GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-06 20:16:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0002 596,17GB Running: w5rexspz.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\awddrkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031ba000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031ba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\FBAgent.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1492] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Windows\system32\nvvsvc.exe[1500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef668dc88 5 bytes JMP 000007fff64800d8 .text C:\Windows\system32\Dwm.exe[1900] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef668de10 5 bytes JMP 000007fff6480110 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Windows\Explorer.EXE[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074b41a22 2 bytes [B4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074b41ad0 2 bytes [B4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074b41b08 2 bytes [B4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074b41bba 2 bytes [B4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074b41bda 2 bytes [B4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2880] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Windows\System32\hkcmd.exe[2896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Windows\System32\igfxpers.exe[2148] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Windows\system32\SearchIndexer.exe[3560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\asus\Wireless Console 3\wcourier.exe[3692] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd467490 11 bytes JMP 000007fffcfd0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd47bf00 7 bytes JMP 000007fffcfd0260 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe[3976] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe[4040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe[4088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2056] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770aeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fffcfd0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0237d0 7 bytes JMP 000007fffcfd00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd028ef0 6 bytes JMP 000007fffcfd0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd03af60 5 bytes JMP 000007fffcfd0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3189e0 8 bytes JMP 000007fffcfd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff31be40 8 bytes JMP 000007fffcfd01b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1776] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3608] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076de13e1 7 bytes JMP 00000001713612ad .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076dfa2ba 1 byte [62] .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dfb1d3 5 bytes JMP 00000001713615be .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e788b4 7 bytes JMP 0000000171361357 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e78939 5 bytes JMP 00000001713616e0 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e78c8f 5 bytes JMP 0000000171361028 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ee1d1b 5 bytes JMP 00000001713611ef .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ee1dc9 5 bytes JMP 0000000171361023 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ee2aa4 5 bytes JMP 000000017136156e .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ee2d0a 5 bytes JMP 0000000171361294 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007505e96b 5 bytes JMP 00000001713615d7 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007505eba5 5 bytes JMP 00000001713611b8 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756b8a29 5 bytes JMP 0000000171361050 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756c4572 5 bytes JMP 00000001713610d2 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075275ea5 5 bytes JMP 0000000171361609 .text C:\Users\Piotr\Desktop\w5rexspz.exe[4112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752a9d0b 5 bytes JMP 0000000171361249 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd610429e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd610429e@04fe31be0ae4 0x3B 0x1C 0x16 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd610429e@70f9271cd5a9 0xE7 0x33 0xB1 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd610429e@74458a9a8061 0x08 0xAC 0x62 0x3F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd610429e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd610429e@04fe31be0ae4 0x3B 0x1C 0x16 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd610429e@70f9271cd5a9 0xE7 0x33 0xB1 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd610429e@74458a9a8061 0x08 0xAC 0x62 0x3F ... ---- EOF - GMER 2.1 ----