GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-19 00:55:29 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b PLEXTOR_PX-128M6V rev.1.01 119,24GB Running: tebn8tkd.exe; Driver: C:\Users\Joanna\AppData\Local\Temp\awrdqaog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001de300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960001de310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[USER32.dll!GetWindowBand] [6c00b4b0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[USER32.dll!PeekMessageW] [6c025f80] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[USER32.dll!TileWindows] [6c00b450] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[USER32.dll!CascadeWindows] [6c00b3f0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[dwmapi.dll!DwmEnableBlurBehindWindow] [6c023ab0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\Explorer.EXE[dwmapi.dll!DwmSetWindowAttribute] [6c00b1a0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!GetSystemMetrics] [6c009ed0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!PostMessageW] [6c024720] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!TrackPopupMenu] [6c024a00] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!SetCursorPos] [6c024ba0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll IAT C:\Windows\Explorer.EXE[1268] @ C:\Windows\SYSTEM32\twinui.dll[dwmapi.dll!DwmSetWindowAttribute] [6c024bf0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [544:604] fffff960008762d0 ---- Processes - GMER 2.1 ---- Library c:\users\joanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgpz0to.dll (*** suspicious ***) @ C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5332](2015-10-18 22:46:08) 0000000073170000 ---- EOF - GMER 2.1 ----