GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-07 18:52:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-009BA0 rev.15.01H15 931,51GB Running: jhnmqgsg.exe; Driver: C:\Users\123\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2ab1 5 bytes JMP 0000000100c9f046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2844] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefef6de90 5 bytes JMP 000007fffee80110 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef874a0 11 bytes JMP 000007fffee800d8 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef9a936ac 5 bytes JMP 000007fefee801f0 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9a93770 5 bytes JMP 000007fefee80298 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef9a938d0 5 bytes JMP 000007fefee801b8 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9a93ca4 5 bytes JMP 000007fefee80260 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9a93d40 5 bytes JMP 000007fefee80228 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9a97fe0 7 bytes JMP 000007fefee80378 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef9a9a38c 5 bytes JMP 000007fefee802d0 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef9ab49f0 5 bytes JMP 000007fefee80308 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9ab4ab0 5 bytes JMP 000007fefee80340 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInClose 000007fef9ab52e0 5 bytes JMP 000007fefee803b0 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef9ab53c0 5 bytes JMP 000007fefee80490 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9ab5454 5 bytes JMP 000007fefee804c8 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9ab5514 5 bytes JMP 000007fefee80500 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInStart 000007fef9ab55a4 6 bytes JMP 000007fefee803e8 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInStop 000007fef9ab55e4 6 bytes JMP 000007fefee80420 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9ab5624 5 bytes JMP 000007fefee80458 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef9ab567c 5 bytes JMP 000007fefee80538 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef38d6944 7 bytes JMP 000007fefee80180 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef38f5a84 7 bytes JMP 000007fefee80148 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef38f5b90 7 bytes JMP 000007fefee80570 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef38f5c94 7 bytes JMP 000007fefee805a8 .text C:\Windows\system\HsMgr64.exe[2856] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef38f5da8 5 bytes JMP 000007fefee805e0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Users\123\AppData\Local\GG\Application\gghub.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077611401 2 bytes JMP 7537b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077611419 2 bytes JMP 7537b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077611431 2 bytes JMP 753f8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007761144a 2 bytes CALL 75354885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776114dd 2 bytes JMP 753f8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776114f5 2 bytes JMP 753f8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007761150d 2 bytes JMP 753f8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077611525 2 bytes JMP 753f8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007761153d 2 bytes JMP 7536fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077611555 2 bytes JMP 753768df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007761156d 2 bytes JMP 753f8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077611585 2 bytes JMP 753f8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007761159d 2 bytes JMP 753f86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776115b5 2 bytes JMP 7536fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776115cd 2 bytes JMP 7537b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776116b2 2 bytes JMP 753f8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776116bd 2 bytes JMP 753f8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006c6a11a8 2 bytes [6A, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006c6a127d 2 bytes CALL 753514b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000006c6a1310 2 bytes CALL 753514b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006c6a13a8 2 bytes [6A, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006c6a1422 2 bytes [6A, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1760] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006c6a1498 2 bytes [6A, 6C] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000077611401 2 bytes JMP 7537b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000077611419 2 bytes JMP 7537b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000077611431 2 bytes JMP 753f8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007761144a 2 bytes CALL 75354885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000776114dd 2 bytes JMP 753f8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000776114f5 2 bytes JMP 753f8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007761150d 2 bytes JMP 753f8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000077611525 2 bytes JMP 753f8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007761153d 2 bytes JMP 7536fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000077611555 2 bytes JMP 753768df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007761156d 2 bytes JMP 753f8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000077611585 2 bytes JMP 753f8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007761159d 2 bytes JMP 753f86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000776115b5 2 bytes JMP 7536fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000776115cd 2 bytes JMP 7537b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000776116b2 2 bytes JMP 753f8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000776116bd 2 bytes JMP 753f8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3108] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 00000001021fa4d0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 00000001021fa630 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 00000001021fab40 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 00000001021fabb0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 00000001021fac90 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 00000001021fac50 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 00000001021fac10 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 00000001021fad10 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 00000001021fabe0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 00000001021facd0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 00000001021facf0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 00000001021fae40 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 00000001021faec0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 00000001021faf00 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 00000001021faf40 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 00000001021faf80 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 00000001021fb000 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 00000001021fb060 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 00000001021fb0d0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 00000001021fa690 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 00000001021fa770 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 00000001021fa8a0 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 00000001021fa990 .text C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe[3800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 00000001021faa80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3932] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Users\123\AppData\Local\GG\Application\ggdrive\ggdrive.exe[3660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076cd9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076cd9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007361451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000073614b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000073614bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000073614f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000073614f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000073619054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007361adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000736352e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007363535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000736359cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073635a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073635ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073635b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073635bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073635bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073635c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073635c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073597e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000735cde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000735dd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000735dd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000735dd429 5 bytes JMP 000000011000aa80 ---- Processes - GMER 2.1 ---- Library C:\Users\123\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2016] (GG drive menu/GG Network S.A.)(2014-05 000000005ff80000 ---- EOF - GMER 2.1 ----