GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-01 05:09:19 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PBBO 149,05GB Running: jil5ujh9.exe; Driver: C:\Users\Andrzej\AppData\Local\Temp\pwliqfob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8DEF26F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8DEF2820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8DEF2010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8DEF24E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8DEF2300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8DEF23F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8DEF2120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8DEF2210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8DEF25F0] ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!KeInsertQueue + 5AD 82873AB4 8 Bytes [F0, 26, EF, 8D, 20, 28, EF, ...] .text ntoskrnl.exe!KeInsertQueue + 5E1 82873AE8 4 Bytes [10, 20, EF, 8D] .text ntoskrnl.exe!KeInsertQueue + 5FD 82873B04 4 Bytes [E0, 24, EF, 8D] .text ntoskrnl.exe!KeInsertQueue + 801 82873D08 8 Bytes [00, 23, EF, 8D, F0, 23, EF, ...] .text ntoskrnl.exe!KeInsertQueue + 811 82873D18 8 Bytes [20, 21, EF, 8D, 10, 22, EF, ...] .text ... ---- User code sections - GMER 2.2 ---- .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\System32\svchost.exe[1336] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[1712] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2288] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + 6 77D9426A 4 Bytes [28, 94, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + B 77D9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77D949BA 4 Bytes [28, 97, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + B 77D949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + 6 77D94A4A 4 Bytes [68, 94, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + B 77D94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + 6 77D94ACA 4 Bytes [A8, 95, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + B 77D94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + 6 77D94ADA 4 Bytes CALL 76DA3974 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + B 77D94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + 6 77D94AEA 4 Bytes [A8, 96, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + B 77D94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + 6 77D94B3A 4 Bytes [68, 95, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + B 77D94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + 6 77D94B4A 4 Bytes [68, 96, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + B 77D94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + 6 77D94B5A 4 Bytes CALL 76DA39F5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + B 77D94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + 6 77D94BEA 4 Bytes [A8, 94, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + B 77D94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + 6 77D94C9A 4 Bytes CALL 76DA3B33 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + B 77D94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + 6 77D9517A 4 Bytes [28, 95, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + B 77D9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + 6 77D951CA 4 Bytes [28, 96, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + B 77D951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77D9546A 4 Bytes [68, 97, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + B 77D9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3516] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\wuauclt.exe[4492] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxext.exe[4496] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\igfxsrvc.exe[4556] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4756] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5104] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateFile + 6 77D9426A 4 Bytes [28, F8, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateFile + B 77D9426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtMapViewOfSection + 6 77D949BA 4 Bytes [28, FB, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtMapViewOfSection + B 77D949BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenFile + 6 77D94A4A 4 Bytes [68, F8, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenFile + B 77D94A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcess + 6 77D94ACA 4 Bytes [A8, F9, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcess + B 77D94ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcessToken + 6 77D94ADA 4 Bytes CALL 76D970D8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcessToken + B 77D94ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcessTokenEx + 6 77D94AEA 4 Bytes [A8, FA, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenProcessTokenEx + B 77D94AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThread + 6 77D94B3A 4 Bytes [68, F9, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThread + B 77D94B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThreadToken + 6 77D94B4A 4 Bytes [68, FA, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThreadToken + B 77D94B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThreadTokenEx + 6 77D94B5A 4 Bytes CALL 76D97159 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtOpenThreadTokenEx + B 77D94B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtQueryAttributesFile + 6 77D94BEA 4 Bytes [A8, F8, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtQueryAttributesFile + B 77D94BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtQueryFullAttributesFile + 6 77D94C9A 4 Bytes CALL 76D97297 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtQueryFullAttributesFile + B 77D94C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtSetInformationFile + 6 77D9517A 4 Bytes [28, F9, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtSetInformationFile + B 77D9517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtSetInformationThread + 6 77D951CA 4 Bytes [28, FA, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtSetInformationThread + B 77D951CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtUnmapViewOfSection + 6 77D9546A 4 Bytes [68, FB, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtUnmapViewOfSection + B 77D9546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5212] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Users\Andrzej\Downloads\jil5ujh9.exe[5308] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[5864] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!RtlDecompressBuffer 77D35E00 5 Bytes JMP 6CF52FD0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!RtlQueryEnvironmentVariable 77D6C3BF 5 Bytes JMP 6CF530C0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtCreateEvent 77D94244 5 Bytes JMP 6CF52790 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtCreateMutant 77D942D4 5 Bytes JMP 6CF52A20 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtCreateSemaphore 77D94364 5 Bytes JMP 6CF52CB0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtMapViewOfSection 77D949B4 5 Bytes JMP 6CF524A0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtOpenEvent 77D94A24 5 Bytes JMP 6CF528E0 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtOpenMutant 77D94A94 5 Bytes JMP 6CF52B70 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtOpenSemaphore 77D94B04 5 Bytes JMP 6CF52E00 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtQueryInformationProcess 77D94CE4 5 Bytes JMP 6CF53120 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtResumeThread 77D95044 5 Bytes JMP 6CF52660 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtWriteVirtualMemory 77D95504 5 Bytes JMP 6CF52330 C:\Program Files\AVG\Av\avghookx.dll .text C:\Windows\system32\svchost.exe[5920] ntdll.dll!NtCreateUserProcess 77D95694 5 Bytes JMP 6CF52F40 C:\Program Files\AVG\Av\avghookx.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cf91c0c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cf93306 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cf91c0c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cf93306 Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242cf91c0c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00242cf93306 (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----