GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-17 02:36:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000079 IRIDIUM_ rev.SAFM 223,57GB Running: log0mhsq.exe; Driver: C:\Users\ARTURM~1\AppData\Local\Temp\pwloqpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076051401 2 bytes JMP 7545b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076051419 2 bytes JMP 7545b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076051431 2 bytes JMP 754d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007605144a 2 bytes CALL 754348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760514dd 2 bytes JMP 754d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760514f5 2 bytes JMP 754d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007605150d 2 bytes JMP 754d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076051525 2 bytes JMP 754d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007605153d 2 bytes JMP 7544fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076051555 2 bytes JMP 75456937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007605156d 2 bytes JMP 754d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076051585 2 bytes JMP 754d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007605159d 2 bytes JMP 754d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760515b5 2 bytes JMP 7544fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760515cd 2 bytes JMP 7545b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760516b2 2 bytes JMP 754d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760516bd 2 bytes JMP 754d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075712bdc 5 bytes JMP 0000000000e88c60 .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076051401 2 bytes JMP 7545b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076051419 2 bytes JMP 7545b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076051431 2 bytes JMP 754d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007605144a 2 bytes CALL 754348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760514dd 2 bytes JMP 754d89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760514f5 2 bytes JMP 754d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007605150d 2 bytes JMP 754d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076051525 2 bytes JMP 754d8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007605153d 2 bytes JMP 7544fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076051555 2 bytes JMP 75456937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007605156d 2 bytes JMP 754d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076051585 2 bytes JMP 754d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007605159d 2 bytes JMP 754d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760515b5 2 bytes JMP 7544fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760515cd 2 bytes JMP 7545b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760516b2 2 bytes JMP 754d906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760516bd 2 bytes JMP 754d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076051401 2 bytes JMP 7545b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076051419 2 bytes JMP 7545b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076051431 2 bytes JMP 754d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007605144a 2 bytes CALL 754348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760514dd 2 bytes JMP 754d89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760514f5 2 bytes JMP 754d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007605150d 2 bytes JMP 754d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076051525 2 bytes JMP 754d8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007605153d 2 bytes JMP 7544fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076051555 2 bytes JMP 75456937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007605156d 2 bytes JMP 754d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076051585 2 bytes JMP 754d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007605159d 2 bytes JMP 754d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760515b5 2 bytes JMP 7544fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760515cd 2 bytes JMP 7545b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760516b2 2 bytes JMP 754d906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760516bd 2 bytes JMP 754d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076051401 2 bytes JMP 7545b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076051419 2 bytes JMP 7545b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076051431 2 bytes JMP 754d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007605144a 2 bytes CALL 754348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760514dd 2 bytes JMP 754d89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760514f5 2 bytes JMP 754d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007605150d 2 bytes JMP 754d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076051525 2 bytes JMP 754d8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007605153d 2 bytes JMP 7544fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076051555 2 bytes JMP 75456937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007605156d 2 bytes JMP 754d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076051585 2 bytes JMP 754d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007605159d 2 bytes JMP 754d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760515b5 2 bytes JMP 7544fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760515cd 2 bytes JMP 7545b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760516b2 2 bytes JMP 754d906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760516bd 2 bytes JMP 754d8839 C:\Windows\syswow64\kernel32.dll ---- Files - GMER 2.2 ---- File C:\Users\Artur Machnicki\AppData\Local\Temp\tmpC4BA.tmp 0 bytes ---- EOF - GMER 2.2 ----