GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-02 22:32:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964042 rev.0001 596,17GB Running: b85q2k81.exe; Driver: C:\Users\SigmaAZ\AppData\Local\Temp\uwloypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000154900 7 bytes [00, 99, F3, FF, 41, AC, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000154908 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ca1401 2 bytes JMP 75b9b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ca1419 2 bytes JMP 75b9b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ca1431 2 bytes JMP 75c18ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ca144a 2 bytes CALL 75b748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ca14dd 2 bytes JMP 75c187a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ca14f5 2 bytes JMP 75c18978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ca150d 2 bytes JMP 75c18698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ca1525 2 bytes JMP 75c18a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ca153d 2 bytes JMP 75b8fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ca1555 2 bytes JMP 75b968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ca156d 2 bytes JMP 75c18f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ca1585 2 bytes JMP 75c18ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ca159d 2 bytes JMP 75c1865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ca15b5 2 bytes JMP 75b8fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ca15cd 2 bytes JMP 75b9b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ca16b2 2 bytes JMP 75c18e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ca16bd 2 bytes JMP 75c185f1 C:\Windows\syswow64\kernel32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80042a42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{61B33E24-C3FC-4A36-B684-4B6ABBBE0795} fffffa8007b232c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F2CFCDF5-874E-4A8A-9B65-0AF8CE06BCBF} fffffa8007b232c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007de32c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007b1d2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007de32c0 Device \Driver\dtsoftbus01 \Device\00000085 fffffa8007a862c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8007a862c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5B4D3E9D-3704-4068-9B3C-B8EB10E11A22} fffffa8007b232c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007de32c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007b232c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007de32c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2948:5612] 000007feec599688 ---- EOF - GMER 2.1 ----