GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-02-09 20:43:59
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038 ST500LM012_HN-M500MBB rev.2AR20003 465,76GB
Running: ly6jzl3z.exe; Driver: C:\Users\roksana\AppData\Local\Temp\fwtorpow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\windows\System32\win32k.sys!W32pServiceTable                                                                                                                      fffff960001faa00 7 bytes [00, 0C, 7E, 01, 00, B1, F2]
.text    C:\windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                  fffff960001faa08 7 bytes [01, 0A, C0, FF, 00, 66, DB]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Windows Defender\MsMpEng.exe[1048] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                     000007fde03a177a 4 bytes [3A, E0, FD, 07]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[1048] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                     000007fde03a1782 4 bytes [3A, E0, FD, 07]
.text    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3508] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                         000007fdcedb1532 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3508] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                         000007fdcedb153a 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3508] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                       000007fdcedb165a 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3508] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                             000007fdcee51b32 4 bytes [E5, CE, FD, 07]
.text    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3508] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                             000007fdcee51b3a 4 bytes [E5, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3540] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fdcedb1532 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3540] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fdcedb153a 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3540] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fdcedb165a 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                              000007fdcedb1532 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                              000007fdcedb153a 4 bytes [DB, CE, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3612] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                            000007fdcedb165a 4 bytes [DB, CE, FD, 07]
.text    C:\Windows\System32\igfxpers.exe[3908] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                  000007fde03a177a 4 bytes [3A, E0, FD, 07]
.text    C:\Windows\System32\igfxpers.exe[3908] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                  000007fde03a1782 4 bytes [3A, E0, FD, 07]

---- Threads - GMER 2.1 ----

Thread   C:\windows\system32\csrss.exe [600:624]                                                                                                                              fffff960009bf5e8
Thread   C:\windows\SYSTEM32\ntdll.dll [692:748]                                                                                                                              0000000000fd1efe
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)        000000006fbc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)  000000006e940000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)         000000006a1c0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)      000000006ff00000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)   000000006efc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1996](2013-09-29 13:41:48)          000000006ed40000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----