GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-04 14:21:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-08M2NA0 rev.01.01A01 931,51GB Running: 4o767eku.exe; Driver: C:\Users\MIKOAJ~1\AppData\Local\Temp\uwliypog.sys ---- User code sections - GMER 2.1 ---- .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d2000c 1 byte [C3] .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077daf50a 5 bytes JMP 0000000177d5dba1 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bb1401 2 bytes JMP 7694eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bb1419 2 bytes JMP 7695b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bb1431 2 bytes JMP 769d8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bb144a 2 bytes CALL 76931dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bb14dd 2 bytes JMP 769d7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bb14f5 2 bytes JMP 769d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bb150d 2 bytes JMP 769d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bb1525 2 bytes JMP 769d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bb153d 2 bytes JMP 7694f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bb1555 2 bytes JMP 7695b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bb156d 2 bytes JMP 769d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bb1585 2 bytes JMP 769d8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bb159d 2 bytes JMP 769d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bb15b5 2 bytes JMP 7694f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bb15cd 2 bytes JMP 7695b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bb16b2 2 bytes JMP 769d8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bb16bd 2 bytes JMP 769d7d4d C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E51E3165-3DA9-4719-BF2A-23A5CBD7055A}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1840] (Microsoft Malware Protection Engine/Microsoft Corporation)(2014-12-20 12:05:44) 000007fef78f0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2460] (SpotifyWebHelper/Spotify Ltd)(2014-12-20 13:32:36) 0000000000400000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe [1468] (Spotify/Spotify Ltd)(2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe [1468](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\spotify.exe [1468] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4420](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4420](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4420] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4420](2014-12-20 13:32:36) 00000000743e0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3188](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3188](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3188] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3188](2014-12-20 13:32:36) 00000000743e0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2408](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2408](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2408] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2408](2014-12-20 13:32:36) 00000000743e0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\D3DCompiler_46.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192] (Direct3D HLSL Compiler/Microsoft Corporation)(2014-12-20 13:32:36) 000000006e200000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libglesv2.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192](2014-12-20 13:32:36) 000000006e120000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libegl.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2192](2014-12-20 13:32:36) 00000000748b0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3004](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3004](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3004] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [3004](2014-12-20 13:32:36) 00000000743e0000 Process C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2720](2014-12-20 13:32:36) 0000000000400000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2720](2014-12-20 13:32:36) 0000000070950000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2720] (ICU Data DLL/The ICU Project)(2014-12-20 13:32:36) 000000006ffc0000 Library C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ C:\Users\Mikołaj\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [2720](2014-12-20 13:32:36) 00000000743e0000 ---- EOF - GMER 2.1 ----