GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-29 12:07:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22A23T0 rev.01.01A01 298.09GB Running: 4g5g2055.exe; Driver: C:\Users\BAZYL\AppData\Local\Temp\uwloqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075771465 2 bytes [77, 75] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757714bb 2 bytes [77, 75] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002350] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [10003450] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[1712] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1020:1516] 000007fef5b50ea8 Thread C:\Windows\system32\svchost.exe [1020:1680] 000007fef5b49db0 Thread C:\Windows\system32\svchost.exe [1020:1664] 000007fef5b4aa10 Thread C:\Windows\system32\svchost.exe [1020:1676] 000007fef5b51c94 Thread C:\Windows\system32\svchost.exe [1020:2576] 000007fef220d3c8 Thread C:\Windows\system32\svchost.exe [1020:3092] 000007fef220d3c8 Thread C:\Windows\system32\svchost.exe [1020:3128] 000007fef220d3c8 Thread C:\Windows\system32\svchost.exe [1020:3252] 000007fef220d3c8 Thread C:\Windows\system32\svchost.exe [1072:1124] 000007fefad6341c Thread C:\Windows\system32\svchost.exe [1072:1136] 000007fefad63a2c Thread C:\Windows\system32\svchost.exe [1072:1140] 000007fefad65c20 Thread C:\Windows\system32\svchost.exe [1072:1144] 000007fefad63768 Thread C:\Windows\system32\svchost.exe [1072:1152] 000007fefad1bd88 Thread C:\Windows\system32\svchost.exe [1072:4060] 000007fefad63900 Thread C:\Windows\system32\svchost.exe [1072:4572] 000007fef92d5170 Thread C:\Windows\system32\svchost.exe [1072:4608] 000007fefaa45124 Thread C:\Windows\System32\spoolsv.exe [1388:1748] 000007fef95710c8 Thread C:\Windows\System32\spoolsv.exe [1388:1768] 000007fef9286144 Thread C:\Windows\System32\spoolsv.exe [1388:1772] 000007fef9075fd0 Thread C:\Windows\System32\spoolsv.exe [1388:1780] 000007fef9063438 Thread C:\Windows\System32\spoolsv.exe [1388:1784] 000007fef90763ec Thread C:\Windows\System32\spoolsv.exe [1388:1792] 000007fef9695e5c Thread C:\Windows\System32\spoolsv.exe [1388:1796] 000007fef9745074 Thread C:\Program Files\Windows Sidebar\sidebar.exe [2364:3332] 000007fef3f5d920 Thread C:\Program Files\Windows Sidebar\sidebar.exe [2364:3648] 000007fef3701c48 Thread C:\Program Files\Windows Sidebar\sidebar.exe [2364:3696] 000007fef3701c48 Thread C:\Program Files\Windows Sidebar\sidebar.exe [2364:3936] 000007fef3701c48 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3572] 0000000074761730 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3580] 00000000725232a0 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3584] 0000000072533ac0 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3588] 000000007247b1a0 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3592] 0000000072474ba0 Thread C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe [2604:3856] 00000000732562ee Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4052:4320] 000007fefbbc2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4052:4316] 000007feeffd4830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4052:4552] 000007fefaa45124 Thread C:\Windows\System32\svchost.exe [4852:2488] 000007fef0d79688 ---- EOF - GMER 2.1 ----