GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-26 22:59:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB Running: lev0f99y.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004428d8c 12 bytes {MOV RAX, 0xfffffa8004f402a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent 00000000774ad410 7 bytes [B8, 54, 03, 00, C0, C2, 10] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076c78791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076fd1401 2 bytes JMP 76c9b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076fd1419 2 bytes JMP 76c9b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076fd1431 2 bytes JMP 76d190f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076fd144a 2 bytes CALL 76c748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076fd14dd 2 bytes JMP 76d189ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076fd14f5 2 bytes JMP 76d18bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076fd150d 2 bytes JMP 76d188e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076fd1525 2 bytes JMP 76d18caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076fd153d 2 bytes JMP 76c8fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076fd1555 2 bytes JMP 76c96937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076fd156d 2 bytes JMP 76d191a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076fd1585 2 bytes JMP 76d18d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076fd159d 2 bytes JMP 76d188a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076fd15b5 2 bytes JMP 76c8fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076fd15cd 2 bytes JMP 76c9b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076fd16b2 2 bytes JMP 76d1906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1704] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076fd16bd 2 bytes JMP 76d18839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000731d17fa 2 bytes CALL 76c711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000731d1860 2 bytes CALL 76c711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000731d1942 2 bytes JMP 76dd6da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1972] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000731d194d 2 bytes JMP 76dde8de C:\Windows\syswow64\WS2_32.dll ? C:\Windows\system32\shgina.dll [2348] entry point in ".rdata" section 000007fefc845150 .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007765f9c1 7 bytes {MOV EDX, 0xf872e8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007765fa3d 7 bytes {MOV EDX, 0xf871a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007765fb55 7 bytes {MOV EDX, 0xf87168; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007765fc05 7 bytes {MOV EDX, 0xf87328; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007765fc35 7 bytes {MOV EDX, 0xf87268; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007765fc4d 7 bytes {MOV EDX, 0xf87128; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007765fc65 7 bytes {MOV EDX, 0xf873e8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007765fc95 7 bytes {MOV EDX, 0xf87428; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007765fd15 7 bytes {MOV EDX, 0xf873a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007765fd2d 7 bytes {MOV EDX, 0xf87368; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007765fd79 7 bytes {MOV EDX, 0xf87068; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007765fe71 7 bytes {MOV EDX, 0xf870a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000776600c9 7 bytes {MOV EDX, 0xf87028; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007766102d 7 bytes {MOV EDX, 0xf871e8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776610d5 7 bytes {MOV EDX, 0xf872a8; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007766114d 7 bytes {MOV EDX, 0xf87228; JMP RDX} .text C:\Windows\SysWOW64\ntdll.dll[2552] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077661351 7 bytes {MOV EDX, 0xf870e8; JMP RDX} ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88000ebf650] \SystemRoot\System32\Drivers\spck.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff88000ebf5dc] \SystemRoot\System32\Drivers\spck.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000e8a35c] \SystemRoot\System32\Drivers\spck.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000e8a224] \SystemRoot\System32\Drivers\spck.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000e8aa24] \SystemRoot\System32\Drivers\spck.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000e8aba0] \SystemRoot\System32\Drivers\spck.sys [unknown section] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!memset] [17baffffd632058d] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!_amsg_exit] [d8b48ffffe8dfe8] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!free] [74db85480000310c] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!_initterm] [d28e15ffcb8b4877] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!malloc] [185e8b4965ebffff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!_XcptFilter] [5cbc410e8b48] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[msvcrt.dll!memcpy] [481875233b446600] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[ntdll.dll!RtlLookupFunctionEntry] [cb8b48d68b48ffff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[ntdll.dll!RtlVirtualUnwind] [4831ebffffe133e8] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[ntdll.dll!RtlNtStatusToDosError] [d25615ff0674c985] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[ntdll.dll!RtlCaptureContext] [ffd5c70d8d48ffff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!UnhandledExceptionFilter] [d38b48c03345c933] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetCurrentProcess] [ffffe204e8ce8b48] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!TerminateProcess] [3097258d4cf88b] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [30900d8b4800] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetCurrentProcessId] [1979802b74cc3b49] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetCurrentThreadId] [4818468b49257204] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetTickCount] [d5b20d8d4c10498b] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!QueryPerformanceCounter] [ffd57f058d4cffff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!Sleep] [894800000018baff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffe82ce8202444] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!LoadLibraryExA] [b0858b481075ff85] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetModuleFileNameW] [8948cd6349000000] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetComputerNameW] [204e8d4871ebc834] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!LocalAlloc] [8d48ffffd1c215ff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetLastError] [ffffd1b815ff084e] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!LocalFree] [674c985480e8b48] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!lstrlenW] [8b48ffffd1ba15ff] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!CompareStringW] [3eb000010cce8ce] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetProcAddress] [8b3e74ff85fc8b41] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!GetProcessHeap] [ff428d000000b895] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!HeapFree] [858b482374e83b44] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!DisableThreadLibraryCalls] [49d52b41000000b0] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!FreeLibrary] [c80c8d48caffcd63] IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\shgina.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [4908518d48c2634c] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 fffffa8003a8f2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8003a8f2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 fffffa8003a8f2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8003a8f2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8003a8f2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8003a8f2c0 Device \FileSystem\Ntfs \Ntfs fffffa8003a942c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA0C173C-21C6-4189-90CD-040D770AF992} fffffa80048fa2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8004f572c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8004f422c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8004f422c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004d212c0 Device \Driver\usbohci \Device\USBPDO-6 fffffa8004f422c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004f422c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004f422c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8004f572c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8004f572c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8004f422c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8004f422c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8003a8b2c0 Device \Driver\volmgr \Device\FtControl fffffa8003a8b2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa8003a8b2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8003a8b2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8003a8b2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80048fa2c0 Device \Driver\usbohci \Device\USBFDO-6 fffffa8004f422c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004f422c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8004f572c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8003a8f2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004f422c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8003a8f2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8003a8f2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8003a8f2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a8f2c0]<< spck.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8003a8f2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b6f060] fffffa8004b6f060 Trace 3 CLASSPNP.SYS[fffff8800198c43f] -> nt!IofCallDriver -> [0xfffffa8004907660] fffffa8004907660 Trace 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-7[0xfffffa800490c060] fffffa800490c060 Trace \Driver\atapi[0xfffffa8003ae4420] -> IRP_MJ_CREATE -> 0xfffffa8003a8f2c0 fffffa8003a8f2c0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [1004:340] 000007fefb9ff2c0 Thread C:\Windows\System32\svchost.exe [1004:664] 000007fefb9a6204 Thread C:\Windows\System32\svchost.exe [1004:1120] 000007fefaa6331c Thread C:\Windows\System32\svchost.exe [1004:2228] 000007fefc9b20c0 Thread C:\Windows\System32\svchost.exe [1004:2336] 000007fefc9b26a8 Thread C:\Windows\System32\svchost.exe [1004:2492] 000007fefc9b29dc Thread C:\Windows\System32\svchost.exe [1004:2148] 000007fef64c44d0 Thread C:\Windows\System32\svchost.exe [1004:2784] 000007fefaf0818c Thread C:\Windows\system32\svchost.exe [304:2604] 000007feeeb10184 Thread C:\Windows\system32\svchost.exe [304:4268] 000007feeeb0f9c8 Thread C:\Windows\system32\svchost.exe [1160:2140] 000007fef4c95170 Thread C:\Windows\System32\svchost.exe [1100:3180] 000007fef2129688 Thread C:\Windows\SysWOW64\ntdll.dll [3668:3596] 00000000013b33c3 Thread C:\Windows\SysWOW64\ntdll.dll [3668:4496] 0000000001356b30 Thread C:\Windows\SysWOW64\ntdll.dll [3668:4560] 00000000013a7820 Thread C:\Windows\SysWOW64\ntdll.dll [2552:4804] 00000000013b33c3 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3968] 000000006fb7d5b0 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:5072] 000000006fb7d5b0 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3940] 0000000077691697 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3168] 000000006fb7d5b0 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3712] 00000000733162ce Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:4124] 0000000077697ad8 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3296] 000000006fb7d5b0 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:1548] 000000006aaaadd0 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:5480] 0000000077697ad8 Thread D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.69\deploy\LeagueClient.exe [3384:3116] 0000000077697ad8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x98 0x5B 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0xD5 0x5E 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDF 0x5C 0xFA 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x98 0x5B 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0xD5 0x5E 0xDB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDF 0x5C 0xFA 0x84 ... ---- EOF - GMER 2.2 ----