GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-24 15:15:24 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465,76GB Running: bb651siw.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\axdirkoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x912D9610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x807995FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x912DA0E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x912E5F18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x912E5F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x912E60FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x912E5E86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x80799992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x912E5ECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x912DA5E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x912E60B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x912DAE9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x912D9676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x912DE596] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x807996C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x80797C12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x912D96DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x912DE98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x912DB92C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x912E5F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x912E5F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x912E6122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x912E5EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x912DDE78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x912E6036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x912E5EF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x912DE26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x912E60DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x80799822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x912DB7F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x912DB34E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x912D9742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x912D97A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x912DAD16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x912D92F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x912D94CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x912D945C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x912DB066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x912DB1C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x912D9556] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x807998EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x912DACF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x80797C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x912D980E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8079976E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x912DA800] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x807B2E00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 832C6870 4 Bytes [10, 96, 2D, 91] .text ntkrnlpa.exe!KeSetEvent + 131 832C6894 4 Bytes [FA, 95, 79, 80] {CLI ; XCHG EBP, EAX; JNS 0xffffff84} .text ntkrnlpa.exe!KeSetEvent + 191 832C68F4 4 Bytes [E6, A0, 2D, 91] .text ntkrnlpa.exe!KeSetEvent + 1D1 832C6934 8 Bytes [18, 5F, 2E, 91, 64, 5F, 2E, ...] {SBB [EDI+0x2e], BL; XCHG ECX, EAX; POP EDI; XCHG ECX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1DD 832C6940 4 Bytes [FE, 60, 2E, 91] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833F128F 5 Bytes JMP 807AFC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 8344A063 5 Bytes JMP 807B17B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83453988 4 Bytes CALL 912DBFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 834575FC 4 Bytes CALL 912DC005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 834AB90A 7 Bytes JMP 807B2E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F605000, 0x24DFB2, 0xE8000020] .text ntdll.dll!LdrLoadDll 76F59390 5 Bytes [E9, 63, 6E, 20, 89] {JMP 0x89206e68} .text ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes [E9, A7, 49, 1F, 89] {JMP 0x891f49ac} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskeng.exe[312] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[316] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wininit.exe[752] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text ... .text C:\Program Files\iPod\bin\iPodService.exe[980] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\iPod\bin\iPodService.exe[980] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\iPod\bin\iPodService.exe[980] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\iPod\bin\iPodService.exe[980] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\iPod\bin\iPodService.exe[980] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\iPod\bin\iPodService.exe[980] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\iPod\bin\iPodService.exe[980] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\iPod\bin\iPodService.exe[980] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\iPod\bin\iPodService.exe[980] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[1116] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[1116] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[1116] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[1116] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\wuauclt.exe[1116] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wuauclt.exe[1116] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wuauclt.exe[1116] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wuauclt.exe[1116] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000903FC .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00090600 .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00091014 .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00090804 .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00090A08 .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00090C0C .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00090E10 .text C:\Windows\system32\wuauclt.exe[1116] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1176] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[1360] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\unsecapp.exe[1360] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[1360] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[1360] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[1360] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[1360] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[1360] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[1360] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\AUDIODG.EXE[1416] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe[1620] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text ... .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00160600 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00161014 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00160804 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00160A08 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00160C0C .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00160E10 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[2356] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002803FC .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00280600 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00281014 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00280804 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00280A08 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00280C0C .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00280E10 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002801F8 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00290600 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00290804 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00290A08 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002901F8 .text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2528] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00190C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2640] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2688] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2700] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2700] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2700] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2700] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2700] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00120600 .text C:\Windows\system32\svchost.exe[2700] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00120804 .text C:\Windows\system32\svchost.exe[2700] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00120A08 .text C:\Windows\system32\svchost.exe[2700] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001201F8 .text C:\Windows\system32\svchost.exe[2700] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001203FC .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Windows\system32\svchost.exe[2740] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001B03FC .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 001B0600 .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 001B1014 .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 001B0804 .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 001B0A08 .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 001B0C0C .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 001B0E10 .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001B01F8 .text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 001C0600 .text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 001C0804 .text C:\Windows\system32\svchost.exe[2740] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 001C0A08 .text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001C01F8 .text C:\Windows\system32\svchost.exe[2740] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001C03FC .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2756] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 005203FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00520600 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00521014 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00520804 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00520A08 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00520C0C .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00520E10 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 005201F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00530600 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00530804 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00530A08 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 005301F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2792] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 005303FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2896] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00190600 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00190804 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00190A08 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001903FC .text C:\Windows\system32\DllHost.exe[3120] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\DllHost.exe[3120] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\DllHost.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\DllHost.exe[3120] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Windows\system32\DllHost.exe[3120] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\DllHost.exe[3120] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\DllHost.exe[3120] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\DllHost.exe[3120] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\DllHost.exe[3120] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000801F8 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001603FC .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00160600 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00161014 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00160804 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00160A08 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00160C0C .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00160E10 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001601F8 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3196] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3312] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehmsas.exe[3324] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehmsas.exe[3324] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehmsas.exe[3324] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehmsas.exe[3324] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3324] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehmsas.exe[3324] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehmsas.exe[3324] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehmsas.exe[3324] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehmsas.exe[3324] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3336] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\Network Utility\NSUService.exe[3412] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3464] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[3464] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[3464] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00280600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00280804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00280A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002801F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3508] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002803FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe[3536] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000901F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000903FC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000A03FC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000A0600 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000A1014 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000A0804 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000A0A08 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000A0C0C .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000A0E10 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000A01F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000B0600 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000B0804 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3564] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3584] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[3604] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[3604] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[3604] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3604] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3604] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3604] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3604] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3604] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3604] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001903FC .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00190600 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00191014 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00190804 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00190A08 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00190C0C .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00190E10 .text C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3636] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002601F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002603FC .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00270600 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00270804 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00270A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002703FC .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002803FC .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00280600 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00281014 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00280804 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00280A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00280C0C .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00280E10 .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[3692] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002801F8 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[3728] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\DllHost.exe[3760] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\DllHost.exe[3760] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\DllHost.exe[3760] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\DllHost.exe[3760] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Windows\system32\DllHost.exe[3760] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\DllHost.exe[3760] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\DllHost.exe[3760] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\DllHost.exe[3760] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\DllHost.exe[3760] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3772] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe[3844] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[3876] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000A01F8 .text C:\Windows\System32\svchost.exe[3876] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000A03FC .text C:\Windows\System32\svchost.exe[3876] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[3876] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\Dwm.exe[3900] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000A01F8 .text C:\Windows\system32\Dwm.exe[3900] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000A03FC .text C:\Windows\system32\Dwm.exe[3900] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\Dwm.exe[3900] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\Dwm.exe[3900] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000C0600 .text C:\Windows\system32\Dwm.exe[3900] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\Dwm.exe[3900] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\Dwm.exe[3900] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\Dwm.exe[3900] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000A03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000A0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000A1014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000A0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000A0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000A0C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000A0E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000A01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000B0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000B0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3916] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00260600 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00261014 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00260804 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00260A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00260C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00260E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00270600 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00270804 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00270A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002703FC .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000701F8 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000703FC .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000903FC .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00090600 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00090C0C .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4036] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[4052] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[4052] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[4052] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[4052] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[4052] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[4052] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[4052] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[4052] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[4052] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[4060] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Windows\Explorer.EXE[4116] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[4116] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[4116] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000B03FC .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000B0600 .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000B1014 .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000B0804 .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000B0C0C .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000B0E10 .text C:\Windows\Explorer.EXE[4116] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000B01F8 .text C:\Windows\Explorer.EXE[4116] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.EXE[4116] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.EXE[4116] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000C0A08 .text C:\Windows\Explorer.EXE[4116] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.EXE[4116] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 001C0600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 001C0804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 001C0A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001C01F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001C03FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001D03FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 001D0600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 001D1014 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 001D0804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 001D0A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 001D0C0C .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 001D0E10 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe[4228] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001D01F8 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002201F8 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002203FC .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002303FC .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00230600 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00231014 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00230804 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00230A08 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00230C0C .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00230E10 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002301F8 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00240600 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00240804 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00240A08 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002401F8 .text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4244] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002403FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00190C0C .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe[4308] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4360] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002503FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00260600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00260804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00260A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002601F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002603FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002703FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00270600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00271014 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00270804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00270A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00270C0C .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00270E10 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4372] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000803FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00080600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00081014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00080804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00080A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00080C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00080E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000801F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00090600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00090804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00090A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000901F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00190C0C .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe[4528] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002601F8 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002603FC .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00270600 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00270804 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00270A08 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002703FC .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002803FC .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00280600 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00281014 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00280804 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00280A08 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00280C0C .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00280E10 .text C:\Program Files\Apoint\ApMsgFwd.exe[4536] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4576] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4600] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Windows Defender\MSASCui.exe[4684] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[4684] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[4712] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[4712] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[4712] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[4712] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[4712] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[4712] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[4712] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[4712] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[4712] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Apoint\Apoint.exe[4864] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint\Apoint.exe[4864] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Program Files\Apoint\Apoint.exe[4864] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Apoint\Apoint.exe[4864] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00160600 .text C:\Program Files\Apoint\Apoint.exe[4864] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00160804 .text C:\Program Files\Apoint\Apoint.exe[4864] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00160A08 .text C:\Program Files\Apoint\Apoint.exe[4864] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint\Apoint.exe[4864] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001603FC .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Apoint\Apoint.exe[4864] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00190600 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00190804 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00190A08 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[4908] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001903FC .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[4952] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00160600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00160804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00160A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[5024] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00070600 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00070804 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000703FC .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00080600 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00080C0C .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[5148] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000801F8 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00190600 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00190804 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00190A08 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001901F8 .text C:\Users\Dominik\Downloads\FixitPC\bb651siw.exe[5156] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001903FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5160] kernel32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00090600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00090804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00090A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000901F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5176] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000903FC .text C:\Windows\servicing\TrustedInstaller.exe[5212] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\servicing\TrustedInstaller.exe[5212] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\servicing\TrustedInstaller.exe[5212] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\servicing\TrustedInstaller.exe[5212] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\servicing\TrustedInstaller.exe[5212] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\servicing\TrustedInstaller.exe[5212] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\servicing\TrustedInstaller.exe[5212] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\servicing\TrustedInstaller.exe[5212] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe[5336] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001803FC .text C:\Program Files\Apoint\Apntex.exe[5356] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint\Apntex.exe[5356] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001503FC .text C:\Program Files\Apoint\Apntex.exe[5356] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Apoint\Apntex.exe[5356] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00160600 .text C:\Program Files\Apoint\Apntex.exe[5356] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00160804 .text C:\Program Files\Apoint\Apntex.exe[5356] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00160A08 .text C:\Program Files\Apoint\Apntex.exe[5356] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint\Apntex.exe[5356] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001603FC .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00170600 .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00170C0C .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Apoint\Apntex.exe[5356] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001701F8 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002501F8 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002503FC .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] KERNEL32.dll!SetUnhandledExceptionFilter 7572A84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00260600 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00260804 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00260A08 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002601F8 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002603FC .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002703FC .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00270600 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00271014 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00270804 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00270A08 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00270C0C .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00270E10 .text C:\Program Files\real\realplayer\Update\realsched.exe[5436] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002701F8 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[5596] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\iTunes\iTunesHelper.exe[5596] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[5732] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00190600 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00190804 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00190A08 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Sony\Network Utility\LANUtil.exe[5808] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001903FC .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001601F8 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001603FC .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00170600 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00170804 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001703FC .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00180600 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00180C0C .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe[5876] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001801F8 .text C:\Windows\ehome\ehtray.exe[5908] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehtray.exe[5908] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehtray.exe[5908] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[5908] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[5908] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[5908] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[5908] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[5908] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[5908] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000A01F8 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000A03FC .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 000B0600 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 000B0804 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 000B0A08 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000B01F8 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000B03FC .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000C03FC .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 000C0600 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 000C1014 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 000C0804 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 000C0A08 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 000C0C0C .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 000C0E10 .text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE[5932] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000C01F8 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 002501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 002503FC .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00260600 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00260804 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00260A08 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 002601F8 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 002603FC .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 002703FC .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00270600 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00271014 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00270804 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00270A08 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00270C0C .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00270E10 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[5972] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 002701F8 .text C:\Windows\system32\WUDFHost.exe[6028] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000601F8 .text C:\Windows\system32\WUDFHost.exe[6028] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000603FC .text C:\Windows\system32\WUDFHost.exe[6028] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\WUDFHost.exe[6028] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\WUDFHost.exe[6028] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Windows\system32\WUDFHost.exe[6028] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\WUDFHost.exe[6028] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\WUDFHost.exe[6028] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\WUDFHost.exe[6028] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 000701F8 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 000703FC .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 00080600 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 00080804 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 000803FC .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 000903FC .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00090600 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00090C0C .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[6056] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 000901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ntdll.dll!LdrLoadDll 76F59390 5 Bytes JMP 001701F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ntdll.dll!LdrUnloadDll 76F6BA50 5 Bytes JMP 001703FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] KERNEL32.dll!GetBinaryTypeW + 70 75752247 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!CreateServiceW 76EA9EB4 5 Bytes JMP 001903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!DeleteService 76EAA07E 5 Bytes JMP 00190600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!SetServiceObjectSecurity 76EE6CD9 5 Bytes JMP 00191014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!ChangeServiceConfigA 76EE6DD9 5 Bytes JMP 00190804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!ChangeServiceConfigW 76EE6F81 5 Bytes JMP 00190A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!ChangeServiceConfig2A 76EE7099 5 Bytes JMP 00190C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!ChangeServiceConfig2W 76EE71E1 5 Bytes JMP 00190E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] ADVAPI32.dll!CreateServiceA 76EE72A1 5 Bytes JMP 001901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] USER32.dll!SetWindowsHookExA 75D06322 5 Bytes JMP 001A0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] USER32.dll!SetWindowsHookExW 75D087AD 5 Bytes JMP 001A0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] USER32.dll!UnhookWindowsHookEx 75D098DB 5 Bytes JMP 001A0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] USER32.dll!SetWinEventHook 75D09F3A 5 Bytes JMP 001A01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6080] USER32.dll!UnhookWinEvent 75D0C06F 5 Bytes JMP 001A03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[796] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002 IAT C:\Windows\system32\services.exe[796] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [724D0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[5160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [724D0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb4849f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbf20b8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214ff694f0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x7E 0xA5 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA2 0x58 0x9B 0x35 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x33 0x8D 0x0B 0xFF ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x13 0x5D 0x5D 0x15 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00214fb4849f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00214fbf20b8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00214ff694f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x7E 0xA5 0x08 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x6F 0x91 0xB5 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA2 0x58 0x9B 0x35 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR@SkuComponents ??????????????????????????y?????? ?? ??????????????????????????????????????? ?????????????????????????????s????????? ?????????????????????????????s???????????????????s????????? ?????????????????????????????s????????? ?????????????????????????????s???????????????????????????????????????s????????? ???????????????? ???????????????????????????????????????e????????????????????????????????????????????????????s???????????????????s???????"?????????????Word.Document.12??????????????????????????????????????s???????????????????s?????????,?????????????????????????????s?????????,?????????????????????????????s?????????,???????????????????,???????????????????,???????????????????,?????????????????????????????s?????????,???????????????? ??????????????????????????????*????????e????*?????????URL:OneNote Protocol????????????????????????? ??????????????????????????????????&???????????????????????? ??????????????????????????????t??? ???????2?????t?????????C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE?????(?????????Set ---- EOF - GMER 2.1 ----