GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-29 17:04:09 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006f KINGSTON rev.603A 55,90GB Running: qr19y9nb.exe; Driver: C:\Users\Wiktor's\AppData\Local\Temp\uftdqpow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x922496F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x92249820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x92249010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x922494E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x92249300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x922493F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x92249120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x92249210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x922495F0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 83077F05 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2292 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 830B991C 8 Bytes [F0, 96, 24, 92, 20, 98, 24, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 830B9964 4 Bytes [10, 90, 24, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 13C0 830B9985 3 Bytes [94, 24, 92] {XCHG ESP, EAX; AND AL, 0x92} .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 830B9C24 8 Bytes [00, 93, 24, 92, F0, 93, 24, ...] {ADD [EBX-0x6c0f6ddc], DL; AND AL, 0x92} .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 830B9C34 8 Bytes [20, 91, 24, 92, 10, 92, 24, ...] {AND [ECX-0x6def6ddc], DL; AND AL, 0x92} .text ... ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2476] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\conhost.exe[2508] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\servicing\TrustedInstaller.exe[2584] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3688] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\sppsvc.exe[3768] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3952] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[4072] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4176] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe[4352] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[4548] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\rundll32.exe[4672] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5436] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\Dwm.exe[5448] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\Explorer.EXE[5472] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\igfxEM.exe[5580] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5728] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Users\Wiktor's\Desktop\POmoc DOraŸna\qr19y9nb.exe[5752] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5760] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5856] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Framework\Common\avguix.exe[5944] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\AVG Antivirus\Av\avgui.exe[5956] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!SetScrollRange 74E88E93 5 Bytes JMP 00FD51E6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!GetScrollInfo 74E92D7B 5 Bytes JMP 00FD516D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!SetScrollInfo 74E948B2 5 Bytes JMP 00FD5223 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!GetScrollRange 74EB042A 5 Bytes JMP 00FD5104 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!SetScrollPos 74EB048E 5 Bytes JMP 00FD50D9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!GetScrollPos 74EB0E13 5 Bytes JMP 00FD5142 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!EnableScrollBar 74EB199E 5 Bytes JMP 00FD525D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5964] USER32.dll!ShowScrollBar 74EB3C59 5 Bytes JMP 00FD51A6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[5988] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\System32\StikyNot.exe[6004] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[6084] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[6272] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[7136] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7740] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtCreateEvent 771D5110 5 Bytes JMP 6B492650 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtCreateMutant 771D51B0 5 Bytes JMP 6B4928E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtCreateSemaphore 771D5260 5 Bytes JMP 6B492B70 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtCreateUserProcess 771D52E0 5 Bytes JMP 6B492E00 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtMapViewOfSection 771D5790 5 Bytes JMP 6B492360 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtOpenEvent 771D5820 5 Bytes JMP 6B4927A0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtOpenMutant 771D58C0 5 Bytes JMP 6B492A30 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtOpenSemaphore 771D5940 5 Bytes JMP 6B492CC0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtQueryInformationProcess 771D5BB0 5 Bytes JMP 6B4930E0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtResumeThread 771D6010 5 Bytes JMP 6B492520 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!NtWriteVirtualMemory 771D6600 5 Bytes JMP 6B4921F0 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!RtlQueryEnvironmentVariable 771E859F 5 Bytes JMP 6B492F80 C:\Program Files\AVG Antivirus\Av\avghookx.dll .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7792] ntdll.dll!RtlDecompressBuffer 772456BD 5 Bytes JMP 6B492E90 C:\Program Files\AVG Antivirus\Av\avghookx.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72BB24BF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72B95661] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72B9571F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72BB253A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72BA859B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72BA4D4F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72BA50F6] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72BA51CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72BA66F8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72BA82F2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72BA8841] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72BA90A2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72BAE245] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll IAT C:\Windows\Explorer.EXE[5472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72BA4C81] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22B18392-DA30-4D0E-A114-EB563BF7F847}@LeaseObtainedTime 1477752566 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22B18392-DA30-4D0E-A114-EB563BF7F847}@T1 1477752693 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22B18392-DA30-4D0E-A114-EB563BF7F847}@T2 1477752789 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22B18392-DA30-4D0E-A114-EB563BF7F847}@LeaseTerminatesTime 1477752821 ---- EOF - GMER 2.2 ----