GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-26 19:45:35 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3500320AS rev.SD04 465,76GB Running: wcub8ck2.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\ugloapod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8CFF36F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8CFF3820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8CFF3010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8CFF34E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8CFF3300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8CFF33F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8CFF3120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8CFF3210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8CFF35F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 82E3DB55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E77BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82E7F23C 2 Bytes [F0, 36] .text ntkrnlpa.exe!KeRemoveQueueEx + 135A 82E7F23F 3 Bytes [8C, 20, 38] .text ntkrnlpa.exe!KeRemoveQueueEx + 135E 82E7F243 1 Byte [8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82E7F284 4 Bytes [10, 30, FF, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 82E7F2A4 4 Bytes [E0, 34, FF, 8C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9721C000, 0x18A676, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[1980] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 8C, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 8F, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 8C, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 8D, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcessToken + 6 77575E86 4 Bytes CALL 76585518 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 8E, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 8D, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 8E, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThreadTokenEx + 6 77575F16 4 Bytes CALL 765855A9 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 8C, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtQueryFullAttributesFile + 6 775760D6 4 Bytes CALL 76585767 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 8D, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 8E, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 8F, F6, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[2112] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text D:\Program Files\WTFast\WTFast.exe[2696] ntdll.dll!DbgBreakPoint 775640E0 1 Byte [C3] .text D:\Program Files\WTFast\WTFast.exe[2696] ntdll.dll!DbgUiRemoteBreakin 775CF5F3 5 Bytes JMP 7758E6B0 C:\Windows\SYSTEM32\ntdll.dll .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!SetScrollRange 74C08EC5 5 Bytes JMP 00EF6F25 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!GetScrollInfo 74C12DA3 5 Bytes JMP 00EF6EAC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!SetScrollInfo 74C148DA 5 Bytes JMP 00EF6F62 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!GetScrollRange 74C3045A 5 Bytes JMP 00EF6E43 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!SetScrollPos 74C304BE 5 Bytes JMP 00EF6E18 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!GetScrollPos 74C30E43 5 Bytes JMP 00EF6E81 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!EnableScrollBar 74C319CE 5 Bytes JMP 00EF6F9C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2940] USER32.dll!ShowScrollBar 74C33C89 5 Bytes JMP 00EF6EE5 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe[2976] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 4C, 4D, 00] {SUB [EBP+ECX*2+0x0], CL} .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 4F, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 4C, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 4D, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 4E, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 4D, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 4E, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 4C, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 4D, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 4E, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 4F, 4D, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[3924] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 5C, E5, 00] {SUB [EBP+0x0], BL} .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 5F, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 5C, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 5D, E5, 00] {TEST AL, 0x5d; IN EAX, 0x0} .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcessToken + 6 77575E86 4 Bytes CALL 765843E8 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 5E, E5, 00] {TEST AL, 0x5e; IN EAX, 0x0} .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 5D, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 5E, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThreadTokenEx + 6 77575F16 4 Bytes CALL 76584479 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 5C, E5, 00] {TEST AL, 0x5c; IN EAX, 0x0} .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtQueryFullAttributesFile + 6 775760D6 4 Bytes CALL 76584637 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 5D, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 5E, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 5F, E5, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4072] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 0C, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 0F, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 0C, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 0D, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 0E, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 0D, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 0E, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 0C, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 0D, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 0E, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 0F, 69, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4304] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[4328] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[4408] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 78, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 7B, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 78, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 79, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 7A, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 79, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 7A, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 78, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 79, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 7A, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 7B, 44, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[4424] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[4520] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4772] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5316] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, C8, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, CB, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, C8, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, C9, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcessToken + 6 77575E86 4 Bytes CALL 76585C54 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, CA, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, C9, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, CA, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThreadTokenEx + 6 77575F16 4 Bytes CALL 76585CE5 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, C8, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtQueryFullAttributesFile + 6 775760D6 4 Bytes CALL 76585EA3 .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, C9, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, CA, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, CB, FD, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5496] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateFile + 6 775756B6 4 Bytes [28, 00, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateFile + B 775756BB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtMapViewOfSection + 6 77575D16 1 Byte [28] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtMapViewOfSection + 6 77575D16 4 Bytes [28, 03, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtMapViewOfSection + B 77575D1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenFile + 6 77575DC6 4 Bytes [68, 00, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenFile + B 77575DCB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenProcess + 6 77575E76 4 Bytes [A8, 01, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenProcess + B 77575E7B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenProcessToken + B 77575E8B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenProcessTokenEx + 6 77575E96 4 Bytes [A8, 02, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenProcessTokenEx + B 77575E9B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenThread + 6 77575EF6 4 Bytes [68, 01, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenThread + B 77575EFB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenThreadToken + 6 77575F06 4 Bytes [68, 02, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenThreadToken + B 77575F0B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtOpenThreadTokenEx + B 77575F1B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtQueryAttributesFile + 6 77576026 4 Bytes [A8, 00, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtQueryAttributesFile + B 7757602B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtQueryFullAttributesFile + B 775760DB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtSetInformationFile + 6 77576726 4 Bytes [28, 01, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtSetInformationFile + B 7757672B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtSetInformationThread + 6 77576786 4 Bytes [28, 02, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtSetInformationThread + B 7757678B 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 1 Byte [68] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtUnmapViewOfSection + 6 77576AA6 4 Bytes [68, 03, 68, 00] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtUnmapViewOfSection + B 77576AAB 1 Byte [E2] .text C:\Program Files\Opera\33.0.1990.115\opera.exe[5520] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5648] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5760] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\WUDFHost.exe[5852] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtCreateEvent 77575690 5 Bytes JMP 5DB71D50 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtCreateMutant 77575730 5 Bytes JMP 5DB71D70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtCreateSemaphore 775757E0 5 Bytes JMP 5DB71D90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtCreateUserProcess 77575860 5 Bytes JMP 5DB71DB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtMapViewOfSection 77575D10 5 Bytes JMP 5DB71AB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtResumeThread 77576590 5 Bytes JMP 5DB71C80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5996] ntdll.dll!NtWriteVirtualMemory 77576B80 5 Bytes JMP 5DB71940 C:\Program Files\AVG\Av\avghookx.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73292437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73275600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [732756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [732924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73288514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73284CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7328506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73285144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73286671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7328826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [732887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7328901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7328E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[744] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73284BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Malwarebytes Anti-Malware\mbamservice.exe 0x0B 0x4B 0x3E 0x93 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xA7 0x3E 0x73 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0xDD 0xE5 0x9F 0x68 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x29 0x47 0x60 0xAF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe 0xDB 0x05 0xB0 0xD1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x58 0xED 0x09 0xEE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x22 0xC1 0x34 0xB5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xD8 0x56 0x54 0x26 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\a-squared Free\a2service.exe 0xD8 0x74 0x72 0x4A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\615448c45b422dff33b9\Setup\SDKSetup.exe 0xBE 0x24 0x0E 0x80 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\cbe18ee54d6fc65f16f19a16\Setup\SDKSetup.exe 0x36 0x9A 0xC7 0x49 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\6f82278001633198464849d642ce5695\Setup\SDKSetup.exe 0x88 0xB5 0xDB 0x77 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe 0xA0 0xE1 0x27 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 0x16 0x2C 0xFA 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 0xE5 0x35 0x97 0x50 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Hi-Rez Studios\HiPatchService.exe 0x63 0xAE 0x50 0x96 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Hi-Rez Studios\HiPatchInstHelper.exe 0x85 0x4C 0xD0 0x45 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Steam\steamapps\common\SMITE\Binaries\Redist\FlashInstallWrapper.exe 0x8A 0x0A 0x2E 0x76 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe 0x05 0xB2 0x68 0x77 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Hi-Rez Studios\HirezLauncherUI.exe 0x8C 0x2F 0xD1 0x79 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Patryk\Downloads\FRST.exe 0x34 0x93 0xC0 0xEB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Malwarebytes Anti-Malware\mbamservice.exe 0xDA 0x95 0x23 0x23 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe 0x9A 0x8A 0x66 0xEF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x11 0x4B 0x9C 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe 0x02 0x70 0x5F 0x95 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\WTFast\WTFast.exe 0x5F 0x01 0x20 0x96 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe 0x11 0x9B 0x2D 0x9A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Patryk\Downloads\office2007sp3-kb2526086-fullfile-pl-pl.exe 0x93 0x1C 0xA9 0x3D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xF8 0xD8 0x26 0x53 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe 0x75 0x37 0x2F 0x75 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Support Solutions\Modules\unzip.exe 0x7C 0xC6 0x98 0x64 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Patryk\AppData\Local\Temp\FrameworkPatch\PatchInstaller.exe 0xAD 0x5C 0xDB 0x91 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x9A 0xD9 0xDD 0xAA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x68 0x3B 0x68 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume4\Program Files\Malwarebytes Anti-Malware\mbamservice.exe 0x5A 0x81 0x3C 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume3\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe 0x2E 0x46 0x4F 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume4\Program Files\WTFast\WTFast.exe 0xE4 0x24 0xC6 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume3\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe 0x0E 0x06 0x69 0xE4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume3\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe 0x01 0x00 0x46 0x21 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater\HPSSFUpdater.exe 0x91 0xE4 0x0D 0x69 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\a-squared Free\a2service.exe 0xA0 0x36 0x0A 0x4F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Patryk\AppData\Local\Temp\7zSC409.tmp\WebCompanionInstaller.exe 0x91 0x19 0x7B 0xDA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe 0x5F 0x62 0xDA 0x04 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Temp\7zS4430.tmp\WebCompanionInstaller.exe 0xD9 0xEB 0x1D 0xBE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Patryk\AppData\Local\Temp\Epic-48b58657-6edd-4f37-b6fc-8d27c79465b4\Binaries\UnSetup.exe 0x2E 0x95 0xFF 0x5A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Patryk\Downloads\FRST.exe 0x58 0xCB 0x3A 0xEF ... ---- EOF - GMER 2.1 ----