GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-15 12:39:01 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB Running: 7v284g1s.exe; Driver: C:\Users\Majkel\AppData\Local\Temp\kwrdrpob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x910416F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x91041820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x91041010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x910414E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x91041300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x910413F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x91041120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x91041210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x910415F0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwReplaceKey + 151D 8328FB65 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C9C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 832D1284 8 Bytes [F0, 16, 04, 91, 20, 18, 04, ...] {PUSH SS; ADD AL, 0x91; AND [EAX], BL; ADD AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 832D12CC 4 Bytes [10, 10, 04, 91] {ADC [EAX], DL; ADD AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 832D12EC 4 Bytes [E0, 14, 04, 91] {LOOPNZ 0x16; ADD AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 832D158C 8 Bytes [00, 13, 04, 91, F0, 13, 04, ...] {ADD [EBX], DL; ADD AL, 0x91; ADC EAX, [ECX+EDX*4]} .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 832D159C 8 Bytes [20, 11, 04, 91, 10, 12, 04, ...] {AND [ECX], DL; ADD AL, 0x91; ADC [EDX], DL; ADD AL, 0x91} .text ... ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\ctfmon.exe[2324] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[2324] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[2324] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[2324] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\P4G\BatteryLife.exe[2432] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\P4G\BatteryLife.exe[2432] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\P4G\BatteryLife.exe[2432] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\P4G\BatteryLife.exe[2432] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2572] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2572] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2572] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2572] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2616] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2616] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2616] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2616] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[2720] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[2720] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[2720] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\unsecapp.exe[2720] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControl.exe[2888] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControl.exe[2888] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControl.exe[2888] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControl.exe[2888] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!LdrLoadDll 76FD2611 5 Bytes JMP 6FCFA902 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75F095DE 7 Bytes JMP 5B26CFC7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] kernel32.dll!QueryPerformanceCounter + 13 75F0C5E5 7 Bytes JMP 5B26D9CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] kernel32.dll!LoadAppInitDlls + 355 75F0F6A6 7 Bytes JMP 5AFD4E70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] USER32.dll!CreateWindowExA 75CFBF48 5 Bytes JMP 5B356055 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] USER32.dll!CreateWindowExW 75CFEC84 5 Bytes JMP 5AFB3FF7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] USER32.dll!GetWindowInfo 75D04B66 5 Bytes JMP 5BDE5592 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2984] GDI32.dll!GetViewportOrgEx + 26C 759187DB 7 Bytes JMP 5B26C8CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3172] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3172] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3172] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3172] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3184] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3184] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3184] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3184] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[3276] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[3276] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[3276] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[3276] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3436] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3436] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3436] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[3436] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3444] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3444] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3444] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[3444] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BsHelpCS.exe[3508] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BsHelpCS.exe[3508] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BsHelpCS.exe[3508] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BsHelpCS.exe[3508] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[3680] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[3680] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[3680] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[3680] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3800] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3800] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3800] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3800] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\Splendid\ACMON.exe[3852] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\Splendid\ACMON.exe[3852] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\Splendid\ACMON.exe[3852] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\Splendid\ACMON.exe[3852] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[4092] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[4092] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[4092] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[4092] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[4172] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[4172] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[4172] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[4172] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\WDC.exe[4216] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\WDC.exe[4216] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\WDC.exe[4216] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\WDC.exe[4216] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\GWX\GWX.exe[4312] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\GWX\GWX.exe[4312] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\GWX\GWX.exe[4312] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\GWX\GWX.exe[4312] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\ACEngSvr.exe[4328] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\ACEngSvr.exe[4328] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\ACEngSvr.exe[4328] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\ACEngSvr.exe[4328] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4616] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4616] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4616] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4616] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[4660] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[4660] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[4660] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[4660] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\DMedia.exe[4668] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\DMedia.exe[4668] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\DMedia.exe[4668] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\DMedia.exe[4668] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[4680] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[4680] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[4680] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[4680] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe[4688] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe[4688] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe[4688] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe[4688] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\V0770Mon.exe[4712] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\V0770Mon.exe[4712] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\V0770Mon.exe[4712] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\V0770Mon.exe[4712] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BtTray.exe[4736] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BtTray.exe[4736] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BtTray.exe[4736] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text D:\Program Files\New Folder\IVT Corporation\BlueSoleil\BtTray.exe[4736] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[4840] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[4840] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[4840] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[4840] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[4848] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[4848] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[4848] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[4848] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Remote Mouse\RemoteMouse.exe[4864] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Remote Mouse\RemoteMouse.exe[4864] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Remote Mouse\RemoteMouse.exe[4864] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Remote Mouse\RemoteMouse.exe[4864] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4916] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4916] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4916] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4916] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[5636] ntdll.dll!NtCreateUserProcess 76FB579C 5 Bytes JMP 6BA820E0 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[5636] ntdll.dll!NtMapViewOfSection 76FB5C4C 5 Bytes JMP 6BA81E40 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[5636] ntdll.dll!NtResumeThread 76FB64CC 5 Bytes JMP 6BA82000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[5636] ntdll.dll!NtWriteVirtualMemory 76FB6ABC 5 Bytes JMP 6BA81CD0 C:\Program Files\AVG\AVG2015\avghookx.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Threads - GMER 2.2 ---- Thread System [4:4836] AEA5FF2E ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@0017ebe9522d 0xBE 0x9C 0xA7 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@e42d023748ad 0x78 0x48 0x8F 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@e063e542084c 0xA1 0xF9 0x8D 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@f8db7fe958b4 0xD9 0x94 0x5C 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@2014112495f6 0xA3 0x8B 0x59 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@0c488599de52 0x57 0x1F 0x57 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@00023c5ca9b1 0x5A 0x52 0x35 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c0abbf@4040a70f2d38 0x58 0x1E 0x45 0x92 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@0017ebe9522d 0xBE 0x9C 0xA7 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@e42d023748ad 0x78 0x48 0x8F 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@e063e542084c 0xA1 0xF9 0x8D 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@f8db7fe958b4 0xD9 0x94 0x5C 0x7A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@2014112495f6 0xA3 0x8B 0x59 0x45 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@0c488599de52 0x57 0x1F 0x57 0xFA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@00023c5ca9b1 0x5A 0x52 0x35 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c0abbf@4040a70f2d38 0x58 0x1E 0x45 0x92 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x0B 0x92 0x51 0x61 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\explorer.exe 0x22 0xDD 0x8B 0xC7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xDC 0xFF 0x6D 0xC8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x33 0xE4 0xBD 0x03 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Remote Mouse\RemoteMouse.exe 0xFB 0x3D 0x14 0xCA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\upr.exe 0xA1 0x58 0x21 0x37 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\SoftwareUpdater\Upd4terSrv.exe 0x97 0x72 0x2F 0x0A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\SoftwareUpdater\AppsUpd4ter.exe 0xD4 0x9E 0xA1 0xCC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x61 0xA2 0x41 0xAA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0xFF 0xBF 0x52 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehshell.exe 0xCB 0x19 0x14 0xC3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehrec.exe 0xC6 0x49 0x57 0xDB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\mcupdate.exe 0x09 0x5D 0x71 0xD8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\mcGlidHost.exe 0x62 0xE8 0x3C 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe 0x38 0xEF 0xF2 0x38 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE 0x60 0xED 0xF3 0xA9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE 0x4A 0xE8 0x59 0x64 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 0x82 0x4A 0x17 0xFD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Majkel\Downloads\FRST.exe 0xCA 0x37 0x6E 0x23 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xEB 0x34 0x6B 0x61 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0x1A 0x34 0x12 0x8E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0xB2 0x3E 0xF1 0x5A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe 0x50 0xCE 0xE7 0x14 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x4A 0x56 0x04 0x48 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xD9 0x33 0xC5 0x32 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Western Digital\WD Utilities\WDDriveUtilities.exe 0xA0 0x37 0x01 0xC6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\$Windows.~BT\Sources\SetupHost.exe 0xFA 0xF7 0x32 0x19 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe 0x0E 0x68 0x39 0xD7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Majkel\AppData\Local\Temp\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}\ReachitMetrics.exe 0xBB 0x7F 0xB8 0x5B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Lenovo\REACHit\webAgent.exe 0xE5 0x82 0x18 0x70 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x47 0x2A 0x5E 0x04 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Shai Raiten\Bluetooth Radar\Blue Radar.exe 0xF9 0x20 0x54 0xF8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\WerFault.exe 0x3E 0xE1 0x3B 0x16 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\AVG\AVG2015\avgmfapx.exe 0x37 0x4D 0x04 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0xEA 0x24 0xF7 0xC6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe 0x7D 0xA5 0xDF 0x9F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@2771EF41 1117 ---- EOF - GMER 2.2 ----