GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-08 20:31:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 1863,02GB Running: x22u1smu.exe; Driver: C:\Users\User\AppData\Local\Temp\kxroapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033ee000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800033ee02e 17 bytes [44, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2364] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2364] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachiii\hamachi-2-ui.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\LogMeIn Hamachiii\hamachi-2-ui.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072531a22 2 bytes [53, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072531ad0 2 bytes [53, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072531b08 2 bytes [53, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072531bba 2 bytes [53, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072531bda 2 bytes [53, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text c:\program files (x86)\common files\installshield\updateservice\isuspm.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text c:\program files (x86)\common files\installshield\updateservice\isuspm.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2364](2014-07-21 20:53:38) 0000000003c40000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkav6g.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2364](2014-08-08 16:07:49) 0000000004090000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2364](2013-10-18 23:55:02) 0000000068810000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2364] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000067e80000 Library C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2728](2009-06-27 08:11:12) 0000000060900000 Library Ì÷”à]H (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [2172] 000007fef7a60000 ---- EOF - GMER 2.1 ----