GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-24 14:13:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GB Running: gmer.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075741a22 2 bytes [74, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075741ad0 2 bytes [74, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075741b08 2 bytes [74, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075741bba 2 bytes [74, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075741bda 2 bytes [74, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076dd1465 2 bytes [DD, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076dd14bb 2 bytes [DD, 76] .text ... * 2 .text C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076dd1465 2 bytes [DD, 76] .text C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076dd14bb 2 bytes [DD, 76] .text ... * 2 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076dd1465 2 bytes [DD, 76] .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076dd14bb 2 bytes [DD, 76] .text ... * 2 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[1428] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076dd1465 2 bytes [DD, 76] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[1428] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076dd14bb 2 bytes [DD, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3012:4720] 000007fef9b49688 ---- Processes - GMER 2.1 ---- Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2604](2014-09-13 00:20:58) 0000000003ee0000 Library c:\users\damian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2tfw0h.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2604](2014-10-24 11:17:36) 0000000004340000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2604](2013-08-23 19:01:44) 00000000679e0000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2604] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000067050000 Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [1428] (Razer Configurator/Razer Inc.)(2014-07-07 09:37:22) 0000000060290000 Process C:\Users\Damian\AppData\Local\winlogon.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\winlogon.exe [2888](2011-06-11 16:00:53) 0000000000400000 Process C:\Users\Damian\AppData\Local\services.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\services.exe [3120](2011-06-11 16:00:53) 0000000000400000 Process C:\Users\Damian\AppData\Local\lsass.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\lsass.exe [3344](2011-06-11 16:00:53) 0000000000400000 Process C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.055\gmer.exe (*** suspicious ***) @ C:\Users\Damian\AppData\Local\Temp\Rar$EXa0.055\gmer.exe [680](2014-10-24 11:44:57) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----