GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-25 13:28:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 TOSHIBA_ rev.AX0P 931,51GB Running: 936up9r8.exe; Driver: C:\Users\Adam\AppData\Local\Temp\aftcqaow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006db611a8 2 bytes [B6, 6D] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006db6127d 2 bytes CALL 751f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000006db61310 2 bytes CALL 751f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006db613a8 2 bytes [B6, 6D] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006db61422 2 bytes [B6, 6D] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2368] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006db61498 2 bytes [B6, 6D] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4696] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751f8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\system\rads_user_kernel.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751f8791 5 bytes [33, C0, C2, 04, 00] .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7521b233 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7521b35e C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75299011 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 7529890a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75298ae0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75298800 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75298bca C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7520fcc0 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75216907 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 752990c9 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75298c2a C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 752987c4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7520fd59 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7521b2f4 C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75298f8c C:\Windows\syswow64\kernel32.dll .text D:\LoL\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75298759 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\342387dc99f0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\342387dc99f0 (not active ControlSet) ---- Files - GMER 2.2 ---- File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003396 515122 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003397 327626 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003398 504599 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003390 327779 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003391 514686 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003392 327585 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003393 327389 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003394 512688 bytes File C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003395 327572 bytes ---- EOF - GMER 2.2 ----