GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-10 08:49:04 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 WDC_WD5000LPVX-75V0TT0 rev.01.01A01 465.76GB Running: dygc0s77.exe; Driver: C:\Users\UYTKOW~1\AppData\Local\Temp\fxldapod.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [7392:4136] fffff960008802d0 Thread C:\Windows\Explorer.EXE [8908:6004] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:4848] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:6724] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:7300] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:8212] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:7656] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:6452] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:5992] 000000000c08dfe0 Thread C:\Windows\Explorer.EXE [8908:5800] 000000000c08dfe0 Thread C:\Windows\system32\conhost.exe [1688:7012] 0000009a407c5f60 Thread C:\Windows\system32\conhost.exe [1688:7180] 0000009a407c5f60 Thread C:\Windows\system32\conhost.exe [1688:3172] 0000009a407c5f60 Thread C:\Windows\system32\conhost.exe [1688:6308] 0000009a3e99f3f4 Thread C:\Windows\system32\conhost.exe [1688:5504] 0000009a3e9a262c Thread C:\Windows\system32\conhost.exe [8924:9052] 00000048b6d6acc0 Thread C:\Windows\system32\conhost.exe [8924:3280] 00000048b6d6acc0 Thread C:\Windows\system32\conhost.exe [8924:2832] 00000048b6d6acc0 Thread C:\Windows\system32\conhost.exe [8924:7436] 00000048b694ed34 Thread C:\Windows\system32\conhost.exe [8924:2360] 00000048b6951f6c Thread C:\Windows\explorer.exe [6036:6764] 0000000001ee7840 Thread C:\Windows\explorer.exe [6036:5108] 0000000001ee7840 Thread C:\Windows\explorer.exe [6036:928] 0000000001ee7840 Thread C:\Windows\explorer.exe [6036:4560] 000000000005ec74 Thread C:\Windows\explorer.exe [6036:6792] 0000000000061eac Thread C:\Windows\system32\msiexec.exe [1568:7396] 0000001dc31e2820 Thread C:\Windows\system32\msiexec.exe [1568:6656] 0000001dc31e2820 Thread C:\Windows\system32\msiexec.exe [1568:4628] 0000001dc31e2820 Thread C:\Windows\system32\msiexec.exe [1568:8904] 0000001dc2eae0b4 Thread C:\Windows\system32\msiexec.exe [1568:5288] 0000001dc2eb12ec Thread C:\Windows\system32\cmd.exe [6648:6728] 000000fb4202a380 Thread C:\Windows\system32\cmd.exe [6648:8628] 000000fb4202a380 Thread C:\Windows\system32\cmd.exe [6648:448] 000000fb4202a380 Thread C:\Windows\system32\cmd.exe [6648:2224] 000000fb41cfde34 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [1340](2010-11-16 13:38:16) 00007ff72f940000 Process C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2244](2014-12-29 18:18:31) 0000000000400000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2244](2014-12-29 18:18:31) 000000006fbc0000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2244](2014-12-29 18:18:31) 000000006e940000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2244](2014-12-29 18:18:31) 000000006a1c0000 Library C:\ProgramData\Multimedia mobilNET\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe [2244](2014-12-29 18:18:31) 000000006ff00000 ---- EOF - GMER 2.1 ----