GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-20 13:42:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC47 931,51GB Running: cell7lik.exe; Driver: C:\Users\BDZ\AppData\Local\Temp\kxldqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[840] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077789040 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[1004] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!DispatchMessageW 000000007543788b 5 bytes JMP 000000006125b710 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075437bcb 5 bytes JMP 000000006125b6e0 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075438a39 5 bytes JMP 000000006125c120 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075438e5e 5 bytes JMP 000000006125b880 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075439a65 5 bytes JMP 000000006125b850 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007543d23e 5 bytes JMP 000000006125bfe0 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000754405ca 5 bytes JMP 000000006125ba60 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075440e0b 5 bytes JMP 000000006125b740 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075441351 5 bytes JMP 000000006125bb40 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075441371 5 bytes JMP 000000006125bae0 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 00000000754428ea 5 bytes JMP 000000006125bf60 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075444206 5 bytes JMP 000000006125b000 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075445f84 5 bytes JMP 000000006125ba00 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075447b4b 5 bytes JMP 000000006125bac0 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!AnimateWindow 000000007544b541 5 bytes JMP 000000006125b900 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 000000007544ba5a 5 bytes JMP 000000006125be90 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!WindowFromPoint 000000007545ed32 5 bytes JMP 000000006125b020 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!SetCapture 000000007545ed76 5 bytes JMP 000000006125b9e0 .text C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe[3164] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007545f190 5 bytes JMP 000000006125b9a0 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes JMP 7639b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes JMP 7639b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes JMP 76419011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes JMP 7641890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes JMP 76418ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes JMP 76418800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes JMP 76418bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes JMP 7638fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes JMP 76396907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes JMP 764190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes JMP 76418c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes JMP 764187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes JMP 7638fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes JMP 7639b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes JMP 76418f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes JMP 76418759 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----