GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-11 16:49:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01 465,76GB Running: yrckkk7q.exe; Driver: C:\Users\JADZIA~1\AppData\Local\Temp\ugldrpob.sys ---- User code sections - GMER 2.1 ---- .text ... * 2 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003003000 69 bytes [8B, 84, 24, 98, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 600 fffff80003003048 5 bytes [0F, BF, 82, C4, 01] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:3316] 000007fefe570168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:3836] 000007fefb132a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:4244] 000007fef089d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:5164] 000007fef9b65124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:5700] 000007fef0839730 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:5704] 000007fef089d618 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 17886 ---- EOF - GMER 2.1 ----