GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-11 15:55:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e Samsun_ rev.EMT0 465,76GB Running: f24r7ml8.exe; Driver: C:\Users\USER\AppData\Local\Temp\fwdyqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[952] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000771e9030 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 00000001049ba4d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 00000001049ba630 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 00000001049ba690 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 00000001049ba770 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 00000001049ba8a0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 00000001049ba990 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 00000001049baa80 ? C:\Windows\system32\mssprxy.dll [2632] entry point in ".rdata" section 000000006f1671e6 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef9a336ac 5 bytes JMP 000007fefdb001f0 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9a33770 5 bytes JMP 000007fefdb00298 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef9a338d0 5 bytes JMP 000007fefdb001b8 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9a33ca4 5 bytes JMP 000007fefdb00260 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9a33d40 5 bytes JMP 000007fefdb00228 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9a37fe0 7 bytes JMP 000007fefdb00378 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef9a3a38c 5 bytes JMP 000007fefdb002d0 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef9a549f0 5 bytes JMP 000007fefdb00308 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9a54ab0 5 bytes JMP 000007fefdb00340 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInClose 000007fef9a552e0 5 bytes JMP 000007fefdb003b0 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef9a553c0 5 bytes JMP 000007fefdb00490 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9a55454 5 bytes JMP 000007fefdb004c8 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9a55514 5 bytes JMP 000007fefdb00500 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInStart 000007fef9a555a4 6 bytes JMP 000007fefdb003e8 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInStop 000007fef9a555e4 6 bytes JMP 000007fefdb00420 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9a55624 5 bytes JMP 000007fefdb00458 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef9a5567c 5 bytes JMP 000007fefdb00538 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fefa1a6944 7 bytes JMP 000007fefdb00180 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fefa1c5a84 7 bytes JMP 000007fefdb00148 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fefa1c5b90 7 bytes JMP 000007fefdb00570 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fefa1c5c94 7 bytes JMP 000007fefdb005a8 .text C:\Windows\system\HsMgr64.exe[3096] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fefa1c5da8 5 bytes JMP 000007fefdb005e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d72abf 5 bytes JMP 00000001011531c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe[3256] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Hanys Soft\Niklaus Live\Niklaus.exe[3432] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5540] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\KERNEL32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ba4451e 5 bytes JMP 000000011000ab40 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ba44b6d 5 bytes JMP 000000011000abb0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ba44bf2 5 bytes JMP 000000011000ac90 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ba44f0f 5 bytes JMP 000000011000ac50 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ba44f7b 5 bytes JMP 000000011000ac10 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ba49054 5 bytes JMP 000000011000ad10 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ba4adf9 5 bytes JMP 000000011000abe0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ba652e8 5 bytes JMP 000000011000acd0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ba6535f 5 bytes JMP 000000011000acf0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ba659cc 5 bytes JMP 000000011000ae40 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ba65a6a 5 bytes JMP 000000011000aec0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ba65ad7 5 bytes JMP 000000011000af00 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ba65b5b 5 bytes JMP 000000011000af40 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ba65bba 5 bytes JMP 000000011000af80 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ba65bee 5 bytes JMP 000000011000b000 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ba65c22 5 bytes JMP 000000011000b060 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ba65c67 5 bytes JMP 000000011000b0d0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cb7e3d 5 bytes JMP 000000011000a690 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072cede69 5 bytes JMP 000000011000a770 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072cfd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072cfd371 5 bytes JMP 000000011000a990 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072cfd429 5 bytes JMP 000000011000aa80 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075969cff 5 bytes JMP 000000011000a4d0 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075969d42 5 bytes JMP 000000011000a630 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 751eb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 751eb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75269099 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 751c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 7526898f C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 75268b68 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 75268885 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75268c52 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 751dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 751e6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75269151 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75268cb2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 75268849 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 751dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 751eb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75269014 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\Desktop\f24r7ml8.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 752687de C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe [4688] (WebHelper/BitTorrent Inc.)(2015-12-16 20:19:25) 0000000000f00000 Process C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe [4752] (WebHelper/BitTorrent Inc.)(2015-12-16 20:19:25) 0000000000f00000 ---- EOF - GMER 2.1 ----