GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-11 00:46:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: xn791k51.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\awrdypog.sys ---- User code sections - GMER 2.2 ---- .text D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.70\deploy\LoLPatcher.exe[2328] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ab8781 5 bytes [33, C0, C2, 04, 00] .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076071401 2 bytes JMP 75adb21b C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076071419 2 bytes JMP 75adb346 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076071431 2 bytes JMP 75b58fd1 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007607144a 2 bytes CALL 75ab489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760714dd 2 bytes JMP 75b588c4 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760714f5 2 bytes JMP 75b58aa0 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007607150d 2 bytes JMP 75b587ba C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076071525 2 bytes JMP 75b58b8a C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007607153d 2 bytes JMP 75acfca8 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076071555 2 bytes JMP 75ad68ef C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007607156d 2 bytes JMP 75b59089 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076071585 2 bytes JMP 75b58bea C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007607159d 2 bytes JMP 75b5877e C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760715b5 2 bytes JMP 75acfd41 C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760715cd 2 bytes JMP 75adb2dc C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760716b2 2 bytes JMP 75b58f4c C:\Windows\syswow64\kernel32.dll .text D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.230\deploy\LolClient.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760716bd 2 bytes JMP 75b58713 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [772:1480] 000007fefcac4af4 Thread C:\Windows\System32\svchost.exe [872:368] 000007fefbaaf2c0 Thread C:\Windows\System32\svchost.exe [872:344] 000007fefbd26204 Thread C:\Windows\System32\svchost.exe [872:1080] 000007fefa785428 Thread C:\Windows\System32\svchost.exe [872:2744] 000007fefb292070 Thread C:\Windows\System32\svchost.exe [872:2052] 000007fef6ec6b8c Thread C:\Windows\System32\svchost.exe [872:1772] 000007fef6ec1d88 Thread C:\Windows\System32\svchost.exe [916:968] 000007fefb2a331c Thread C:\Windows\System32\svchost.exe [916:2088] 000007fef6ee20c0 Thread C:\Windows\System32\svchost.exe [916:2120] 000007fef6ee26a8 Thread C:\Windows\System32\svchost.exe [916:2248] 000007fef6ee29dc Thread C:\Windows\System32\svchost.exe [916:2796] 000007fef94f89b8 Thread C:\Windows\System32\svchost.exe [916:2928] 000007fef84944d0 Thread C:\Windows\system32\svchost.exe [956:988] 000007fefb940184 Thread C:\Windows\system32\svchost.exe [956:992] 000007fefb93f9c8 Thread C:\Windows\system32\svchost.exe [956:2332] 000007fef69c0ea8 Thread C:\Windows\system32\svchost.exe [956:2356] 000007fef69b9db0 Thread C:\Windows\system32\svchost.exe [956:2468] 000007fef69c1c94 Thread C:\Windows\system32\svchost.exe [956:2688] 000007fef69baa10 Thread C:\Windows\system32\svchost.exe [996:1256] 000007fefa2e1a50 Thread C:\Windows\system32\svchost.exe [996:856] 000007fef726506c Thread C:\Windows\system32\svchost.exe [996:2304] 000007fef7c81c20 Thread C:\Windows\system32\svchost.exe [996:2528] 000007fef7c81c20 Thread C:\Windows\system32\svchost.exe [996:2568] 000007fef9535124 Thread C:\Windows\system32\svchost.exe [256:268] 000007fefb408274 Thread C:\Windows\system32\svchost.exe [256:1512] 000007fefb408274 Thread C:\Windows\system32\svchost.exe [1052:1120] 000007fefa63341c Thread C:\Windows\system32\svchost.exe [1052:1168] 000007fefa633a2c Thread C:\Windows\system32\svchost.exe [1052:1172] 000007fefa633768 Thread C:\Windows\system32\svchost.exe [1052:1180] 000007fefa635c20 Thread C:\Windows\system32\svchost.exe [1052:1708] 000007fef959bd70 Thread C:\Windows\system32\svchost.exe [1052:2852] 000007fef78c5170 Thread C:\Windows\system32\svchost.exe [1052:1224] 000007fefa633900 Thread C:\Windows\system32\svchost.exe [1052:380] 000007fef9535124 Thread C:\Windows\System32\spoolsv.exe [1276:1860] 000007fef8b410c8 Thread C:\Windows\System32\spoolsv.exe [1276:1928] 000007fef89d6144 Thread C:\Windows\System32\spoolsv.exe [1276:1932] 000007fef87c5fd0 Thread C:\Windows\System32\spoolsv.exe [1276:1936] 000007fef87b3438 Thread C:\Windows\System32\spoolsv.exe [1276:1940] 000007fef87c63ec Thread C:\Windows\System32\spoolsv.exe [1276:1964] 000007fef7b25e5c Thread C:\Windows\System32\spoolsv.exe [1276:1968] 000007fef7b55074 Thread C:\Windows\system32\svchost.exe [1304:2156] 000007fef6d02940 Thread C:\Windows\system32\svchost.exe [1304:2196] 000007fef6cd2888 Thread C:\Windows\system32\svchost.exe [1304:2736] 000007fef6cd2a40 Thread C:\Windows\System32\svchost.exe [1432:1540] 000007fef9dd0360 Thread C:\Windows\System32\svchost.exe [1432:1548] 000007fef9dae460 Thread C:\Windows\System32\svchost.exe [1432:1556] 000007fef9dae450 Thread C:\Windows\System32\svchost.exe [1432:1560] 000007fef9d75570 Thread C:\Windows\System32\svchost.exe [1432:1564] 000007fef9daa130 Thread C:\Windows\System32\svchost.exe [1432:1568] 000007fef9d75560 Thread C:\Windows\System32\svchost.exe [1432:1572] 000007fef9df82a0 Thread C:\Windows\system32\Dwm.exe [1744:1876] 000007fef934f110 Thread C:\Windows\system32\Dwm.exe [1744:1888] 000007fef8aeabf0 Thread C:\Windows\System32\svchost.exe [2716:1476] 000007fef2349688 Thread C:\Users\Adrian\Desktop\FixMouseLMB.exe [1924:644] 000007fef02ed820 Thread C:\Users\Adrian\Desktop\FixMouseLMB.exe [1924:2096] 000007fef0200250 Thread C:\Users\Adrian\Desktop\FixMouseLMB.exe [1924:2012] 000007fefbf82af8 Thread C:\Windows\system32\DllHost.exe [2912:2444] 000007fefdcac608 Thread C:\Windows\system32\DllHost.exe [2912:2316] 000007fefbf82af8 Thread C:\Windows\system32\DllHost.exe [2912:1600] 000007feec1a0410 ---- Files - GMER 2.2 ---- File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\doomed\3974 1355 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\A5026E040C825E653FF2830A8CD2A368DA3716C7 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\874A9D3B6B0A940BD880B086FB348439C2250516 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\879B1B589ED42991D8ED8250D4DE1CB6E262CA78 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\4CDC5FF700B3AA2371643FF0ACB4A7E99587D05F 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\E588AD522E14479044172D6363A7D8F2891394AB 6088 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\715904C3FB25AC745C070ADA077258FFA6B82BAC 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\147314662308CCE462A042333F960DB046AD0C9A 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\028B7CB2A14480D86694D18EF7E16F73E54EF974 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\48FF37B2392CF99121F1DD6108FD5ED281FB521D 5993 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\492841C5AC8A9B81BC949D30E2FDFEF2C5BB800A 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\5E6F2880B389AD311CDD09CFA8AC4E9F773AF82B 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\7AEE488F7D8F3FA67468CE9ECC21BEE5231C1C29 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\BD6A0875D0BB12DD5AC91921024B4697CB216BD3 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\ED97CF24CA7EB459F82649FF1606AE0190E8545C 5100 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\z3c1j1tm.default-1470581698766\cache2\entries\915AB004E311949A9432C82CB3EA4316211E07A9 0 bytes ---- EOF - GMER 2.2 ----