GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-06 08:17:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c HGST_HTS541010A9E680 rev.JA0OA710 931,51GB Running: wzjur5rm.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgldipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe[908] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe[908] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe[908] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe[908] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe[936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe[936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe[936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe[936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe[2024] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe[2024] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe[2024] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe[2024] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe[1080] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe[1080] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe[1080] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe[1080] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1268] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1268] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1268] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1268] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[2824] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[2824] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[2824] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[2824] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[3364] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[3364] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[3364] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[3364] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[3384] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[3384] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[3384] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[3384] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Windows\System32\igfxpers.exe[3476] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Windows\System32\igfxpers.exe[3476] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Windows\System32\igfxpers.exe[3476] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Windows\System32\igfxpers.exe[3476] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3584] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe684b169a 4 bytes [4B, 68, FE, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3584] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe684b16a2 4 bytes [4B, 68, FE, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3584] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe684b181a 4 bytes [4B, 68, FE, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3584] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe684b1832 4 bytes [4B, 68, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [612:620] fffff96000906b90 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1400] (Windows SysTool Service/SysTool PasSame LIMITED)(2015-02-03 12:54:50) 0000000001300000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----