GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-15 17:30:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DL002-9TT153 rev.CC3C 931,51GB Running: 6q1xp3k8.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwrdakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1748] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764487b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1748] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075961465 2 bytes [96, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1748] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759614bb 2 bytes [96, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075961465 2 bytes [96, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759614bb 2 bytes [96, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075961465 2 bytes [96, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759614bb 2 bytes [96, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075961465 2 bytes [96, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759614bb 2 bytes [96, 75] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2764] (Dropbox Shell Extension/Dropbox, Inc.)(2012-02-15 00:32:50) 0000000010000000 Library C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [1104](2009-07-31 19:39:08) 0000000060900000 ---- EOF - GMER 2.1 ----