GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-08 20:58:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 INTEL_SSDSC2CW120A3 rev.400i 111,79GB Running: 4gsjivuk.exe; Driver: C:\Users\dmk\AppData\Local\Temp\pxtdapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\HitmanPro\HitmanPro.exe[2000] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7b23c0 5 bytes JMP 000007feff7a0010 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2700] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\uTorrent.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 76bbb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 76bbb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 76c390f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 76b948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 76c389ea C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 76c38bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 76c388e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 76c38caa C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 76bafce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 76bb6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 76c391a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 76c38d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 76c388a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 76bafd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 76bbb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 76c3906c C:\Windows\syswow64\kernel32.dll .text C:\Users\dmk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 76c38839 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----