GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-13 22:24:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SPCC_Solid_State_Disk rev.S9FM02.5 111,79GB Running: c3e47lfu.exe; Driver: C:\Users\MIOSZ~1\AppData\Local\Temp\uwkdrpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\Explorer.EXE[1544] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007795dbf0 5 bytes JMP 00000000044b0018 .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 7722b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 7722b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 772a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 772048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 772a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 772a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 772a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 772a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 7721fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 77226937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 772a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 772a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 772a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 7721fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 7722b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 772a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Wolcacfent\Loxera.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 772a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 7722b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 7722b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 772a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 772048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 772a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 772a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 772a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 772a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 7721fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 77226937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 772a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 772a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 772a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 7721fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 7722b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 772a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mi這sz\AppData\Roaming\Fuwijoagky\Zeqamh.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 772a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 7722b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 7722b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 772a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 772048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 772a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 772a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 772a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 772a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 7721fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 77226937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 772a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 772a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 772a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 7721fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 7722b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 772a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 772a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 7722b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 7722b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 772a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 772048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 772a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 772a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 772a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 772a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 7721fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 77226937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 772a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 772a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 772a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 7721fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 7722b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 772a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 772a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 7722b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 7722b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 772a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 772048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 772a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 772a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 772a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 772a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 7721fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 77226937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 772a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 772a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 772a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 7721fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 7722b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 772a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 772a8839 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70da9f8f8 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70da9f8f8 (not active ControlSet) ---- EOF - GMER 2.2 ----