096] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1096] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[1096] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[1096] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[1096] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[1096] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000E0600 .text C:\Windows\system32\AUDIODG.EXE[1104] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00630A08 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 006303FC .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00630804 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 006301F8 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00630600 .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00280A08 .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002803FC .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00280804 .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002801F8 .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00280600 .text C:\Windows\system32\atieclxx.exe[1248] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Windows\system32\atieclxx.exe[1248] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Windows\system32\atieclxx.exe[1248] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1248] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\atieclxx.exe[1248] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\atieclxx.exe[1248] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\atieclxx.exe[1248] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\atieclxx.exe[1248] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 01440A08 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 014403FC .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 01440804 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 014401F8 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 01440600 .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001A0A08 .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001A03FC .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001A0804 .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001A01F8 .text C:\Program Files\Sony\VAIO Update Common\VUAgent.exe[1364] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001A0600 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtCreateFile + 6 777355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtCreateFile + B 777355D3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtMapViewOfSection + 6 77735C2E 1 Byte [28] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtMapViewOfSection + 6 77735C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtMapViewOfSection + B 77735C33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenFile + 6 77735CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenFile + B 77735CE3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcess + 6 77735D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcess + B 77735D93 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessToken + B 77735DA3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessTokenEx + 6 77735DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenProcessTokenEx + B 77735DB3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThread + 6 77735E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThread + B 77735E13 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadToken + 6 77735E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadToken + B 77735E23 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtOpenThreadTokenEx + B 77735E33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryAttributesFile + 6 77735F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryAttributesFile + B 77735F43 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtQueryFullAttributesFile + B 77735FF3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationFile + 6 7773663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationFile + B 77736643 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationThread + 6 7773669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtSetInformationThread + B 777366A3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 1 Byte [68] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!NtUnmapViewOfSection + B 777369C3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000903FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000901F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00230A08 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002303FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00230804 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002301F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[1472] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00230600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7749F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Internet Explorer\IELowutil.exe[1596] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002003FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00200804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002001F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[2052] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\taskeng.exe[2060] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2060] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2060] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2060] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\taskeng.exe[2060] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Windows\system32\taskeng.exe[2060] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\taskeng.exe[2060] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\taskeng.exe[2060] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2144] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2148] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2148] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2148] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000703FC .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000701F8 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2184] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00090A08 .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00090804 .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2236] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00090600 .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00090A08 .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00090804 .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2260] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00090600 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002003FC .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00200804 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002001F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2308] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2348] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\lxebcoms.exe[2432] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Windows\system32\lxebcoms.exe[2432] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Windows\system32\lxebcoms.exe[2432] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\lxebcoms.exe[2432] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00180A08 .text C:\Windows\system32\lxebcoms.exe[2432] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001803FC .text C:\Windows\system32\lxebcoms.exe[2432] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00180804 .text C:\Windows\system32\lxebcoms.exe[2432] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001801F8 .text C:\Windows\system32\lxebcoms.exe[2432] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00180600 .text C:\Windows\System32\svchost.exe[2504] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2504] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2504] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00220A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002203FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00220804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002201F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe[2540] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00220600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2564] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00300A08 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 003003FC .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00300804 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 003001F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2592] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00300600 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[2612] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00790A08 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 007903FC .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00790804 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 007901F8 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2652] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00790600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00250A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002503FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00250804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002501F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[2660] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00250600 .text C:\Windows\system32\NOTEPAD.EXE[2728] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[2776] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\wbem\wmiprvse.exe[2780] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[2780] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2780] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2780] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2780] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000903FC .text C:\Windows\system32\wbem\wmiprvse.exe[2780] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\wbem\wmiprvse.exe[2780] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2780] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[2808] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2808] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2808] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2832] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtCreateFile + 6 777355CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtCreateFile + B 777355D3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtMapViewOfSection + 6 77735C2E 1 Byte [28] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtMapViewOfSection + 6 77735C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtMapViewOfSection + B 77735C33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenFile + 6 77735CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenFile + B 77735CE3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcess + 6 77735D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcess + B 77735D93 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessToken + B 77735DA3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessTokenEx + 6 77735DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenProcessTokenEx + B 77735DB3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThread + 6 77735E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThread + B 77735E13 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadToken + 6 77735E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadToken + B 77735E23 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtOpenThreadTokenEx + B 77735E33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryAttributesFile + 6 77735F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryAttributesFile + B 77735F43 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtQueryFullAttributesFile + B 77735FF3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationFile + 6 7773663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationFile + B 77736643 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationThread + 6 7773669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtSetInformationThread + B 777366A3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 1 Byte [68] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!NtUnmapViewOfSection + B 777369C3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001903FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001901F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001C0A08 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001C03FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001C0804 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001C01F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[2884] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001C0600 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2912] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe[3008] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3032] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + 6 777355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + B 777355D3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 77735C2E 1 Byte [28] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 77735C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + B 77735C33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + 6 77735CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + B 77735CE3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + 6 77735D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + B 77735D93 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessToken + B 77735DA3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + 6 77735DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + B 77735DB3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + 6 77735E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + B 77735E13 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + 6 77735E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + B 77735E23 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadTokenEx + B 77735E33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + 6 77735F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + B 77735F43 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryFullAttributesFile + B 77735FF3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + 6 7773663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + B 77736643 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + 6 7773669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + B 777366A3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 1 Byte [68] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + B 777369C3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000903FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000901F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00130A08 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001303FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00130804 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001301F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00130600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000A0A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000A03FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000A0804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000A01F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3116] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000A0600 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3156] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00250A08 .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002503FC .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00250804 .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002501F8 .text C:\Program Files\Sony\Media Gallery\ElbServer.exe[3172] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00250600 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3180] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] ntdll.dll!DbgBreakPoint 7772410C 1 Byte [C3] .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00250A08 .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002503FC .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00250804 .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002501F8 .text C:\Program Files\Sony\Media Gallery\VRLPHelper.exe[3192] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00250600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00350A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 003503FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00350804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 003501F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3200] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00350600 .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3208] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3360] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00080804 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000801F8 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[3456] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00080600 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[3576] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\DllHost.exe[3660] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000503FC .text C:\Windows\system32\DllHost.exe[3660] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\DllHost.exe[3660] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\DllHost.exe[3660] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\DllHost.exe[3660] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\DllHost.exe[3660] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\DllHost.exe[3660] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\DllHost.exe[3660] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000E0600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00140804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3680] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00140600 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3700] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[3836] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3888] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00250A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002503FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00250804 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002501F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[3928] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00250600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4012] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002F03FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 002F0804 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe[4148] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 002F0600 .text C:\Windows\system32\SearchIndexer.exe[4308] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[4308] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[4308] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4308] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00110A08 .text C:\Windows\system32\SearchIndexer.exe[4308] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001103FC .text C:\Windows\system32\SearchIndexer.exe[4308] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00110804 .text C:\Windows\system32\SearchIndexer.exe[4308] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001101F8 .text C:\Windows\system32\SearchIndexer.exe[4308] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[4392] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4392] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4392] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[4472] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4472] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4472] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[4472] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00180A08 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00180804 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00180600 .text C:\Windows\System32\svchost.exe[4836] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[4836] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[4836] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[4836] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00190A08 .text C:\Windows\System32\svchost.exe[4836] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001903FC .text C:\Windows\System32\svchost.exe[4836] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00190804 .text C:\Windows\System32\svchost.exe[4836] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001901F8 .text C:\Windows\System32\svchost.exe[4836] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00190600 .text C:\Windows\servicing\TrustedInstaller.exe[4860] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000503FC .text C:\Windows\servicing\TrustedInstaller.exe[4860] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000501F8 .text C:\Windows\servicing\TrustedInstaller.exe[4860] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[4860] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\servicing\TrustedInstaller.exe[4860] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Windows\servicing\TrustedInstaller.exe[4860] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Windows\servicing\TrustedInstaller.exe[4860] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Windows\servicing\TrustedInstaller.exe[4860] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Windows\system32\sppsvc.exe[5024] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000703FC .text C:\Windows\system32\sppsvc.exe[5024] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\sppsvc.exe[5024] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[5024] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00420A08 .text C:\Windows\system32\sppsvc.exe[5024] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 004203FC .text C:\Windows\system32\sppsvc.exe[5024] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00420804 .text C:\Windows\system32\sppsvc.exe[5024] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 004201F8 .text C:\Windows\system32\sppsvc.exe[5024] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00420600 .text C:\Users\Wojciech Podemski\Downloads\iwr3o8oy.exe[5048] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00240A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002403FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00240804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002401F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5076] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00240600 .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001803FC .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00180804 .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001801F8 .text C:\Program Files\Sony\VAIO Care\listener.exe[5116] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00180600 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002003FC .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00200804 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002001F8 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[5152] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00200600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5280] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5476] KERNEL32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 001703FC .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 002003FC .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 00200804 .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 002001F8 .text C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe[5484] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 00200600 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000603FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000601F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000F0A08 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000F03FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000F0804 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000F01F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5632] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000F0600 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + 6 777355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + B 777355D3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 77735C2E 1 Byte [28] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 77735C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + B 77735C33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + 6 77735CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + B 77735CE3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + 6 77735D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + B 77735D93 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + B 77735DA3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + 6 77735DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + B 77735DB3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + 6 77735E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + B 77735E13 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + 6 77735E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + B 77735E23 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + B 77735E33 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + 6 77735F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + B 77735F43 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + B 77735FF3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + 6 7773663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + B 77736643 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + 6 7773669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + B 777366A3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 1 Byte [68] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 777369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + B 777369C3 1 Byte [E2] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!LdrUnloadDll 7774C86E 5 Bytes JMP 000903FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!LdrLoadDll 7775223E 5 Bytes JMP 000901F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] kernel32.dll!GetBinaryTypeW + 70 774B69F4 1 Byte [62] .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] USER32.dll!UnhookWindowsHookEx 7657ADF9 5 Bytes JMP 000D0A08 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] USER32.dll!UnhookWinEvent 7657B750 5 Bytes JMP 000D03FC .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] USER32.dll!SetWindowsHookExW 7657E30C 5 Bytes JMP 000D0804 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] USER32.dll!SetWinEventHook 765824DC 5 Bytes JMP 000D01F8 .text C:\Users\Wojciech Podemski\AppData\Local\Google\Chrome\Application\chrome.exe[5668] USER32.dll!SetWindowsHookExA 765A6D0C 5 Bytes JMP 000D0600 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9db6eaf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9db6eaf@001fde8e4b70 0x04 0xFD 0x17 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9db6eaf@9463d1300c0f 0xDC 0x32 0x72 0x40 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9db6eaf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9db6eaf@001fde8e4b70 0x04 0xFD 0x17 0xD7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9db6eaf@9463d1300c0f 0xDC 0x32 0x72 0x40 ... ---- EOF - GMER 1.0.15 ----