GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-29 13:49:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332062 rev.3.AE 298,09GB Running: igw3o3le.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxrorpod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070911a22 2 bytes [91, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070911ad0 2 bytes [91, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070911b08 2 bytes [91, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070911bba 2 bytes [91, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070911bda 2 bytes [91, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b21465 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b214bb 2 bytes [B2, 75] .text ... * 2 ---- Modules - GMER 2.2 ---- Module \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys fffff880031c3000-fffff880031d1000 (57344 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 15224 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 8687 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{48183CCE-C7A7-4725-83E7-B35DA030E522}@LeaseObtainedTime 1485692765 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{48183CCE-C7A7-4725-83E7-B35DA030E522}@T1 1485692892 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{48183CCE-C7A7-4725-83E7-B35DA030E522}@T2 1485692988 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{48183CCE-C7A7-4725-83E7-B35DA030E522}@LeaseTerminatesTime 1485693020 ---- Files - GMER 2.2 ---- ADS C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys 47304 bytes executable <-- ROOTKIT !!! ADS C:\Program Files (x86)\UCBrowser\Security:x64 739728 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:x86 602512 bytes executable File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d 0 bytes File C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007a 0 bytes ADS C:\Windows\System32\drivers:ucdrv-x64.sys 47304 bytes executable ADS C:\Windows\System32\drivers:x64 739728 bytes executable ADS C:\Windows\System32\drivers:x86 602512 bytes executable ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----