GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-19 20:56:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 OCZ-AGILITY3 rev.2.15 55,90GB Running: 5vy5pb9o.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\kwrdipog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071f117fa 2 bytes CALL 750a11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071f11860 2 bytes CALL 750a11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071f11942 2 bytes JMP 75016da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071f1194d 2 bytes JMP 7501e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 750cb263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 750cb38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 751490f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 750a48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 751489ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75148bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 751488e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75148caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 750bfce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 750c6937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 751491a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75148d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 751488a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 750bfd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 750cb324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 7514906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75148839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 750cb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 750cb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 751490f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 750a48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 751489ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75148bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 751488e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75148caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 750bfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 750c6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 751491a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75148d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 751488a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 750bfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 750cb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 7514906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75148839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000076da51ed 7 bytes JMP 000000001003b3d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000076da611b 7 bytes JMP 000000001003b780 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 0000000076dac6d1 7 bytes JMP 000000001003b340 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000076defd60 7 bytes JMP 000000001003b6d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000076defd99 7 bytes JMP 000000001003b570 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000076defdbd 7 bytes JMP 000000001003b680 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 750cb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 750cb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 751490f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 750a48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 751489ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75148bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 751488e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75148caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 750bfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 750c6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 751491a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75148d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 751488a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 750bfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 750cb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 7514906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75148839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 750cb263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 750cb38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 751490f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 750a48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 751489ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75148bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 751488e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75148caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 750bfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 750c6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 751491a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75148d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 751488a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 750bfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 750cb324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 7514906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75148839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 750cb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 750cb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 751490f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 750a48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 751489ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75148bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 751488e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75148caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 750bfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 750c6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 751491a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75148d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 751488a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 750bfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 750cb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 7514906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75148839 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----