GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-18 21:21:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-759BA1 rev.19.01H19 931,51GB Running: i0wxd9g0.exe; Driver: C:\Users\user\AppData\Local\Temp\kftcaaob.sys ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Local\Temp\_MEI38082\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (Python Core/Python Software Foundation)(2015-11-18 17:41:00) 000000001e000000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001e8c0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001e7a0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000001c50000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 00000000001f0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000010000000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001e800000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000002700000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000002f10000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxbase30u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets base library/wxWidgets development team)(2015-11-18 17:41:00) 0000000003040000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxbase30u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets network library/wxWidgets development team)(2015-11-18 17:41:00) 00000000003d0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxmsw30u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets core library/wxWidgets development team)(2015-11-18 17:41:00) 0000000003240000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxmsw30u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets advanced library/wxWidgets development team)(2015-11-18 17:41:00) 0000000003710000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000004200000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000004460000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxmsw30u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets html library/wxWidgets development team)(2015-11-18 17:41:00) 0000000003950000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000004530000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000004640000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000004700000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001d1a0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ea10000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ec80000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000001f20000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\usb_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000001f30000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ea40000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001e9b0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001d100000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 00000000027d0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\common.time34.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000001f50000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_psutil_windows.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000001f60000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001eaa0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001e980000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 00000000058c0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wxmsw30u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124] (wxWidgets webview library/wxWidgets development team)(2015-11-18 17:41:00) 0000000005900000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005920000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\_yappi.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005940000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ebf0000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005950000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005a10000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001eb90000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005a50000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001eb60000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ec20000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 000000001ed40000 Library C:\Users\user\AppData\Local\Temp\_MEI38082\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5124](2015-11-18 17:41:00) 0000000005ae0000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1sc533.dll (*** suspicious ***) @ C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6552](2015-11-18 17:43:42) 000000006db00000 ---- EOF - GMER 2.1 ----