GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-02 01:09:40 Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 ST500DM002-1BD142 rev.KC45 465,76GB Running: 8g1hv6jw.exe; Driver: C:\Users\asiaarek\AppData\Local\Temp\fxldypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x98580004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x985800D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9857FD76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9857FE1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9857FEBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9857FF56] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C75A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82CB66EC 8 Bytes [04, 00, 58, 98, D4, 00, 58, ...] {ADD AL, 0x0; POP EAX; CWDE ; AAM 0x0; POP EAX; CWDE } .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82CB6734 4 Bytes [76, FD, 57, 98] {JBE 0xffffffff; PUSH EDI; CWDE } .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82CB6A04 8 Bytes [1E, FE, 57, 98, BA, FE, 57, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82CB6A78 4 Bytes [56, FF, 57, 98] {PUSH ESI; CALL DWORD [EDI-0x68]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateFile + 6 77AD560E 4 Bytes [28, 68, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateFile + B 77AD5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateKey + 6 77AD564E 4 Bytes [68, 69, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateKey + B 77AD5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateMutant + 6 77AD568E 4 Bytes [68, 6A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateMutant + B 77AD5693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateSection + 6 77AD572E 4 Bytes [A8, 6A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtCreateSection + B 77AD5733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtMapViewOfSection + B 77AD5C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenFile + 6 77AD5D1E 4 Bytes [68, 68, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenFile + B 77AD5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenKey + 6 77AD5D4E 4 Bytes [A8, 69, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenKey + B 77AD5D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenKeyEx + B 77AD5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenMutant + 6 77AD5D9E 4 Bytes [28, 6A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenMutant + B 77AD5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcess + 6 77AD5DCE 4 Bytes [68, 6B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcess + B 77AD5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcessToken + 6 77AD5DDE 4 Bytes [A8, 6B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcessToken + B 77AD5DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcessTokenEx + 6 77AD5DEE 4 Bytes [68, 6C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenProcessTokenEx + B 77AD5DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenSection + B 77AD5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThread + 6 77AD5E4E 4 Bytes [28, 6B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThread + B 77AD5E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThreadToken + 6 77AD5E5E 4 Bytes [28, 6C, 07, 00] {SUB [EDI+EAX+0x0], CH} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThreadToken + B 77AD5E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThreadTokenEx + 6 77AD5E6E 4 Bytes [A8, 6C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtOpenThreadTokenEx + B 77AD5E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtQueryAttributesFile + 6 77AD5F7E 4 Bytes [A8, 68, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtQueryAttributesFile + B 77AD5F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtQueryFullAttributesFile + B 77AD6033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtSetInformationFile + 6 77AD667E 4 Bytes [28, 69, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtSetInformationFile + B 77AD6683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtSetInformationThread + B 77AD66E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtUnmapViewOfSection + 6 77AD69FE 4 Bytes [28, 6D, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ntdll.dll!NtUnmapViewOfSection + B 77AD6A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] kernel32.dll!CreateProcessW 7549204D 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] kernel32.dll!CreateProcessA 75492082 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!ActivateKeyboardLayout 76EC817D 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!ScreenToClient 76ECC1F2 7 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!RegisterClipboardFormatA 76ECE6B1 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!RegisterClipboardFormatW 76ECEDFD 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!SetCursor 76ED52EA 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!MonitorFromWindow 76ED590A 7 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!PostMessageW 76ED6225 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!IsWindowVisible 76ED6939 7 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClientRect 76ED74B1 7 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!MapWindowPoints 76ED7915 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetParent 76ED7AB3 7 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!SetClipboardData 76EE4979 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!EmptyClipboard 76EE4A28 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardData 76EE4B47 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!EnumClipboardFormats 76EE4D98 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardFormatNameW 76EE7EB2 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!SetClipboardViewer 76EE8F4D 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardFormatNameA 76EE8F61 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetOpenClipboardWindow 76EE902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetOpenClipboardWindow 76EE902F 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!ChangeClipboardChain 76EF3425 5 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetTopWindow 76EF3A5D 7 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!CloseClipboard 76EF5BA7 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!OpenClipboard 76EF5BB9 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!IsClipboardFormatAvailable 76EF5C3A 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardSequenceNumber 76EF5C4E 5 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardOwner 76EF5C60 5 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!CountClipboardFormats 76EF5DC9 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!SetCursorPos 76F0C1D8 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetClipboardViewer 76F24B57 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] user32.DLL!GetPriorityClipboardFormat 76F24C59 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!DeleteObject 761F5F14 5 Bytes JMP 003401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SelectObject 761F6640 5 Bytes JMP 003405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetTextColor 761F6906 5 Bytes JMP 00340A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetBkMode 761F69B1 5 Bytes JMP 003408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!DeleteDC 761F6EAA 5 Bytes JMP 00340170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetDeviceCaps 761F6F7F 5 Bytes JMP 003403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!ExtSelectClipRgn 761F7114 5 Bytes JMP 003402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SelectClipRgn 761F7242 5 Bytes JMP 003405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetStretchBltMode 761F7705 5 Bytes JMP 003406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetCurrentObject 761F7917 5 Bytes JMP 00340370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextMetricsW 761F7B8F 5 Bytes JMP 00340E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextAlign 761F7DAF 5 Bytes JMP 00340D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!IntersectClipRect 761F7DFE 5 Bytes JMP 003403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!ExtTextOutW 761F8192 5 Bytes JMP 00340970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetTextAlign 761F828E 5 Bytes JMP 003409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetClipBox 761F8525 5 Bytes JMP 00340330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!MoveToEx 761F8C21 5 Bytes JMP 00340470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!StretchDIBits 761FA53E 5 Bytes JMP 00340770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!RestoreDC 761FA67B 5 Bytes JMP 00340530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SaveDC 761FA74B 5 Bytes JMP 00340570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextExtentPoint32W 761FB4B5 5 Bytes JMP 00340670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextFaceW 761FB73A 2 Bytes JMP 00340D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextFaceW + 3 761FB73D 2 Bytes [14, 8A] {ADC AL, 0x8a} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetFontData 761FBCC4 5 Bytes JMP 00340C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetWorldTransform 761FC90A 5 Bytes JMP 003406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!CreateDCA 761FCCA9 5 Bytes JMP 003400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!CreateDCW 761FCF79 5 Bytes JMP 003400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!CreateICW 761FCFD0 5 Bytes JMP 00340130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextMetricsA 761FD0F2 5 Bytes JMP 00340DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!Rectangle 761FF1FF 5 Bytes JMP 003409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!LineTo 761FF59B 5 Bytes JMP 00340430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetICMMode 761FFAA4 5 Bytes JMP 00340DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!ExtTextOutA 76200D20 5 Bytes JMP 00340930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextExtentPoint32A 7620117F 5 Bytes JMP 00340630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!ExtEscape 76202D49 5 Bytes JMP 003402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!Escape 76203400 5 Bytes JMP 00340270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!ResetDCW 76203A9B 5 Bytes JMP 00340AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!EndPage 762040DA 5 Bytes JMP 00340230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetPolyFillMode 762067E1 5 Bytes JMP 00340B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SetMiterLimit 7620699D 5 Bytes JMP 00340B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetTextFaceA 76210D22 5 Bytes JMP 00340CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!GetGlyphOutlineW 7621C2DA 5 Bytes JMP 00340CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!CreateScalableFontResourceW 7621E937 5 Bytes JMP 00340BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!AddFontResourceW 7621ED33 5 Bytes JMP 00340BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!RemoveFontResourceW 7621F229 5 Bytes JMP 00340C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!AbortDoc 76224E29 5 Bytes JMP 00340030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!EndDoc 76225270 5 Bytes JMP 003401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!StartPage 7622535B 5 Bytes JMP 00340730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!StartDocW 76225D76 5 Bytes JMP 003407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!BeginPath 7622651D 5 Bytes JMP 00340830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!SelectClipPath 76226574 5 Bytes JMP 00340AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!CloseFigure 762265CF 5 Bytes JMP 00340070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!EndPath 76226626 5 Bytes JMP 00340A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!StrokePath 76226859 5 Bytes JMP 003407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!FillPath 762268E6 5 Bytes JMP 00340870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!PolylineTo 76226D54 5 Bytes JMP 003404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!PolyBezierTo 76226DE5 5 Bytes JMP 003404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] GDI32.dll!PolyDraw 76226E97 5 Bytes JMP 003408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ole32.dll!OleSetClipboard 76B30045 5 Bytes JMP 00360030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ole32.dll!OleIsCurrentClipboard 76B336B2 5 Bytes JMP 00360070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[2444] ole32.dll!OleGetClipboard 76B5FDCD 5 Bytes JMP 003600B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[6072] ntdll.dll!LdrGetProcedureAddress + 26 77AF22A9 7 Bytes JMP 5E2CE210 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6072] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 754D941E 7 Bytes JMP 5EA922AA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6072] kernel32.dll!QueryPerformanceCounter + 13 754DC425 7 Bytes JMP 5EA922CD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6072] kernel32.dll!LoadAppInitDlls + 355 754DF4E6 7 Bytes JMP 5E2D2C10 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6072] GDI32.dll!GetViewportOrgEx + 26C 761F884B 7 Bytes JMP 5EA9222B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6696] USER32.dll!CharToOemA + 3A 76ECB1DE 7 Bytes JMP 5E6212C8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6696] USER32.dll!AdjustWindowRectEx + 117 76ED660F 7 Bytes JMP 5E621339 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6696] USER32.dll!GetWindowInfo 76ED6A82 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6696] USER32.dll!GetWindowInfo 76ED6A82 5 Bytes JMP 5E62508F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6696] USER32.dll!MenuItemFromPoint + F 76EF4B36 7 Bytes JMP 5E61EA7F C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CE24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CC562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CC56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CE2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CD85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CD5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CD51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CD6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CD8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CD8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CD90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CDE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CD4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- EOF - GMER 2.1 ----