GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-23 18:54:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d OCZ-VERT rev.1.37 55,90GB Running: u7ylh6hk.exe; Driver: C:\Users\Czarek\AppData\Local\Temp\kwrdapog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880045afd64 12 bytes {MOV RAX, 0xfffffa800771f2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1060] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076908769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070c01a22 2 bytes [C0, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070c01ad0 2 bytes [C0, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070c01b08 2 bytes [C0, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070c01bba 2 bytes [C0, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070c01bda 2 bytes [C0, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2392] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2468] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef9ce36ac 5 bytes JMP 000007fefd4301f0 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9ce3770 5 bytes JMP 000007fefd430298 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef9ce38d0 5 bytes JMP 000007fefd4301b8 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9ce3ca4 5 bytes JMP 000007fefd430260 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9ce3d40 5 bytes JMP 000007fefd430228 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9ce7fe0 7 bytes JMP 000007fefd430378 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef9cea38c 5 bytes JMP 000007fefd4302d0 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef9d049f0 5 bytes JMP 000007fefd430308 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9d04ab0 5 bytes JMP 000007fefd430340 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInClose 000007fef9d052e0 5 bytes JMP 000007fefd4303b0 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef9d053c0 5 bytes JMP 000007fefd430490 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9d05454 5 bytes JMP 000007fefd4304c8 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9d05514 5 bytes JMP 000007fefd430500 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInStart 000007fef9d055a4 6 bytes JMP 000007fefd4303e8 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInStop 000007fef9d055e4 6 bytes JMP 000007fefd430420 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9d05624 5 bytes JMP 000007fefd430458 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef9d0567c 5 bytes JMP 000007fefd430538 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef1fd6944 7 bytes JMP 000007fefd430180 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef1ff5a84 7 bytes JMP 000007fefd430148 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef1ff5b90 7 bytes JMP 000007fefd430570 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef1ff5c94 7 bytes JMP 000007fefd4305a8 .text C:\Windows\system\HsMgr64.exe[2484] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef1ff5da8 5 bytes JMP 000007fefd4305e0 .text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[2556] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32c36 4 bytes [24, D9, B9, 68] .text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[2556] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37e43 4 bytes [74, 4C, 09, 66] .text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[2556] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab75de6 4 bytes [20, EF, B9, 68] .text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Origin\Origin.exe[2856] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Users\Czarek\AppData\Roaming\uTorrent\uTorrent.exe[2876] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000771c000c 1 byte [C3] .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007724f8ea 5 bytes JMP 00000001771fd5c1 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\spotify.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074df549c 5 bytes JMP 0000000100080800 .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text F:\STEAM\Steam.exe[2936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text F:\STEAM\Steam.exe[2936] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 5 bytes JMP 0000000106b9a4d0 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 5 bytes JMP 0000000106b9a630 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 0000000106b9a690 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 0000000106b9a770 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 0000000106b9a8a0 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 0000000106b9a990 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe[2992] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 0000000106b9aa80 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 5 bytes JMP 0000000101fca4d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 5 bytes JMP 0000000101fca630 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 0000000101fcab40 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 0000000101fcabb0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 0000000101fcac90 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 0000000101fcac50 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 0000000101fcac10 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 0000000101fcad10 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 0000000101fcabe0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 0000000101fcacd0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 0000000101fcacf0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 0000000101fcae40 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 0000000101fcaec0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 0000000101fcaf00 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 0000000101fcaf40 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 0000000101fcaf80 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 0000000101fcb000 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 0000000101fcb060 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 0000000101fcb0d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 0000000101fca690 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 0000000101fca770 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 0000000101fca8a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 0000000101fca990 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3320] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 0000000101fcaa80 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3980] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 5 bytes JMP 000000010273a4d0 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 5 bytes JMP 000000010273a630 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000010273a690 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000010273a770 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000010273a8a0 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000010273a990 .text C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[4336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000010273aa80 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5712] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 5 bytes JMP 000000010438a4d0 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 5 bytes JMP 000000010438a630 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000010438a690 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000010438a770 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000010438a8a0 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000010438a990 .text C:\Users\Czarek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6872] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000010438aa80 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Users\Czarek\Desktop\OTL.exe[360] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cc1465 2 bytes [CC, 74] .text C:\Program Files (x86)\NapiProjekt\napisy.exe[6272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cc14bb 2 bytes [CC, 74] .text ... * 2 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000070c1451e 5 bytes JMP 000000011000ab40 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070c14b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070c14bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070c14f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070c14f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070c19054 5 bytes JMP 000000011000ad10 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000070c1adf9 5 bytes JMP 000000011000abe0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000070c352e8 5 bytes JMP 000000011000acd0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000070c3535f 5 bytes JMP 000000011000acf0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000070c359cc 5 bytes JMP 000000011000ae40 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070c35a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070c35ad7 5 bytes JMP 000000011000af00 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070c35b5b 5 bytes JMP 000000011000af40 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070c35bba 5 bytes JMP 000000011000af80 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070c35bee 5 bytes JMP 000000011000b000 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070c35c22 5 bytes JMP 000000011000b060 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070c35c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006a977e3d 5 bytes JMP 000000011000a690 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006a9ade69 5 bytes JMP 000000011000a770 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a9bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a9bd371 5 bytes JMP 000000011000a990 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a9bd429 5 bytes JMP 000000011000aa80 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076759d0b 3 bytes JMP 000000011000a4d0 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076759d0f 1 byte [99] .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076759d4e 3 bytes JMP 000000011000a630 .text C:\Users\Czarek\Desktop\u7ylh6hk.exe[2552] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx + 4 0000000076759d52 1 byte [99] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001073ed8] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001073c7c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001074658] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001074a54] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010748b0] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef3ff741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef3ff5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef3ff5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef3ff5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef3ff7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef3ff6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef3ff6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef3ff7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef3ff7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef3ff78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef3ff4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef3ff5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef3ff7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80069e82c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80069e82c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80069e82c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80069e82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa80069e82c0 Device \Driver\aql9ongo \Device\Scsi\aql9ongo1 fffffa80077d72c0 Device \Driver\aql9ongo \Device\Scsi\aql9ongo1Port5Path0Target0Lun0 fffffa80077d72c0 Device \FileSystem\Ntfs \Ntfs fffffa80069f22c0 Device \FileSystem\fastfat \Fat fffffa80089db2c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa80077212c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa800772d2c0 Device \Driver\USBSTOR \Device\00000088 fffffa80081632c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800772d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4CF89DBC-4FB0-4962-AFF0-E4A8632C4355} fffffa80074342c0 Device \Driver\amd_sata \Device\RaidPort0 fffffa80069ec2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800728b2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800728b2c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa800772d2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80077212c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80077212c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80077212c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa80077212c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa800772d2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800772d2c0 Device \Driver\USBSTOR \Device\00000086 fffffa80081632c0 Device \Driver\amd_sata \Device\0000005d fffffa80069ec2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80074342c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa800772d2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80077212c0 Device \Driver\amd_sata \Device\ScsiPort0 fffffa80069ec2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80077212c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80077212c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80069e82c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80069e82c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80069e82c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80069e82c0 Device \Driver\amd_sata \Device\0000005e fffffa80069ec2c0 Device \Driver\aql9ongo \Device\ScsiPort5 fffffa80077d72c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069ee2c0]<< sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys fffffa80069ee2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800723f060] fffffa800723f060 Trace 3 CLASSPNP.SYS[fffff88001a0b43f] -> nt!IofCallDriver -> [0xfffffa8007108ac0] fffffa8007108ac0 Trace \Driver\amd_xata[0xfffffa8006a04600] -> IRP_MJ_CREATE -> 0xfffffa80069ee2c0 fffffa80069ee2c0 Trace 5 amd_xata.sys[fffff88000c64d00] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa80071029c0] fffffa80071029c0 Trace \Driver\amd_sata[0xfffffa8006a03cb0] -> IRP_MJ_CREATE -> 0xfffffa80069ec2c0 fffffa80069ec2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aql9ongo.SYS fffff880046f7000-fffff88004743000 (311296 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0x39 0x0C 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0x0B 0x36 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x78 0x94 0x8F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0x39 0x0C 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0x0B 0x36 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x78 0x94 0x8F ... ---- EOF - GMER 2.1 ----