GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-16 13:45:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f Intel___ rev.1.0. 465,77GB Running: l3w855jw.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077091401 2 bytes JMP 76bfb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077091419 2 bytes JMP 76bfb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077091431 2 bytes JMP 76c78f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007709144a 2 bytes CALL 76bd489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000770914dd 2 bytes JMP 76c78822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000770914f5 2 bytes JMP 76c789f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007709150d 2 bytes JMP 76c78718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077091525 2 bytes JMP 76c78ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007709153d 2 bytes JMP 76befca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077091555 2 bytes JMP 76bf68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007709156d 2 bytes JMP 76c78fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077091585 2 bytes JMP 76c78b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007709159d 2 bytes JMP 76c786dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000770915b5 2 bytes JMP 76befd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000770915cd 2 bytes JMP 76bfb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000770916b2 2 bytes JMP 76c78ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1772] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000770916bd 2 bytes JMP 76c78671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076952ab1 5 bytes JMP 0000000100382dcc .text C:\Program Files (x86)\Gyrocom\Prodigy 7.1 X-Fi\Volume Panel\VolPanlu.exe[3580] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 000000006bdd13b0 2 bytes JMP 75ad5660 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Gyrocom\Prodigy 7.1 X-Fi\Volume Panel\VolPanlu.exe[3580] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 000000006bdd13c0 2 bytes CALL 74f99cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Program Files (x86)\Gyrocom\Prodigy 7.1 X-Fi\Volume Panel\VolPanlu.exe[3580] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000006bdd153e 2 bytes CALL 75b67794 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Gyrocom\Prodigy 7.1 X-Fi\Volume Panel\VolPanlu.exe[3580] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 000000006bdd1553 2 bytes CALL 76bd10ff C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[3588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 000000006bdd13b0 2 bytes JMP 75ad5660 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[3588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 000000006bdd13c0 2 bytes CALL 74f99cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\rundll32.exe[3588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000006bdd153e 2 bytes CALL 75b67794 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[3588] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 000000006bdd1553 2 bytes CALL 76bd10ff C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077091401 2 bytes JMP 76bfb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077091419 2 bytes JMP 76bfb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077091431 2 bytes JMP 76c78f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007709144a 2 bytes CALL 76bd489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770914dd 2 bytes JMP 76c78822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770914f5 2 bytes JMP 76c789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007709150d 2 bytes JMP 76c78718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077091525 2 bytes JMP 76c78ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007709153d 2 bytes JMP 76befca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077091555 2 bytes JMP 76bf68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007709156d 2 bytes JMP 76c78fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077091585 2 bytes JMP 76c78b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007709159d 2 bytes JMP 76c786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770915b5 2 bytes JMP 76befd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770915cd 2 bytes JMP 76bfb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770916b2 2 bytes JMP 76c78ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770916bd 2 bytes JMP 76c78671 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077091401 2 bytes JMP 76bfb21b C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077091419 2 bytes JMP 76bfb346 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077091431 2 bytes JMP 76c78f29 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007709144a 2 bytes CALL 76bd489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770914dd 2 bytes JMP 76c78822 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770914f5 2 bytes JMP 76c789f8 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007709150d 2 bytes JMP 76c78718 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077091525 2 bytes JMP 76c78ae2 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007709153d 2 bytes JMP 76befca8 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077091555 2 bytes JMP 76bf68ef C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007709156d 2 bytes JMP 76c78fe3 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077091585 2 bytes JMP 76c78b42 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007709159d 2 bytes JMP 76c786dc C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770915b5 2 bytes JMP 76befd41 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770915cd 2 bytes JMP 76bfb2dc C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770916b2 2 bytes JMP 76c78ea4 C:\Windows\syswow64\kernel32.dll .text c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770916bd 2 bytes JMP 76c78671 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----