GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-31 13:18:10 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0,00MB Running: w7hh6cll.exe; Driver: C:\Users\User\AppData\Local\Temp\pxldapob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x929346F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x92934820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x92934010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x929344E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x92934300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x929343F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x92934120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x92934210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x929345F0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 5F0 822BBC14 8 Bytes [F0, 46, 93, 92, 20, 48, 93, ...] {INC ESI; XCHG EBX, EAX; XCHG EDX, EAX; AND [EAX-0x6d], CL; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 624 822BBC48 4 Bytes [10, 40, 93, 92] {ADC [EAX-0x6d], AL; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 640 822BBC64 4 Bytes [E0, 44, 93, 92] {LOOPNZ 0x46; XCHG EBX, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 844 822BBE68 8 Bytes [00, 43, 93, 92, F0, 43, 93, ...] {ADD [EBX-0x6d], AL; XCHG EDX, EAX; INC EBX; XCHG EBX, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 854 822BBE78 8 Bytes [20, 41, 93, 92, 10, 42, 93, ...] {AND [ECX-0x6d], AL; XCHG EDX, EAX; ADC [EDX-0x6d], AL; XCHG EDX, EAX} .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[1520] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_286_ActiveX.exe[2080] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2292] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2708] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!SetWindowsHookExW 765F7B69 5 Bytes JMP 6B869AC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CallNextHookEx 765F8C33 5 Bytes JMP 6B85D0ED C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!GetAsyncKeyState 765F8DF4 5 Bytes JMP 6B788EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamW 765FBD25 5 Bytes JMP 6B96480F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!SendInput 765FBEE7 5 Bytes JMP 6B965C43 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!EndDialog 765FC178 5 Bytes JMP 6B797E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!EnableWindow 765FDC79 5 Bytes JMP 6B86DD35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateWindowExW 76603D67 5 Bytes JMP 6B86DB1C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!GetKeyState 766087C7 5 Bytes JMP 6B86D2E3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!IsDialogMessageW 766099AE 5 Bytes JMP 6B7959D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateDialogParamA 766116FD 5 Bytes JMP 6B96547B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!IsDialogMessage 7661179A 5 Bytes JMP 6B964D17 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamW 76611FD5 5 Bytes JMP 6B7954C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateDialogIndirectParamA 766127CD 5 Bytes JMP 6B9654B2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateDialogIndirectParamW 76619AFA 5 Bytes JMP 6B9654E9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!UnhookWindowsHookEx 766208BE 5 Bytes JMP 6B7D467C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateDialogParamW 76621C58 5 Bytes JMP 6B86DEA8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!SetKeyboardState 76621ECE 5 Bytes JMP 6B965086 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!SetCursorPos 76636F1A 5 Bytes JMP 6B965C97 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamA 766380B2 5 Bytes JMP 6B9647AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamA 766383DD 5 Bytes JMP 6B964872 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectA 7664D471 5 Bytes JMP 6B964741 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectW 7664D56B 5 Bytes JMP 6B9646D6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExA 7664D5D1 5 Bytes JMP 6B964674 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExW 7664D5F5 5 Bytes JMP 6B964612 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!keybd_event 7664D93C 5 Bytes JMP 6B965FC7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] SHELL32.dll!SHRestricted + DFD 75298390 4 Bytes [4D, 30, 85, 64] .text C:\Program Files\Internet Explorer\iexplore.exe[3108] SHELL32.dll!SHRestricted + E05 75298398 8 Bytes [57, 2F, 85, 64, 9C, 5B, 84, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ole32.dll!OleLoadFromStream 74CF9794 5 Bytes JMP 6B964B77 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3108] ole32.dll!CoCreateInstance 74D2E2D8 5 Bytes JMP 6B86DB78 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3180] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3396] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[3436] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SetWindowsHookExW 765F7B69 5 Bytes JMP 6B869AC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CallNextHookEx 765F8C33 5 Bytes JMP 6B85D0ED C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!GetAsyncKeyState 765F8DF4 5 Bytes JMP 6B788EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamW 765FBD25 5 Bytes JMP 6B96480F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SendInput 765FBEE7 5 Bytes JMP 6B965C43 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!EndDialog 765FC178 5 Bytes JMP 6B797E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!EnableWindow 765FDC79 5 Bytes JMP 6B86DD35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateWindowExW 76603D67 5 Bytes JMP 6B86DB1C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!GetKeyState 766087C7 5 Bytes JMP 6B86D2E3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!IsDialogMessageW 766099AE 5 Bytes JMP 6B7959D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateDialogParamA 766116FD 5 Bytes JMP 6B96547B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!IsDialogMessage 7661179A 5 Bytes JMP 6B964D17 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamW 76611FD5 5 Bytes JMP 6B7954C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateDialogIndirectParamA 766127CD 5 Bytes JMP 6B9654B2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateDialogIndirectParamW 76619AFA 5 Bytes JMP 6B9654E9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!UnhookWindowsHookEx 766208BE 5 Bytes JMP 6B7D467C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateDialogParamW 76621C58 5 Bytes JMP 6B86DEA8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SetKeyboardState 76621ECE 5 Bytes JMP 6B965086 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SetCursorPos 76636F1A 5 Bytes JMP 6B965C97 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamA 766380B2 5 Bytes JMP 6B9647AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamA 766383DD 5 Bytes JMP 6B964872 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectA 7664D471 5 Bytes JMP 6B964741 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectW 7664D56B 5 Bytes JMP 6B9646D6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExA 7664D5D1 5 Bytes JMP 6B964674 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExW 7664D5F5 5 Bytes JMP 6B964612 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!keybd_event 7664D93C 5 Bytes JMP 6B965FC7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] SHELL32.dll!SHRestricted + DFD 75298390 4 Bytes [4D, 30, 85, 64] .text C:\Program Files\Internet Explorer\iexplore.exe[3456] SHELL32.dll!SHRestricted + E05 75298398 8 Bytes [57, 2F, 85, 64, 9C, 5B, 84, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ole32.dll!OleLoadFromStream 74CF9794 5 Bytes JMP 6B964B77 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3456] ole32.dll!CoCreateInstance 74D2E2D8 5 Bytes JMP 6B86DB78 C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3552] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\obexsrv.exe[3572] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamW 765FBD25 5 Bytes JMP 6B96480F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!CreateWindowExW 76603D67 5 Bytes JMP 6B86DB1C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamW 76611FD5 5 Bytes JMP 6B7954C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamA 766380B2 5 Bytes JMP 6B9647AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamA 766383DD 5 Bytes JMP 6B964872 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectA 7664D471 5 Bytes JMP 6B964741 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectW 7664D56B 5 Bytes JMP 6B9646D6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExA 7664D5D1 5 Bytes JMP 6B964674 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExW 7664D5F5 5 Bytes JMP 6B964612 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3792] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3828] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskeng.exe[3920] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3956] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\IDT\WDM\sttray.exe[4052] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4180] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4204] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4396] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[4956] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5144] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5228] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\audiosrv.exe[5256] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5368] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[5388] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[5552] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\conime.exe[5724] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgemcx.exe[6160] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgrsx.exe[6424] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtCreateEvent 77337C58 5 Bytes JMP 6D962670 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtCreateMutant 77337CE8 5 Bytes JMP 6D9626B0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtCreateSemaphore 77337D78 5 Bytes JMP 6D9626F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtMapViewOfSection 773383C8 5 Bytes JMP 6D9623D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtOpenEvent 77338438 5 Bytes JMP 6D962690 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtOpenMutant 773384A8 5 Bytes JMP 6D9626D0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtOpenSemaphore 77338518 5 Bytes JMP 6D962710 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtResumeThread 77338A58 5 Bytes JMP 6D962590 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtWriteVirtualMemory 77338F18 5 Bytes JMP 6D962260 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgnsx.exe[7952] ntdll.dll!NtCreateUserProcess 773390A8 5 Bytes JMP 6D962730 C:\Program Files\AVG\Av\avghookx.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 849498A8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021863bc95b Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1579 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021863bc95b (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1478389184-2235289212-306251700-1000@RefCount 9 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----