GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-27 11:11:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 WDC_WD75 rev.30.0 698,64GB Running: o82ne0cp.exe; Driver: C:\Users\Niedek\AppData\Local\Temp\kwrdqpog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[740] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000770e9010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074e62bdc 5 bytes JMP 000000000123f182 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000768f9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007270451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072704b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072704bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072704f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072704f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072709054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007270adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000727252e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007272535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000727259cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072725a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072725ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072725b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072725bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072725bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072725c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072725c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1832] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000001000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[1628] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f9cbb 5 bytes JMP 000000001000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[1628] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000768f9cfe 5 bytes JMP 000000001000a630 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef81a36ac 5 bytes JMP 000007fefdde01f0 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef81a3770 5 bytes JMP 000007fefdde0298 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef81a38d0 5 bytes JMP 000007fefdde01b8 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef81a3ca4 5 bytes JMP 000007fefdde0260 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef81a3d40 5 bytes JMP 000007fefdde0228 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef81a7fe0 7 bytes JMP 000007fefdde0378 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef81aa38c 5 bytes JMP 000007fefdde02d0 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef81c49f0 5 bytes JMP 000007fefdde0308 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef81c4ab0 5 bytes JMP 000007fefdde0340 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInClose 000007fef81c52e0 5 bytes JMP 000007fefdde03b0 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef81c53c0 5 bytes JMP 000007fefdde0490 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef81c5454 5 bytes JMP 000007fefdde04c8 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef81c5514 5 bytes JMP 000007fefdde0500 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInStart 000007fef81c55a4 6 bytes JMP 000007fefdde03e8 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInStop 000007fef81c55e4 6 bytes JMP 000007fefdde0420 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInReset 000007fef81c5624 5 bytes JMP 000007fefdde0458 .text C:\Windows\system\HsMgr64.exe[2052] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef81c567c 5 bytes JMP 000007fefdde0538 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f9cbb 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000768f9cfe 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007270451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072704b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072704bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072704f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072704f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072709054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007270adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000727252e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007272535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000727259cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072725a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072725ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072725b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072725bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072725bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072725c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072725c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076291401 2 bytes JMP 76d2b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076291419 2 bytes JMP 76d2b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076291431 2 bytes JMP 76da90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007629144a 2 bytes CALL 76d048ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000762914dd 2 bytes JMP 76da89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes JMP 76da8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007629150d 2 bytes JMP 76da88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes JMP 76da8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007629153d 2 bytes JMP 76d1fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076291555 2 bytes JMP 76d26937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007629156d 2 bytes JMP 76da91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076291585 2 bytes JMP 76da8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007629159d 2 bytes JMP 76da88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000762915b5 2 bytes JMP 76d1fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000762915cd 2 bytes JMP 76d2b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes JMP 76da906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2196] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes JMP 76da8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes JMP 76d2b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes JMP 76d2b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes JMP 76da90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes CALL 76d048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes JMP 76da89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes JMP 76da8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes JMP 76da88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes JMP 76da8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes JMP 76d1fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes JMP 76d26937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes JMP 76da91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes JMP 76da8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes JMP 76da88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes JMP 76d1fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes JMP 76d2b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes JMP 76da906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\AppData\Local\Akamai\netsession_win.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes JMP 76da8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007270451e 5 bytes JMP 000000001000ab40 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072704b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072704bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072704f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072704f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072709054 5 bytes JMP 000000001000ad10 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007270adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000727252e8 5 bytes JMP 000000001000acd0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007272535f 5 bytes JMP 000000001000acf0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000727259cc 5 bytes JMP 000000001000ae40 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072725a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072725ad7 5 bytes JMP 000000001000af00 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072725b5b 5 bytes JMP 000000001000af40 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072725bba 5 bytes JMP 000000001000af80 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072725bee 5 bytes JMP 000000001000b000 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072725c22 5 bytes JMP 000000001000b060 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072725c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072747e3d 5 bytes JMP 000000001000a690 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007277de69 5 bytes JMP 000000001000a770 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007278d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007278d371 5 bytes JMP 000000001000a990 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007278d429 5 bytes JMP 000000001000aa80 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f9cbb 5 bytes JMP 000000001000a4d0 .text C:\Users\Niedek\Downloads\o82ne0cp.exe[5044] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000768f9cfe 5 bytes JMP 000000001000a630 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\taskhost.exe [1440:1576] 000007fef7522740 Thread C:\Windows\system32\taskhost.exe [1440:1632] 000007fef81a1010 Thread C:\Windows\system32\taskhost.exe [1440:3988] 000007fef6f85170 Thread C:\Windows\System32\spoolsv.exe [1448:3356] 000007fef19d10c8 Thread C:\Windows\System32\spoolsv.exe [1448:3364] 000007fef19a6144 Thread C:\Windows\System32\spoolsv.exe [1448:3368] 000007fef5ef5fd0 Thread C:\Windows\System32\spoolsv.exe [1448:3372] 000007fef17c3438 Thread C:\Windows\System32\spoolsv.exe [1448:3376] 000007fef5ef63ec Thread C:\Windows\System32\spoolsv.exe [1448:3388] 000007fef1cc5e5c Thread C:\Windows\System32\spoolsv.exe [1448:3392] 000007fef1cf5060 Thread C:\Windows\system32\svchost.exe [3716:4012] 000000006b16b5fc Thread C:\Windows\system32\svchost.exe [3716:4036] 000000006f641760 Thread C:\Windows\system32\svchost.exe [3716:2468] 000000006ad42234 Thread C:\Windows\system32\svchost.exe [3716:3272] 000000006b190398 Thread C:\Windows\system32\svchost.exe [3716:3280] 000000006b166394 ---- EOF - GMER 2.2 ----