GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-26 15:50:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: egi92sux.exe; Driver: C:\Users\ALEKSA~1\AppData\Local\Temp\kwdyakod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Windows\System32\igfxpers.exe[3328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3336] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe[3616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Users\Aleksandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3720] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Windows\system32\wbem\unsecapp.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[3288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text E:\LOL\League of Legends\RADS\system\rads_user_kernel.exe[4260] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text E:\LOL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe[2092] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 0000000174961d00 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 0000000174961c80 .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076471465 2 bytes [47, 76] .text E:\LOL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764714bb 2 bytes [47, 76] .text ... * 2 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e1efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e499b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e594d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e59640 5 bytes JMP 000000016fff0110 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e7a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[6176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf7490 11 bytes JMP 000007fffd030228 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0bf00 7 bytes JMP 000007fffd030260 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9289e0 8 bytes JMP 000007fffd0301f0 .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe92be40 8 bytes JMP 000007fffd0301b8 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762213e1 7 bytes JMP 0000000174961eb0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007623b1d3 5 bytes JMP 0000000174961dc0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762b88b4 7 bytes JMP 0000000174961db0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762b8939 5 bytes JMP 0000000174961ea0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762b8c8f 5 bytes JMP 0000000174961e30 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b01d1b 5 bytes JMP 00000001749624b0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b01dc9 5 bytes JMP 0000000174962510 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b02aa4 5 bytes JMP 0000000174962580 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b02d0a 5 bytes JMP 00000001749626f0 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000763de9a2 5 bytes JMP 0000000174961a10 .text C:\Users\Aleksandra\Downloads\egi92sux.exe[7060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000763debdc 5 bytes JMP 0000000174961aa0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [2892:3052] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:3056] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:3060] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:3064] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:3068] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:1764] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2080] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2164] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2172] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:1120] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:1152] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2168] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:1096] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2328] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:1468] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2352] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2196] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2304] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2388] 000000006fe48f08 Thread C:\Windows\SysWOW64\rundll32.exe [2892:2480] 000000006fe48f08 Thread C:\Windows\SysWOW64\ntdll.dll [3296:1480] 00000000009b4643 Thread C:\Windows\SysWOW64\ntdll.dll [3296:3696] 000000006a0fb8a6 Thread C:\Windows\SysWOW64\ntdll.dll [3296:3580] 000000006a0fbafd Thread C:\Windows\SysWOW64\ntdll.dll [3296:3700] 000000006a0fb3b5 Thread C:\Windows\SysWOW64\ntdll.dll [3296:3704] 000000007353786a ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}\Connection@Name isatap.{76004860-98D6-4A0F-84B6-BEBD7FCA79DF} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{124594A7-A352-4995-BCA2-41225EB905D1}?\Device\{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}?\Device\{934B7738-53C9-42DE-B0F4-DE229138961C}?\Device\{7A2FB06D-5CBE-4B96-813C-BD9C2AE63834}?\Device\{5F0CFCB7-C2B2-429E-BA40-EB8E138CB58C}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{124594A7-A352-4995-BCA2-41225EB905D1}"?"{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}"?"{934B7738-53C9-42DE-B0F4-DE229138961C}"?"{7A2FB06D-5CBE-4B96-813C-BD9C2AE63834}"?"{5F0CFCB7-C2B2-429E-BA40-EB8E138CB58C}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{124594A7-A352-4995-BCA2-41225EB905D1}?\Device\TCPIP6TUNNEL_{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}?\Device\TCPIP6TUNNEL_{934B7738-53C9-42DE-B0F4-DE229138961C}?\Device\TCPIP6TUNNEL_{7A2FB06D-5CBE-4B96-813C-BD9C2AE63834}?\Device\TCPIP6TUNNEL_{5F0CFCB7-C2B2-429E-BA40-EB8E138CB58C}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}@InterfaceName isatap.{76004860-98D6-4A0F-84B6-BEBD7FCA79DF} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4DF65FD6-CA6F-446A-BC5A-20D1E5662AB8}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 16917 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.0.1 ---- Files - GMER 2.1 ---- File C:\Users\Aleksandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P36XITN\featured[3].json 9764 bytes ---- EOF - GMER 2.1 ----