GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-23 17:49:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000076 Samsung_ rev.EMT0 465,76GB Running: n9hvgtfu.exe; Driver: C:\Users\USER\AppData\Local\Temp\kwriqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[2324] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ae2451e 5 bytes JMP 000000001000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ae24b6d 5 bytes JMP 000000001000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ae24bf2 5 bytes JMP 000000001000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ae24f0f 5 bytes JMP 000000001000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ae24f7b 5 bytes JMP 000000001000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ae29054 5 bytes JMP 000000001000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ae2adf9 5 bytes JMP 000000001000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ae452e8 5 bytes JMP 000000001000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ae4535f 5 bytes JMP 000000001000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ae459cc 5 bytes JMP 000000001000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ae45a6a 5 bytes JMP 000000001000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ae45ad7 5 bytes JMP 000000001000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ae45b5b 5 bytes JMP 000000001000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ae45bba 5 bytes JMP 000000001000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ae45bee 5 bytes JMP 000000001000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ae45c22 5 bytes JMP 000000001000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ae45c67 5 bytes JMP 000000001000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef9dc36ac 5 bytes JMP 000007feff2701f0 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9dc3770 5 bytes JMP 000007feff270298 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef9dc38d0 5 bytes JMP 000007feff2701b8 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9dc3ca4 5 bytes JMP 000007feff270260 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9dc3d40 5 bytes JMP 000007feff270228 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9dc7fe0 7 bytes JMP 000007feff270378 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef9dca38c 5 bytes JMP 000007feff2702d0 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef9de49f0 5 bytes JMP 000007feff270308 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9de4ab0 5 bytes JMP 000007feff270340 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInClose 000007fef9de52e0 5 bytes JMP 000007feff2703b0 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef9de53c0 5 bytes JMP 000007feff270490 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9de5454 5 bytes JMP 000007feff2704c8 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9de5514 5 bytes JMP 000007feff270500 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInStart 000007fef9de55a4 6 bytes JMP 000007feff2703e8 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInStop 000007fef9de55e4 6 bytes JMP 000007feff270420 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9de5624 5 bytes JMP 000007feff270458 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef9de567c 5 bytes JMP 000007feff270538 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef40b6944 7 bytes JMP 000007feff270180 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef40d5a84 7 bytes JMP 000007feff270148 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef40d5b90 7 bytes JMP 000007feff270570 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef40d5c94 7 bytes JMP 000007feff2705a8 .text C:\Windows\system\HsMgr64.exe[2960] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef40d5da8 5 bytes JMP 000007feff2705e0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ae2451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ae24b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ae24bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ae24f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ae24f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ae29054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ae2adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ae452e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ae4535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ae459cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ae45a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ae45ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ae45b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ae45bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ae45bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ae45c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ae45c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[1560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076452bdc 1 byte JMP 0000000073588fe0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 2 0000000076452bde 3 bytes {JMP QWORD [RBX+0x13]} .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076452e7e 5 bytes JMP 000000007358904a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ae2451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ae24b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ae24bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ae24f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ae24f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ae29054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ae2adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ae452e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ae4535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ae459cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ae45a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ae45ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ae45b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ae45bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ae45bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ae45c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ae45c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ae2451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ae24b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ae24bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ae24f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ae24f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ae29054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ae2adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ae452e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ae4535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ae459cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ae45a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ae45ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ae45b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ae45bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ae45bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ae45c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ae45c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730817fa 2 bytes CALL 753a11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073081860 2 bytes CALL 753a11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073081942 2 bytes JMP 76496da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007308194d 2 bytes JMP 7649e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ae2451e 5 bytes JMP 000000001000ab40 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ae24b6d 5 bytes JMP 000000001000abb0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ae24bf2 5 bytes JMP 000000001000ac90 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ae24f0f 5 bytes JMP 000000001000ac50 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ae24f7b 5 bytes JMP 000000001000ac10 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ae29054 5 bytes JMP 000000001000ad10 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ae2adf9 5 bytes JMP 000000001000abe0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ae452e8 5 bytes JMP 000000001000acd0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ae4535f 5 bytes JMP 000000001000acf0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ae459cc 5 bytes JMP 000000001000ae40 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ae45a6a 5 bytes JMP 000000001000aec0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ae45ad7 5 bytes JMP 000000001000af00 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ae45b5b 5 bytes JMP 000000001000af40 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ae45bba 5 bytes JMP 000000001000af80 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ae45bee 5 bytes JMP 000000001000b000 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ae45c22 5 bytes JMP 000000001000b060 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ae45c67 5 bytes JMP 000000001000b0d0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074427e3d 5 bytes JMP 000000001000a690 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007445de69 5 bytes JMP 000000001000a770 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007446d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007446d371 5 bytes JMP 000000001000a990 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007446d429 5 bytes JMP 000000001000aa80 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773b9cbb 5 bytes JMP 000000001000a4d0 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000773b9cfe 5 bytes JMP 000000001000a630 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075521401 2 bytes JMP 753cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075521419 2 bytes JMP 753cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075521431 2 bytes JMP 75449149 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007552144a 2 bytes CALL 753a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755214dd 2 bytes JMP 75448a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755214f5 2 bytes JMP 75448c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007552150d 2 bytes JMP 75448938 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075521525 2 bytes JMP 75448d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007552153d 2 bytes JMP 753bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075521555 2 bytes JMP 753c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007552156d 2 bytes JMP 75449201 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075521585 2 bytes JMP 75448d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007552159d 2 bytes JMP 754488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755215b5 2 bytes JMP 753bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755215cd 2 bytes JMP 753cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755216b2 2 bytes JMP 754490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\n9hvgtfu.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755216bd 2 bytes JMP 75448891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\mfevtps.exe[2816] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f7f2080] C:\Windows\system32\mfevtps.exe ---- EOF - GMER 2.2 ----