GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-08 18:05:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 Samsung_ rev.EMT0 111,79GB Running: 025tebkc.exe; Driver: F:\TEMP\uxrirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 76adb20b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 76adb336 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 76b58f39 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 76ab4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 76b58832 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 76b58a08 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 76b58728 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 76b58af2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 76acfc98 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 76ad68df C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 76b58ff1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 76b58b52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 76b586ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 76acfd31 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 76adb2cc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 76b58eb4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 76b58681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe[2588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000719c13b0 2 bytes JMP 751655a8 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe[2588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000719c13c0 2 bytes CALL 76879cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe[2588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 00000000719c153e 2 bytes CALL 751f7724 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe[2588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 00000000719c1553 2 bytes CALL 76ab10ff C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 76adb20b C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 76adb336 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 76b58f39 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 76ab4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 76b58832 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 76b58a08 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 76b58728 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 76b58af2 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 76acfc98 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 76ad68df C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 76b58ff1 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 76b58b52 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 76b586ec C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 76acfd31 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 76adb2cc C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 76b58eb4 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 76b58681 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 76adb20b C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 76adb336 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 76b58f39 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 76ab4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 76b58832 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 76b58a08 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 76b58728 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 76b58af2 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 76acfc98 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 76ad68df C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 76b58ff1 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 76b58b52 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 76b586ec C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 76acfd31 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 76adb2cc C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 76b58eb4 C:\Windows\syswow64\kernel32.dll .text F:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 76b58681 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [876:4800] 000007fee76f9688 ---- EOF - GMER 2.1 ----