GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-02-24 09:01:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_650_120GB rev.FXT01B0Q 111,79GB
Running: dqyh9y45.exe; Driver: C:\Users\Rob\AppData\Local\Temp\uxriipow.sys


---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\caMyciloP\caMyciloP.exe[2496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          00000000759d1465 2 bytes [9D, 75]
.text    C:\ProgramData\caMyciloP\caMyciloP.exe[2496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         00000000759d14bb 2 bytes [9D, 75]
.text    ...                                                                                                                                           * 2
.text    C:\ProgramData\CloudPrinter\CloudPrinter.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                    00000000759d1465 2 bytes [9D, 75]
.text    C:\ProgramData\CloudPrinter\CloudPrinter.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                   00000000759d14bb 2 bytes [9D, 75]
.text    ...                                                                                                                                           * 2
.text    C:\ProgramData\caMyciloP\caMyciloP.exe[3960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          00000000759d1465 2 bytes [9D, 75]
.text    C:\ProgramData\caMyciloP\caMyciloP.exe[3960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         00000000759d14bb 2 bytes [9D, 75]
.text    ...                                                                                                                                           * 2
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\caMyciloP\caMyciloP.exe (*** suspicious ***) @ C:\ProgramData\caMyciloP\caMyciloP.exe [2496](2016-02-23 15:11:33)              0000000000060000
Process  C:\ProgramData\CloudPrinter\CloudPrinter.exe (*** suspicious ***) @ C:\ProgramData\CloudPrinter\CloudPrinter.exe [2552](2016-02-22 14:38:37)  0000000000d30000
Process  C:\Users\Rob\AppData\Local\Unocare.exe (*** suspicious ***) @ C:\Users\Rob\AppData\Local\Unocare.exe [2604](2016-02-22 14:39:11)              0000000000f00000
Process  C:\ProgramData\caMyciloP\caMyciloP.exe (*** suspicious ***) @ C:\ProgramData\caMyciloP\caMyciloP.exe [3960](2016-02-23 15:11:33)              0000000000060000
Process  C:\ProgramData\serfev\serfev.exe (*** suspicious ***) @ C:\ProgramData\serfev\serfev.exe [3432](2016-02-24 07:37:36)                          0000000000bc0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cbb58ae4627                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cbb58ae4627 (not active ControlSet)                                               

---- Files - GMER 2.1 ----

File     C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-a71e364e.exe                                                                (size mismatch) 172032/0 bytes executable

---- EOF - GMER 2.1 ----