GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-07 18:56:17 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250410AS rev.3.AAE 232,88GB Running: u7lcxphk.exe; Driver: C:\Users\Adam\AppData\Local\Temp\aftcqaow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x901E86F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x901E8820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x901E8010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x901E84E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x901E8300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x901E83F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x901E8120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x901E8210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x901E85F0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 82C91EC5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CCC272 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82CD38FC 8 Bytes [F0, 86, 1E, 90, 20, 88, 1E, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82CD3944 4 Bytes [10, 80, 1E, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 82CD3964 4 Bytes [E0, 84, 1E, 90] {LOOPNZ 0xffffff86; PUSH DS; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82CD3C04 8 Bytes [00, 83, 1E, 90, F0, 83, 1E, ...] {ADD [EBX-0x7c0f6fe2], AL; PUSH DS; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82CD3C14 8 Bytes [20, 81, 1E, 90, 10, 82, 1E, ...] {AND [ECX-0x7def6fe2], AL; PUSH DS; NOP } .text ... ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2060] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateFile + 6 770E5136 4 Bytes [28, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateFile + B 770E513B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateKey + 6 770E5176 4 Bytes [68, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateKey + B 770E517B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateMutant + 6 770E51B6 4 Bytes [68, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateMutant + B 770E51BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateSection + 6 770E5256 4 Bytes [A8, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateSection + B 770E525B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtMapViewOfSection + B 770E579B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenFile + 6 770E5846 4 Bytes [68, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenFile + B 770E584B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenKey + 6 770E5876 4 Bytes [A8, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenKey + B 770E587B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenKeyEx + B 770E588B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenMutant + 6 770E58C6 4 Bytes [28, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenMutant + B 770E58CB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcess + 6 770E58F6 4 Bytes [68, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcess + B 770E58FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcessToken + 6 770E5906 4 Bytes [A8, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcessToken + B 770E590B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcessTokenEx + 6 770E5916 4 Bytes [68, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenProcessTokenEx + B 770E591B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenSection + B 770E593B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThread + 6 770E5976 4 Bytes [28, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThread + B 770E597B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThreadToken + 6 770E5986 4 Bytes [28, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThreadToken + B 770E598B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThreadTokenEx + 6 770E5996 4 Bytes [A8, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtOpenThreadTokenEx + B 770E599B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtQueryAttributesFile + 6 770E5AA6 4 Bytes [A8, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtQueryAttributesFile + B 770E5AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtQueryFullAttributesFile + B 770E5B5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtSetInformationFile + 6 770E61A6 4 Bytes [28, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtSetInformationFile + B 770E61AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtSetInformationThread + B 770E620B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtUnmapViewOfSection + 6 770E6526 4 Bytes [28, 85, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtUnmapViewOfSection + B 770E652B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] kernel32.dll!CreateProcessW 76FC204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] kernel32.dll!CreateProcessA 76FC2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!ActivateKeyboardLayout 760681F3 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!ScreenToClient 7606A4D6 7 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!RegisterClipboardFormatA 7606C061 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!RegisterClipboardFormatW 7606DF5D 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!SetCursor 7607304D 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!MonitorFromWindow 760735FA 7 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!PostMessageW 76074453 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!IsWindowVisible 76074D41 7 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClientRect 760754B5 7 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!MapWindowPoints 76075C82 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetParent 76076001 7 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!EmptyClipboard 760828DC 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!SetClipboardData 76082932 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardData 76082B77 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardFormatNameW 76085FA2 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!SetClipboardViewer 76086FC6 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardFormatNameA 76086FDA 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!ChangeClipboardChain 7609144C 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetTopWindow 760924A9 7 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!CloseClipboard 7609443C 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!OpenClipboard 7609444E 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!IsClipboardFormatAvailable 760944CF 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardSequenceNumber 760944E3 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardOwner 760944F5 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!CountClipboardFormats 760946DA 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!EnumClipboardFormats 760947BC 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetOpenClipboardWindow 760947DB 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!SetCursorPos 760AC20F 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardViewer 760C4B73 3 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetClipboardViewer + 4 760C4B77 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetPriorityClipboardFormat 760C4C75 3 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] user32.DLL!GetPriorityClipboardFormat + 4 760C4C79 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!DeleteObject 76015F14 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SelectObject 76016640 5 Bytes JMP 000E05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetTextColor 76016906 5 Bytes JMP 000E0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetBkMode 760169B1 5 Bytes JMP 000E08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!DeleteDC 76016EAA 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetDeviceCaps 76016F7F 5 Bytes JMP 000E03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!ExtSelectClipRgn 76017114 5 Bytes JMP 000E02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SelectClipRgn 76017242 5 Bytes JMP 000E05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetCurrentObject 760177BD 5 Bytes JMP 000E0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetStretchBltMode 76017804 5 Bytes JMP 000E06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextMetricsW 76017AAF 5 Bytes JMP 000E0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextAlign 76017CCF 5 Bytes JMP 000E0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!IntersectClipRect 76017D1E 5 Bytes JMP 000E03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!ExtTextOutW 760180B2 5 Bytes JMP 000E0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetTextAlign 760181AE 5 Bytes JMP 000E09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetClipBox 76018445 5 Bytes JMP 000E0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!MoveToEx 76018B41 5 Bytes JMP 000E0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!CreateDCA 76019BED 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!StretchDIBits 7601A77C 5 Bytes JMP 000E0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!RestoreDC 7601A8B9 5 Bytes JMP 000E0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SaveDC 7601A989 5 Bytes JMP 000E0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextExtentPoint32W 7601B6F5 5 Bytes JMP 000E0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextFaceW 7601B924 5 Bytes JMP 000E0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetFontData 7601BC9B 5 Bytes JMP 000E0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!CreateDCW 7601C7CD 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!CreateICW 7601C896 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetWorldTransform 7601CCD7 5 Bytes JMP 000E06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextMetricsA 7601D4A4 5 Bytes JMP 000E0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!Rectangle 7601F0A3 5 Bytes JMP 000E09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!LineTo 7601F564 5 Bytes JMP 000E0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetICMMode 7601FA6D 5 Bytes JMP 000E0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!ExtTextOutA 760205B8 5 Bytes JMP 000E0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextExtentPoint32A 760209C9 5 Bytes JMP 000E0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetTextFaceA 76020FA8 5 Bytes JMP 000E0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!ExtEscape 760225F1 5 Bytes JMP 000E02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!ResetDCW 76023869 5 Bytes JMP 000E0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!EndPage 76023EA8 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetPolyFillMode 76026551 5 Bytes JMP 000E0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SetMiterLimit 7602670D 5 Bytes JMP 000E0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!Escape 760306F8 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!GetGlyphOutlineW 7603C412 5 Bytes JMP 000E0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!CreateScalableFontResourceW 7603EA6F 5 Bytes JMP 000E0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!AddFontResourceW 7603EE6B 5 Bytes JMP 000E0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!RemoveFontResourceW 7603F361 5 Bytes JMP 000E0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!AbortDoc 76045084 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!EndDoc 760454CB 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!StartPage 760455B6 5 Bytes JMP 000E0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!StartDocW 76045FD1 5 Bytes JMP 000E07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!BeginPath 7604677D 5 Bytes JMP 000E0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!SelectClipPath 760467D4 5 Bytes JMP 000E0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!CloseFigure 7604682F 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!EndPath 76046886 5 Bytes JMP 000E0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!StrokePath 76046AB9 5 Bytes JMP 000E07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!FillPath 76046B46 5 Bytes JMP 000E0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!PolylineTo 76046FB4 5 Bytes JMP 000E04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!PolyBezierTo 76047045 5 Bytes JMP 000E04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] GDI32.dll!PolyDraw 760470F7 5 Bytes JMP 000E08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ole32.dll!OleSetClipboard 767801BE 5 Bytes JMP 00270030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ole32.dll!OleIsCurrentClipboard 7678363E 5 Bytes JMP 00270070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2848] ole32.dll!OleGetClipboard 767AFD65 5 Bytes JMP 002700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe[2864] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[3380] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Winamp\winampa.exe[3720] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Av\avgui.exe[3756] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[3764] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3788] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\Framework\Common\avguix.exe[3820] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3832] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe[3848] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3976] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4100] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[4312] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4364] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!LdrLoadDll 77102101 5 Bytes JMP 67F67940 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] USER32.dll!CreateWindowExA 7606BF10 5 Bytes JMP 5A9D2730 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4436] USER32.dll!CreateWindowExW 7606EC4C 5 Bytes JMP 5A5446B4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4480] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[4764] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!LdrLoadDll 77102101 5 Bytes JMP 67F67940 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 770095DE 7 Bytes JMP 5A84DBE7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] kernel32.dll!QueryPerformanceCounter + 13 7700C5E5 7 Bytes JMP 5A84EA1A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] kernel32.dll!LoadAppInitDlls + 355 7700F6A6 7 Bytes JMP 5A591B09 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] USER32.dll!CreateWindowExA 7606BF10 5 Bytes JMP 5A9D2730 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] USER32.dll!CreateWindowExW 7606EC4C 5 Bytes JMP 5A5446B4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] USER32.dll!GetWindowInfo 76074B36 5 Bytes JMP 5B474840 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5344] GDI32.dll!GetViewportOrgEx + 26C 7601876B 7 Bytes JMP 5A84D4F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5508] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtCreateEvent 770E5110 5 Bytes JMP 6AC82650 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtCreateMutant 770E51B0 5 Bytes JMP 6AC828E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtCreateSemaphore 770E5260 5 Bytes JMP 6AC82B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtCreateUserProcess 770E52E0 5 Bytes JMP 6AC82E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtMapViewOfSection 770E5790 5 Bytes JMP 6AC82360 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtOpenEvent 770E5820 5 Bytes JMP 6AC827A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtOpenMutant 770E58C0 5 Bytes JMP 6AC82A30 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtOpenSemaphore 770E5940 5 Bytes JMP 6AC82CC0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtQueryInformationProcess 770E5BB0 5 Bytes JMP 6AC830E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtResumeThread 770E6010 5 Bytes JMP 6AC82520 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!NtWriteVirtualMemory 770E6600 5 Bytes JMP 6AC821F0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!RtlQueryEnvironmentVariable 770F859F 5 Bytes JMP 6AC82F80 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5940] ntdll.dll!RtlDecompressBuffer 771556BD 5 Bytes JMP 6AC82E90 C:\Program Files\AVG\Av\avghookx.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xAC 0x17 0x29 0xF3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x17 0xFE 0xD5 0xCE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xCC 0xCF 0xF6 0x4F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x99 0xF7 0xF7 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe 0x16 0x3E 0x29 0x95 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe 0x5E 0x37 0xCA 0x69 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x7E 0xC4 0x56 0x21 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x17 0x4D 0x6B 0xC4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\aitstatic.exe 0x0A 0xB3 0x0C 0xC1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0xE4 0xDF 0x97 0xCE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe 0xDA 0xCC 0x25 0xAF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xAD 0xCE 0xB5 0x8F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x1F 0x0B 0x3C 0xB7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\AVG\Av\avgmfapx.exe 0x92 0x95 0x9E 0x9C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@E6C0BDC9 1294 ---- EOF - GMER 2.2 ----