GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-14 22:04:27 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD501LJ rev.CR100-12 465,76GB Running: 7mc1ry6e.exe; Driver: C:\Users\Skiba\AppData\Local\Temp\fwrdykod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C55A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8F212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateFile + 6 77D0560E 4 Bytes [28, A8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateFile + B 77D05613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateKey + 6 77D0564E 4 Bytes [68, A9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateKey + B 77D05653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateMutant + 6 77D0568E 4 Bytes [68, AA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateMutant + B 77D05693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateSection + 6 77D0572E 4 Bytes [A8, AA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtCreateSection + B 77D05733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtMapViewOfSection + 6 77D05C6E 4 Bytes CALL 76D0641F C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtMapViewOfSection + B 77D05C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenFile + 6 77D05D1E 4 Bytes [68, A8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenFile + B 77D05D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenKey + 6 77D05D4E 4 Bytes [A8, A9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenKey + B 77D05D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenKeyEx + 6 77D05D5E 4 Bytes CALL 76D0650C C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenKeyEx + B 77D05D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenMutant + 6 77D05D9E 4 Bytes [28, AA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenMutant + B 77D05DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcess + 6 77D05DCE 4 Bytes [68, AB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcess + B 77D05DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcessToken + 6 77D05DDE 4 Bytes [A8, AB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcessToken + B 77D05DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DEE 4 Bytes [68, AC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenProcessTokenEx + B 77D05DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenSection + 6 77D05E0E 4 Bytes CALL 76D065BD C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenSection + B 77D05E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThread + 6 77D05E4E 4 Bytes [28, AB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThread + B 77D05E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThreadToken + 6 77D05E5E 4 Bytes [28, AC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThreadToken + B 77D05E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E6E 4 Bytes [A8, AC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtOpenThreadTokenEx + B 77D05E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtQueryAttributesFile + 6 77D05F7E 4 Bytes [A8, A8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtQueryAttributesFile + B 77D05F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtQueryFullAttributesFile + 6 77D0602E 4 Bytes CALL 76D067DB C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtQueryFullAttributesFile + B 77D06033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtSetInformationFile + 6 77D0667E 4 Bytes [28, A9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtSetInformationFile + B 77D06683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtSetInformationThread + 6 77D066DE 4 Bytes CALL 76D06E8E C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtSetInformationThread + B 77D066E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtUnmapViewOfSection + 6 77D069FE 4 Bytes [28, AD, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ntdll.dll!NtUnmapViewOfSection + B 77D06A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] kernel32.dll!CreateProcessW 767F204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] kernel32.dll!CreateProcessA 767F2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!ActivateKeyboardLayout 77778203 5 Bytes JMP 001304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!ScreenToClient 7777A506 7 Bytes JMP 00130670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!RegisterClipboardFormatA 7777C091 5 Bytes JMP 001302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!RegisterClipboardFormatW 7777DF8D 5 Bytes JMP 001302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!SetCursor 77783075 5 Bytes JMP 00130530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!MonitorFromWindow 77783622 7 Bytes JMP 00130630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!PostMessageW 7778447B 5 Bytes JMP 001305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!IsWindowVisible 77784D69 7 Bytes JMP 001306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClientRect 777854DD 7 Bytes JMP 001305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!MapWindowPoints 77785CAA 5 Bytes JMP 00130570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetParent 77786029 7 Bytes JMP 001306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!EmptyClipboard 7779290C 5 Bytes JMP 00130130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!SetClipboardData 77792962 5 Bytes JMP 00130170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardData 77792BA7 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardFormatNameW 77795FD2 5 Bytes JMP 00130230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!SetClipboardViewer 77796FF6 5 Bytes JMP 001304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardFormatNameA 7779700A 5 Bytes JMP 00130270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!ChangeClipboardChain 777A147C 5 Bytes JMP 00130430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetTopWindow 777A24D9 7 Bytes JMP 00130730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!CloseClipboard 777A446C 5 Bytes JMP 001300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!OpenClipboard 777A447E 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!IsClipboardFormatAvailable 777A44FF 5 Bytes JMP 001300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardSequenceNumber 777A4513 5 Bytes JMP 00130330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardOwner 777A4525 5 Bytes JMP 00130370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!CountClipboardFormats 777A470A 5 Bytes JMP 001301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!EnumClipboardFormats 777A47EC 5 Bytes JMP 001301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetOpenClipboardWindow 777A480B 5 Bytes JMP 001303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!SetCursorPos 777BC1B0 5 Bytes JMP 00130770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetClipboardViewer 777D4AF7 5 Bytes JMP 00130470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] user32.DLL!GetPriorityClipboardFormat 777D4BF9 5 Bytes JMP 001303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!DeleteObject 76295F14 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SelectObject 76296640 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetTextColor 76296906 5 Bytes JMP 00140A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetBkMode 762969B1 5 Bytes JMP 001408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!DeleteDC 76296EAA 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetDeviceCaps 76296F7F 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!ExtSelectClipRgn 76297114 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SelectClipRgn 76297242 5 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetStretchBltMode 76297705 5 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetCurrentObject 76297917 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextMetricsW 76297B8F 5 Bytes JMP 00140E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextAlign 76297DAF 5 Bytes JMP 00140D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!IntersectClipRect 76297DFE 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!ExtTextOutW 76298192 5 Bytes JMP 00140970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetTextAlign 7629828E 5 Bytes JMP 001409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetClipBox 76298525 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!MoveToEx 76298C21 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!StretchDIBits 7629A53E 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!RestoreDC 7629A67B 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SaveDC 7629A74B 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextExtentPoint32W 7629B4B5 5 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextFaceW 7629B73A 2 Bytes JMP 00140D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextFaceW + 3 7629B73D 2 Bytes JMP 39C03389 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetFontData 7629BCC4 5 Bytes JMP 00140C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetWorldTransform 7629C90A 5 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!CreateDCA 7629CCA9 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!CreateDCW 7629CF79 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!CreateICW 7629CFD0 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextMetricsA 7629D0F2 5 Bytes JMP 00140DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!Rectangle 7629F1FF 5 Bytes JMP 001409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!LineTo 7629F59B 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetICMMode 7629FAA4 5 Bytes JMP 00140DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!ExtTextOutA 762A0D20 5 Bytes JMP 00140930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextExtentPoint32A 762A117F 5 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!ExtEscape 762A2D49 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!Escape 762A3400 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!ResetDCW 762A3A9B 5 Bytes JMP 00140AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!EndPage 762A40DA 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetPolyFillMode 762A67E1 5 Bytes JMP 00140B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SetMiterLimit 762A699D 5 Bytes JMP 00140B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetTextFaceA 762B0D22 5 Bytes JMP 00140CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!GetGlyphOutlineW 762BC2DA 5 Bytes JMP 00140CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!CreateScalableFontResourceW 762BE937 5 Bytes JMP 00140BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!AddFontResourceW 762BED33 5 Bytes JMP 00140BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!RemoveFontResourceW 762BF229 5 Bytes JMP 00140C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!AbortDoc 762C4E29 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!EndDoc 762C5270 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!StartPage 762C535B 5 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!StartDocW 762C5D76 5 Bytes JMP 001407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!BeginPath 762C651D 5 Bytes JMP 00140830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!SelectClipPath 762C6574 5 Bytes JMP 00140AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!CloseFigure 762C65CF 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!EndPath 762C6626 5 Bytes JMP 00140A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!StrokePath 762C6859 5 Bytes JMP 001407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!FillPath 762C68E6 5 Bytes JMP 00140870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!PolylineTo 762C6D54 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!PolyBezierTo 762C6DE5 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] GDI32.dll!PolyDraw 762C6E97 5 Bytes JMP 001408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ole32.dll!OleSetClipboard 76350045 5 Bytes JMP 00160030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ole32.dll!OleIsCurrentClipboard 763536B2 5 Bytes JMP 00160070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1272] ole32.dll!OleGetClipboard 7637FDCD 5 Bytes JMP 001600B0 .text D:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exe[3060] kernel32.dll!SetUnhandledExceptionFilter 7683F4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text D:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exe[3060] kernel32.dll!ExitProcess + 1 7684BBD3 1 Byte [FF] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3260] USER32.dll!GetWindowInfo 77784B5E 5 Bytes JMP 56D15F7C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3260] USER32.dll!ToUnicodeEx + 71 77792223 7 Bytes JMP 56D0F95F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] ntdll.dll!LdrGetProcedureAddress + 26 77D222A9 7 Bytes JMP 569BF920 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7683941E 7 Bytes JMP 5718329A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] kernel32.dll!QueryPerformanceCounter + 13 7683C425 7 Bytes JMP 571832BD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] kernel32.dll!LoadAppInitDlls + 355 7683F4E6 7 Bytes JMP 569C40F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3376] GDI32.dll!GetViewportOrgEx + 26C 7629884B 7 Bytes JMP 5718321B C:\Program Files\Mozilla Firefox\xul.dll ---- EOF - GMER 2.1 ----