GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-01 13:50:20 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: 78lkqm08.exe; Driver: C:\Users\Abi\AppData\Local\Temp\uxriapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefd1200b8 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefd120038 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeeb87a0 5 bytes JMP 000007fefd120138 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa39a38c 5 bytes JMP 000007fefd1202b8 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa3b4b60 5 bytes JMP 000007fefd120238 .text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa3b4ba0 5 bytes JMP 000007fefd1201b8 .text C:\Windows\system32\Dwm.exe[2816] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Windows\system32\Dwm.exe[2816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefcfb00b8 .text C:\Windows\system32\Dwm.exe[2816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefcfb0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefd1200b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefd120038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa39a38c 5 bytes JMP 000007fefd1202b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa3b4b60 5 bytes JMP 000007fefd120238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa3b4ba0 5 bytes JMP 000007fefd1201b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeeb87a0 5 bytes JMP 000007fefd120138 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefd1200b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefd120038 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeeb87a0 5 bytes JMP 000007fefd120138 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa39a38c 5 bytes JMP 000007fefd1202b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa3b4b60 5 bytes JMP 000007fefd120238 .text C:\Program Files\Elantech\ETDCtrl.exe[3156] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa3b4ba0 5 bytes JMP 000007fefd1201b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075381dd5 5 bytes JMP 00000000100027c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075381e12 5 bytes JMP 00000000100028a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075381e2c 1 byte JMP 0000000010002830 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW + 2 0000000075381e2e 3 bytes {JMP 0xffffffff9ac80a04} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076631bb2 5 bytes JMP 0000000000888c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a57fc 1 byte JMP 0000000010002900 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 00000000755a57fe 3 bytes {CALL RAX} .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075381dd5 5 bytes JMP 00000000100027c0 .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075381e12 5 bytes JMP 00000000100028a0 .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075381e2c 1 byte JMP 0000000010002830 .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW + 2 0000000075381e2e 3 bytes {JMP 0xffffffff9ac80a04} .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a57fc 1 byte JMP 0000000010002900 .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 00000000755a57fe 3 bytes {CALL RAX} .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 7539eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 753ab513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75428609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75381dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75427efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 754280d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75427df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 754281c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 7539f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 753ab885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 754286c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75428222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75427db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 7539f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 753ab29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75428584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75427d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000075381dd5 5 bytes JMP 00000000100027c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000075381e12 5 bytes JMP 00000000100028a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000075381e2c 1 byte JMP 0000000010002830 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW + 2 0000000075381e2e 3 bytes {JMP 0xffffffff9ac80a04} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a57fc 1 byte JMP 0000000010002900 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3668] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 00000000755a57fe 3 bytes {CALL RAX} .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075381dd5 5 bytes JMP 00000000100027c0 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075381e12 5 bytes JMP 00000000100028a0 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075381e2c 1 byte JMP 0000000010002830 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW + 2 0000000075381e2e 3 bytes {JMP 0xffffffff9ac80a04} .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a57fc 1 byte JMP 0000000010002900 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 00000000755a57fe 3 bytes {CALL RAX} .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 7539eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 753ab513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75428609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75381dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75427efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 754280d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75427df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 754281c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 7539f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 753ab885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 754286c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75428222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75427db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 7539f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 753ab29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75428584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75427d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreate 000000007194859d 5 bytes JMP 0000000010003ba0 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[1624] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreateEx 000000007194ebc6 5 bytes JMP 0000000010003c60 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075381dd5 5 bytes JMP 00000000100027c0 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075381e12 5 bytes JMP 00000000100028a0 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075381e2c 1 byte JMP 0000000010002830 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW + 2 0000000075381e2e 3 bytes {JMP 0xffffffff9ac80a04} .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a57fc 1 byte JMP 0000000010002900 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 00000000755a57fe 3 bytes {CALL RAX} .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes JMP 7539eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes JMP 753ab513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes JMP 75428609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes CALL 75381dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes JMP 75427efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes JMP 754280d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes JMP 75427df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes JMP 754281c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes JMP 7539f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes JMP 753ab885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes JMP 754286c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes JMP 75428222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes JMP 75427db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes JMP 7539f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes JMP 753ab29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes JMP 75428584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Abi\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes JMP 75427d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[3608] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Windows\system32\wuauclt.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefcfb00b8 .text C:\Windows\system32\wuauclt.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefcfb0038 .text C:\Windows\system32\wuauclt.exe[3608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeeb87a0 5 bytes JMP 000007fefcfb0138 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076d50420 5 bytes JMP 0000000069ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd13a330 5 bytes JMP 000007fefd1200b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd13c2b0 5 bytes JMP 000007fefd120038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa39a38c 5 bytes JMP 000007fefd1202b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa3b4b60 5 bytes JMP 000007fefd120238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2884] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa3b4ba0 5 bytes JMP 000007fefd1201b8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ef19ac Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ef19ac (not active ControlSet) ---- Files - GMER 2.2 ---- File C:\Users\Abi\AppData\Local\Firefox\Firefox\Profiles\7irwqnrp.default-1477335355283\cache2\entries\8B6A8327E6802682F6EF07A2110144F3C10F067E 20096 bytes File C:\Users\Abi\AppData\Local\Firefox\Firefox\Profiles\7irwqnrp.default-1477335355283\cache2\entries\DE8201D3EB3556028683945A0A958213C00723DE 9113 bytes File C:\Users\Abi\AppData\Local\Firefox\Firefox\Profiles\7irwqnrp.default-1477335355283\cache2\entries\98EC684000972831412E032F39FC6B4435DA6136 9174 bytes File C:\Users\Abi\AppData\Local\Firefox\Firefox\Profiles\7irwqnrp.default-1477335355283\cache2\entries\C9B7F0DF7E1CB25F53A71FA814EED9D8C383128C 19704 bytes ---- EOF - GMER 2.2 ----