GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-20 14:18:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAKS-22VYA0 rev.12.01B02 232,89GB Running: pwikcg84.exe; Driver: C:\Users\Robert\AppData\Local\Temp\uwrdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000776efa88 5 bytes JMP 0000000173a719b0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 0000000173a72066 .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75] .text ... * 2 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2956] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefd7bde90 5 bytes JMP 000007fffd7a0110 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7d7490 11 bytes JMP 000007fffd7a00d8 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef7dd36ac 5 bytes JMP 000007fefd7a01f0 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef7dd3770 5 bytes JMP 000007fefd7a0298 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef7dd38d0 5 bytes JMP 000007fefd7a01b8 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef7dd3ca4 5 bytes JMP 000007fefd7a0260 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef7dd3d40 5 bytes JMP 000007fefd7a0228 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef7dd7fe0 7 bytes JMP 000007fefd7a0378 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef7dda38c 5 bytes JMP 000007fefd7a02d0 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef7df49f0 5 bytes JMP 000007fefd7a0308 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef7df4ab0 5 bytes JMP 000007fefd7a0340 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInClose 000007fef7df52e0 5 bytes JMP 000007fefd7a03b0 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef7df53c0 5 bytes JMP 000007fefd7a0490 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef7df5454 5 bytes JMP 000007fefd7a04c8 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef7df5514 5 bytes JMP 000007fefd7a0500 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInStart 000007fef7df55a4 6 bytes JMP 000007fefd7a03e8 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInStop 000007fef7df55e4 6 bytes JMP 000007fefd7a0420 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInReset 000007fef7df5624 5 bytes JMP 000007fefd7a0458 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef7df567c 5 bytes JMP 000007fefd7a0538 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef0e06944 7 bytes JMP 000007fefd7a0180 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef0e25a84 7 bytes JMP 000007fefd7a0148 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef0e25b90 7 bytes JMP 000007fefd7a0570 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef0e25c94 7 bytes JMP 000007fefd7a05a8 .text C:\Windows\system\HsMgr64.exe[1112] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef0e25da8 5 bytes JMP 000007fefd7a05e0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[1072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75] .text ... * 2 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75] .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75] .text ... * 2 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3076] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75] .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3644] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text D:\iTunes\iTunesHelper.exe[3436] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000072f6451e 5 bytes JMP 000000011000ab40 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000072f64b6d 5 bytes JMP 000000011000abb0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000072f64bf2 5 bytes JMP 000000011000ac90 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000072f64f0f 5 bytes JMP 000000011000ac50 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000072f64f7b 5 bytes JMP 000000011000ac10 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000072f69054 5 bytes JMP 000000011000ad10 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 0000000072f6adf9 5 bytes JMP 000000011000abe0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 0000000072f852e8 5 bytes JMP 000000011000acd0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000072f8535f 5 bytes JMP 000000011000acf0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInClose 0000000072f859cc 5 bytes JMP 000000011000ae40 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000072f85a6a 5 bytes JMP 000000011000aec0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000072f85ad7 5 bytes JMP 000000011000af00 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000072f85b5b 5 bytes JMP 000000011000af40 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000072f85bba 5 bytes JMP 000000011000af80 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000072f85bee 5 bytes JMP 000000011000b000 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000072f85c22 5 bytes JMP 000000011000b060 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000072f85c67 5 bytes JMP 000000011000b0d0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000074077e3d 5 bytes JMP 000000011000a690 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000740ade69 5 bytes JMP 000000011000a770 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000740bd2c5 5 bytes JMP 000000011000a8a0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000740bd371 5 bytes JMP 000000011000a990 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000740bd429 5 bytes JMP 000000011000aa80 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075609d0b 5 bytes JMP 000000011000a4d0 .text E:\sciagane\pwikcg84.exe[10004] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075609d4e 5 bytes JMP 000000011000a630 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004101ea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\taskhost.exe [6120:5424] 000007fef172ef24 ---- Processes - GMER 2.1 ---- Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (Python Core/Python Software Foundation)(2014-03-18 11:34:05) 000000001e000000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001e8c0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 000000001e7a0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000000290000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000000250000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 00000000030d0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001e800000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 0000000002820000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 00000000035f0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:06) 0000000003720000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:06) 0000000001f00000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:06) 0000000003910000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:06) 0000000003db0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 0000000003ef0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 0000000003fc0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:08) 00000000048d0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000004b90000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000004ca0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001d100000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000002690000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000004970000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001d1a0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001ea10000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001ec80000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001e9b0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001eaa0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000004090000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 00000000026c0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580] (wxWidgets for MSW/wxWidgets development team)(2014-03-18 11:34:08) 0000000005d30000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 00000000028e0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000005d50000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:05) 000000001eb90000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 0000000005f80000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001eb60000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001e980000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001ebf0000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001ec20000 Library C:\Users\Robert\AppData\Local\Temp\_MEI29002\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3580](2014-03-18 11:34:04) 000000001ed40000 ---- Files - GMER 2.1 ---- File C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\33g5at61.default\Cache\C\E5\9B9A1d01 0 bytes File C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\33g5at61.default\Cache\F\72\A889Dd01 0 bytes ---- EOF - GMER 2.1 ----