GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-26 20:15:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST750LM022_HN-M750MBB rev.2BA30001 698,64GB Running: p3wzqbc1.exe; Driver: C:\Users\Asus\AppData\Local\Temp\fwlcqaoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000125900 7 bytes [80, 48, F3, FF, 01, 55, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000125908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe7f8830 8 bytes JMP 000007fefd1101f0 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe7fb9e0 8 bytes JMP 000007fefd1101b8 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef932dc88 5 bytes JMP 000007fef90b00d8 .text C:\Windows\system32\Dwm.exe[1376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef932de10 5 bytes JMP 000007fef90b0110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756a8b9a 5 bytes JMP 00000000732b3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076745e75 5 bytes JMP 00000000732b3730 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779cbb 5 bytes JMP 00000000732b36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000732f1003 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1232] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000732f1016 2 bytes [2F, 73] .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe7f8830 8 bytes JMP 000007fefd1101f0 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe7fb9e0 8 bytes JMP 000007fefd1101b8 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe576d10 11 bytes JMP 000007fefd110228 .text C:\Windows\system32\taskeng.exe[1592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe58b4f0 7 bytes JMP 000007fefd110260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756a8b9a 5 bytes JMP 00000000732b3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000732f1003 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000732f1016 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076745e75 5 bytes JMP 00000000732b3730 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779cbb 5 bytes JMP 00000000732b36c0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756a8b9a 5 bytes JMP 00000000732b3770 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076745e75 5 bytes JMP 00000000732b3730 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[2064] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779cbb 5 bytes JMP 00000000732b36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756a8b9a 5 bytes JMP 00000000732b3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000732f1003 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000732f1016 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076745e75 5 bytes JMP 00000000732b3730 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779cbb 5 bytes JMP 00000000732b36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756a8b9a 5 bytes JMP 00000000732b3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076745e75 5 bytes JMP 00000000732b3730 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779cbb 5 bytes JMP 00000000732b36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000732f1003 2 bytes [2F, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2644] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000732f1016 2 bytes [2F, 73] .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074fc1f0e 7 bytes JMP 00000000732b5160 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074fc5bad 7 bytes JMP 00000000732b57a0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fd1431 7 bytes JMP 00000000732b53b0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074fdea85 7 bytes JMP 00000000732b5150 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007506906c 7 bytes JMP 00000000732b4780 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000750690f1 5 bytes JMP 00000000732b4960 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075069447 5 bytes JMP 00000000732b4790 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a11e4c 5 bytes JMP 00000000732b46a0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a11efa 5 bytes JMP 00000000732b45b0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a12bdc 5 bytes JMP 00000000732b4970 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a12e7e 5 bytes JMP 00000000732b42a0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007511e74f 5 bytes JMP 00000000732b38b0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007511e989 5 bytes JMP 00000000732b38c0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756b4c48 5 bytes JMP 00000000732b4220 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756b6bdc 5 bytes JMP 00000000732b4290 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756f092e 5 bytes JMP 00000000732b35b0 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075707bec 5 bytes JMP 00000000732b4200 .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000732f1003 2 bytes [2F, 73] .text C:\Users\Asus\Desktop\p3wzqbc1.exe[1544] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000732f1016 2 bytes [2F, 73] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xA2 0x3E 0xC3 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xBD 0xE1 0xED 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@fc58fa178374 0xF1 0x75 0xA3 0x9B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xA2 0x3E 0xC3 0xA5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xBD 0xE1 0xED 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@fc58fa178374 0xF1 0x75 0xA3 0x9B ... ---- EOF - GMER 2.2 ----