GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-27 21:50:39 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1237GSX rev.DL130M 111,79GB Running: uwdnr5t6.exe; Driver: C:\Users\Ewa\AppData\Local\Temp\uxriipow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x94DC66F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x94DC6820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x94DC6010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x94DC64E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x94DC6300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x94DC63F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x94DC6120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x94DC6210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x94DC65F0] ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ZwRollbackTransaction + 13F5 830718A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83091302 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1617 830987E4 8 Bytes [F0, 66, DC, 94, 20, 68, DC, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 165F 8309882C 4 Bytes [10, 60, DC, 94] {ADC [EAX-0x24], AH; XCHG ESP, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 167F 8309884C 4 Bytes [E0, 64, DC, 94] .text ntoskrnl.exe!KeRemoveQueueEx + 191F 83098AEC 8 Bytes [00, 63, DC, 94, F0, 63, DC, ...] {ADD [EBX-0x24], AH; XCHG ESP, EAX; ARPL SP, BX; XCHG ESP, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 192F 83098AFC 8 Bytes [20, 61, DC, 94, 10, 62, DC, ...] {AND [ECX-0x24], AH; XCHG ESP, EAX; ADC [EDX-0x24], AH; XCHG ESP, EAX} .text ... ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\Ewa\AppData\Local\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[876] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateFile + 6 76F746B6 4 Bytes [28, EC, 24, 00] {SUB AH, CH; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateFile + B 76F746BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection + 6 76F74D16 4 Bytes [28, EF, 24, 00] {SUB BH, CH; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection + B 76F74D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenFile + 6 76F74DC6 4 Bytes [68, EC, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenFile + B 76F74DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcess + 6 76F74E76 4 Bytes [A8, ED, 24, 00] {TEST AL, 0xed; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcess + B 76F74E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessToken + 6 76F74E86 4 Bytes CALL 75F77378 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessToken + B 76F74E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessTokenEx + 6 76F74E96 4 Bytes [A8, EE, 24, 00] {TEST AL, 0xee; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessTokenEx + B 76F74E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThread + 6 76F74EF6 4 Bytes [68, ED, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThread + B 76F74EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadToken + 6 76F74F06 4 Bytes [68, EE, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadToken + B 76F74F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadTokenEx + 6 76F74F16 4 Bytes CALL 75F77409 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadTokenEx + B 76F74F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryAttributesFile + 6 76F75026 4 Bytes [A8, EC, 24, 00] {TEST AL, 0xec; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryAttributesFile + B 76F7502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryFullAttributesFile + 6 76F750D6 4 Bytes CALL 75F775C7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryFullAttributesFile + B 76F750DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationFile + 6 76F75726 4 Bytes [28, ED, 24, 00] {SUB CH, CH; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationFile + B 76F7572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationThread + 6 76F75786 4 Bytes [28, EE, 24, 00] {SUB DH, CH; AND AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationThread + B 76F7578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtUnmapViewOfSection + 6 76F75AA6 4 Bytes [68, EF, 24, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtUnmapViewOfSection + B 76F75AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe[2224] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + 6 76F746B6 4 Bytes [28, 30, 31, 00] {SUB [EAX], DH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + B 76F746BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + 6 76F74D16 4 Bytes [28, 33, 31, 00] {SUB [EBX], DH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + B 76F74D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + 6 76F74DC6 4 Bytes [68, 30, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + B 76F74DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + 6 76F74E76 4 Bytes [A8, 31, 31, 00] {TEST AL, 0x31; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + B 76F74E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + 6 76F74E86 4 Bytes CALL 75F77FBC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + B 76F74E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + 6 76F74E96 4 Bytes [A8, 32, 31, 00] {TEST AL, 0x32; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + B 76F74E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + 6 76F74EF6 4 Bytes [68, 31, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + B 76F74EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + 6 76F74F06 4 Bytes [68, 32, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + B 76F74F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + 6 76F74F16 4 Bytes CALL 75F7804D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + B 76F74F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + 6 76F75026 4 Bytes [A8, 30, 31, 00] {TEST AL, 0x30; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + B 76F7502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + 6 76F750D6 4 Bytes CALL 75F7820B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + B 76F750DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + 6 76F75726 4 Bytes [28, 31, 31, 00] {SUB [ECX], DH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + B 76F7572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + 6 76F75786 4 Bytes [28, 32, 31, 00] {SUB [EDX], DH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + B 76F7578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + 6 76F75AA6 4 Bytes [68, 33, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + B 76F75AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgwdsvcx.exe[3124] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3312] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\taskhost.exe[3384] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!SetScrollRange 7553AE3C 5 Bytes JMP 003E17B9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!GetScrollInfo 75545151 5 Bytes JMP 003E1740 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!SetScrollInfo 75546632 5 Bytes JMP 003E17F6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!GetScrollRange 75561B6C 5 Bytes JMP 003E16D7 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!SetScrollPos 75561BD0 5 Bytes JMP 003E16AC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!GetScrollPos 7556252B 5 Bytes JMP 003E1715 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!EnableScrollBar 7556386D 5 Bytes JMP 003E1830 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3648] USER32.dll!ShowScrollBar 75565785 5 Bytes JMP 003E1779 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 76F746B6 4 Bytes [28, 10, 04, 01] {SUB [EAX], DL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 76F746BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 76F74D16 4 Bytes [28, 13, 04, 01] {SUB [EBX], DL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 76F74D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 76F74DC6 4 Bytes [68, 10, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 76F74DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 76F74E76 4 Bytes [A8, 11, 04, 01] {TEST AL, 0x11; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 76F74E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + 6 76F74E86 4 Bytes CALL 75F8529C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 76F74E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 76F74E96 4 Bytes [A8, 12, 04, 01] {TEST AL, 0x12; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 76F74E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 76F74EF6 4 Bytes [68, 11, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 76F74EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 76F74F06 4 Bytes [68, 12, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 76F74F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + 6 76F74F16 4 Bytes CALL 75F8532D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 76F74F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 76F75026 4 Bytes [A8, 10, 04, 01] {TEST AL, 0x10; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 76F7502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + 6 76F750D6 4 Bytes CALL 75F854EB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 76F750DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 76F75726 4 Bytes [28, 11, 04, 01] {SUB [ECX], DL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 76F7572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 76F75786 4 Bytes [28, 12, 04, 01] {SUB [EDX], DL; ADD AL, 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 76F7578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 76F75AA6 4 Bytes [68, 13, 04, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 76F75AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe[3976] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5148] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtCreateEvent 76F74690 5 Bytes JMP 67DA2650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtCreateMutant 76F74730 5 Bytes JMP 67DA28E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtCreateSemaphore 76F747E0 5 Bytes JMP 67DA2B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtCreateUserProcess 76F74860 5 Bytes JMP 67DA2E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtMapViewOfSection 76F74D10 5 Bytes JMP 67DA2360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtOpenEvent 76F74DA0 5 Bytes JMP 67DA27A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtOpenMutant 76F74E40 5 Bytes JMP 67DA2A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtOpenSemaphore 76F74EC0 5 Bytes JMP 67DA2CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtQueryInformationProcess 76F75130 5 Bytes JMP 67DA30E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtResumeThread 76F75590 5 Bytes JMP 67DA2520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!NtWriteVirtualMemory 76F75B80 5 Bytes JMP 67DA21F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!RtlQueryEnvironmentVariable 76F86217 5 Bytes JMP 67DA2F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[5408] ntdll.dll!RtlDecompressBuffer 76FE5B75 5 Bytes JMP 67DA2E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + 6 76F746B6 4 Bytes [28, 24, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + B 76F746BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + 6 76F74D16 4 Bytes [28, 27, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + B 76F74D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + 6 76F74DC6 4 Bytes [68, 24, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + B 76F74DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + 6 76F74E76 4 Bytes [A8, 25, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + B 76F74E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + 6 76F74E86 4 Bytes CALL 75F7F4B0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + B 76F74E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + 6 76F74E96 4 Bytes [A8, 26, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + B 76F74E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + 6 76F74EF6 4 Bytes [68, 25, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + B 76F74EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + 6 76F74F06 4 Bytes [68, 26, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + B 76F74F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + 6 76F74F16 4 Bytes CALL 75F7F541 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + B 76F74F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + 6 76F75026 4 Bytes [A8, 24, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + B 76F7502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + 6 76F750D6 4 Bytes CALL 75F7F6FF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + B 76F750DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + 6 76F75726 4 Bytes [28, 25, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + B 76F7572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + 6 76F75786 4 Bytes [28, 26, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + B 76F7578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + 6 76F75AA6 4 Bytes [68, 27, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + B 76F75AAB 1 Byte [E2] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73D524FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73D3565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73D35719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73D52575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73D485D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73D44D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73D45134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73D45209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D46736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73D48330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73D4887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73D490E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73D4E283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\Windows\Explorer.exe[5416] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73D44CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys Device \Driver\BTHUSB \Device\0000006a bthport.sys Device \Driver\BTHUSB \Device\0000006c bthport.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037aee5ca4 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 62766 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43E004DC-3947-45D8-96DC-D82C6C7E7203}@LeaseObtainedTime 1472325241 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43E004DC-3947-45D8-96DC-D82C6C7E7203}@T1 1472627641 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43E004DC-3947-45D8-96DC-D82C6C7E7203}@T2 1472854441 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43E004DC-3947-45D8-96DC-D82C6C7E7203}@LeaseTerminatesTime 1472930041 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037aee5ca4 (not active ControlSet) ---- EOF - GMER 2.2 ----