GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-29 13:38:46 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: gmer.exe; Driver: C:\Users\Bartaz\AppData\Local\Temp\uwdiipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x9DF1C6E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x9DF1C800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9DF1C010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x9DF1C4D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x9DF1C300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x9DF1C3E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9DF1C120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9DF1C210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9DF1C5E0] INT 0x62 ? 86F61BF8 INT 0x72 ? 86F61BF8 INT 0x82 ? 86311BF8 INT 0x92 ? 86F61BF8 INT 0xB2 ? 86F61BF8 INT 0xB3 ? 86F61BF8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 3BD 828B4A80 8 Bytes [E0, C6, F1, 9D, 00, C8, F1, ...] {LOOPNZ 0xffffffc8; INT1 ; POPF ; ADD AL, CL; INT1 ; POPF } .text ntkrnlpa.exe!KeSetEvent + 3F1 828B4AB4 4 Bytes [10, C0, F1, 9D] {ADC AL, AL; INT1 ; POPF } .text ntkrnlpa.exe!KeSetEvent + 40D 828B4AD0 4 Bytes [D0, C4, F1, 9D] {ROL AH, 0x1; INT1 ; POPF } .text ntkrnlpa.exe!KeSetEvent + 611 828B4CD4 8 Bytes [00, C3, F1, 9D, E0, C3, F1, ...] {ADD BL, AL; INT1 ; POPF ; LOOPNZ 0xffffffc9; INT1 ; POPF } .text ntkrnlpa.exe!KeSetEvent + 621 828B4CE4 8 Bytes [20, C1, F1, 9D, 10, C2, F1, ...] {AND CL, AL; INT1 ; POPF ; ADC DL, AL; INT1 ; POPF } .text ... ? System32\Drivers\spgv.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtCreateFile 77CE4244 5 Bytes JMP 5F913D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtFlushBuffersFile 77CE4744 5 Bytes JMP 5F8FC661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtQueryFullAttributesFile 77CE4C74 5 Bytes JMP 5F913820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtReadFile 77CE4EA4 5 Bytes JMP 5F8FC750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtReadFileScatter 77CE4EB4 5 Bytes JMP 6019E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtWriteFile 77CE54B4 5 Bytes JMP 5F9143D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] ntdll.dll!NtWriteFileGather 77CE54C4 5 Bytes JMP 6019E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!HeapSetInformation + 26 76D7A8B0 7 Bytes JMP 5F9106F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!LockResource + C 76D96ACB 7 Bytes JMP 6013F55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] kernel32.dll!VirtualAllocEx + 54 76D9AF50 7 Bytes JMP 6013F582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] USER32.dll!GetWindowInfo 76F7428E 5 Bytes JMP 6004E5A9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[656] GDI32.dll!SetStretchBltMode + 256 75BB745C 7 Bytes JMP 6013F4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateFile + 6 77CE424A 4 Bytes [28, F8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateFile + B 77CE424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateKey + 6 77CE428A 4 Bytes [68, F9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateKey + B 77CE428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateMutant + 6 77CE42BA 4 Bytes [28, FA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateMutant + B 77CE42BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateSection + 6 77CE433A 4 Bytes [68, FA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtCreateSection + B 77CE433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtMapViewOfSection + 6 77CE499A 4 Bytes [A8, FC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtMapViewOfSection + B 77CE499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenFile + 6 77CE4A2A 4 Bytes [68, F8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenFile + B 77CE4A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenKey + 6 77CE4A5A 4 Bytes [A8, F9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenKey + B 77CE4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenMutant + B 77CE4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcess + 6 77CE4AAA 4 Bytes [28, FB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcess + B 77CE4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcessToken + 6 77CE4ABA 4 Bytes [68, FB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcessToken + B 77CE4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4ACA 4 Bytes [28, FC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenProcessTokenEx + B 77CE4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenSection + 6 77CE4ADA 4 Bytes [A8, FA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenSection + B 77CE4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenThread + B 77CE4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenThreadToken + B 77CE4B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenThreadTokenEx + 6 77CE4B3A 4 Bytes [68, FC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtQueryAttributesFile + 6 77CE4BCA 4 Bytes [A8, F8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtQueryAttributesFile + B 77CE4BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtSetInformationFile + 6 77CE515A 4 Bytes [28, F9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtSetInformationFile + B 77CE515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtSetInformationThread + 6 77CE51AA 4 Bytes [A8, FB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtSetInformationThread + B 77CE51AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ntdll.dll!NtUnmapViewOfSection + B 77CE544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] kernel32.dll!CreateProcessW 76D51BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] kernel32.dll!CreateProcessA 76D51C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] kernel32.dll!OpenEventW 76D6C023 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] kernel32.dll!CreateEventW 76D9B85E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!DeleteObject 75BB5A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetDeviceCaps 75BB617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SelectObject 75BB62A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetTextColor 75BB666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetBkMode 75BB6716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!DeleteDC 75BB68CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetCurrentObject 75BB6B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetStretchBltMode 75BB7206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SaveDC 75BB75BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!RestoreDC 75BB7675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!StretchDIBits 75BB78CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!ExtSelectClipRgn 75BB79F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SelectClipRgn 75BB7AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!MoveToEx 75BB7C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!Rectangle 75BB7EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextAlign 75BB82E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetTextAlign 75BB85CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!ExtTextOutW 75BB872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextMetricsW 75BB8A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!IntersectClipRect 75BB8B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetClipBox 75BB9071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetICMMode 75BB94E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!CreateDCW 75BBA91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!CreateDCA 75BBAA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!CreateICW 75BBB2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextFaceW 75BBB637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetFontData 75BBBA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetFontData 75BBBA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextExtentPoint32W 75BBC01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetWorldTransform 75BBC46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!LineTo 75BBC65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextMetricsA 75BBCCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!ExtTextOutA 75BC00A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextExtentPoint32A 75BC0E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!ExtEscape 75BC22A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!Escape 75BC27F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!ResetDCW 75BC3132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!EndPage 75BC375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetPolyFillMode 75BC61D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SetMiterLimit 75BC62E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetTextFaceA 75BCF4C5 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!GetGlyphOutlineW 75BDA41F 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!CreateScalableFontResourceW 75BDC88B 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!AddFontResourceW 75BDCC93 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!RemoveFontResourceW 75BDD129 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!AbortDoc 75BE2CC4 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!EndDoc 75BE30D8 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!StartPage 75BE31C3 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!StartDocW 75BE3CA7 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!BeginPath 75BE4465 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!SelectClipPath 75BE44BC 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!CloseFigure 75BE4517 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!EndPath 75BE456E 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!StrokePath 75BE47A0 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!FillPath 75BE482C 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!PolylineTo 75BE4C95 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!PolyBezierTo 75BE4D25 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] GDI32.dll!PolyDraw 75BE4DD6 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!SetCursor 76F6D37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!RegisterClipboardFormatW 76F6D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!RegisterClipboardFormatW 76F6D6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!ActivateKeyboardLayout 76F7478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!IsWindowVisible 76F7878A 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!MonitorFromWindow 76F788D4 4 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!MonitorFromWindow + 5 76F788D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!ScreenToClient 76F78C56 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClientRect 76F78F0D 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetParent 76F790AA 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!RegisterClipboardFormatA 76F7A111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!PostMessageW 76F7A175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!MapWindowPoints 76F7A30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardFormatNameA 76F7A552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetOpenClipboardWindow 76F826A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!SetClipboardViewer 76F8BA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!IsClipboardFormatAvailable 76F8C2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!CloseClipboard 76F8C2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!OpenClipboard 76F8C31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetTopWindow 76F8CE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardSequenceNumber 76F8D8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!ChangeClipboardChain 76F8DF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!CountClipboardFormats 76F90048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardOwner 76F926EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!SetClipboardData 76FA6410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!EnumClipboardFormats 76FA6D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!SetCursorPos 76FA6FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardData 76FA715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardFormatNameW 76FAA99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!EmptyClipboard 76FC398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetClipboardViewer 76FC39ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] USER32.dll!GetPriorityClipboardFormat 76FC3AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!FreeContextBuffer 756A2D83 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!DeleteSecurityContext 756A2F18 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!FreeCredentialsHandle 756A3598 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!EncryptMessage 756A3745 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!DecryptMessage 756A3813 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!InitializeSecurityContextA 756A87DF 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!AcquireCredentialsHandleA 756A8A43 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!QueryContextAttributesA 756A8E77 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!ApplyControlToken 756ADE4F 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] Secur32.dll!QueryCredentialsAttributesA 756AE052 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ole32.dll!OleGetClipboard 75A274C9 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ole32.dll!OleSetClipboard 75A511E3 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[4996] ole32.dll!OleIsCurrentClipboard 75A5A8F9 5 Bytes JMP 000F0070 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5304] USER32.dll!InSendMessageEx + 4C9 76F6E7C8 7 Bytes JMP 5FB644B6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5304] USER32.dll!CreateWindowExW + AA 76F713AF 7 Bytes JMP 5FB64527 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5304] USER32.dll!GetWindowInfo 76F7428E 5 Bytes JMP 5FB6825D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5304] USER32.dll!SetMenuItemBitmaps + 71 76F814EE 7 Bytes JMP 5FB61BFA C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BCB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BB73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 863131F8 AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\volmgr \Device\VolMgrControl 8630F1F8 Device \Driver\usbuhci \Device\USBPDO-0 86FF5500 Device \Driver\usbuhci \Device\USBPDO-1 86FF5500 Device \Driver\usbuhci \Device\USBPDO-2 86FF5500 Device \Driver\usbehci \Device\USBPDO-3 870DD1F8 Device \Driver\usbuhci \Device\USBPDO-4 86FF5500 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys Device \Driver\usbuhci \Device\USBPDO-5 86FF5500 Device \Driver\usbuhci \Device\USBPDO-6 86FF5500 Device \Driver\volmgr \Device\HarddiskVolume1 8630F1F8 Device \Driver\usbehci \Device\USBPDO-7 870DD1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8630F1F8 Device \Driver\cdrom \Device\CdRom0 87085500 Device \Driver\iaStor \Device\Ide\iaStor0 [82ED3720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82ED3720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82ED3720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 8630F1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 893F7500 Device \Driver\Smb \Device\NetbiosSmb 8959C1F8 Device \Driver\iScsiPrt \Device\RaidPort0 86FBF500 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys Device \Driver\netbt \Device\NetBT_Tcpip_{DCF1A5CE-45D2-483E-962E-6F28EAD64C40} 893F7500 Device \Driver\netbt \Device\NetBT_Tcpip_{736F07E9-7F62-4884-83C4-BCBB95858199} 893F7500 Device \Driver\usbuhci \Device\USBFDO-0 86FF5500 Device \Driver\usbuhci \Device\USBFDO-1 86FF5500 Device \Driver\usbuhci \Device\USBFDO-2 86FF5500 Device \Driver\usbehci \Device\USBFDO-3 870DD1F8 Device \Driver\usbuhci \Device\USBFDO-4 86FF5500 Device \Driver\usbuhci \Device\USBFDO-5 86FF5500 Device \Driver\usbuhci \Device\USBFDO-6 86FF5500 Device \Driver\usbehci \Device\USBFDO-7 870DD1F8 Device \FileSystem\cdfs \Cdfs 89FE71F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spgv.sys hal.dll >>UNKNOWN [0x862c8938]<< 862c8938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e9b9a0] 86e9b9a0 Trace 3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86394028] 86394028 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a@00197ee4a5c6 0xCA 0x82 0x5D 0x95 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a@0022fd43416f 0x92 0xEF 0x1D 0x8D ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a@001ea3da1654 0x25 0xCD 0xBD 0xA2 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a@402ba19f0b22 0x97 0xE7 0xEA 0xDE ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00242cc79a3a@1cb094feaea7 0xC5 0x08 0xE4 0xB7 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCB 0x3F 0x28 0x0B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x40 0x87 0x81 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAE 0xAE 0x8C 0xB0 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x98 0x68 0xD1 0xC0 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xFC 0xDC 0xC5 0xAE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x88 0x59 0x92 0xFA ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x2D 0x7B 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a@00197ee4a5c6 0xCA 0x82 0x5D 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a@0022fd43416f 0x92 0xEF 0x1D 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a@001ea3da1654 0x25 0xCD 0xBD 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a@402ba19f0b22 0x97 0xE7 0xEA 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cc79a3a@1cb094feaea7 0xC5 0x08 0xE4 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCB 0x3F 0x28 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x40 0x87 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAE 0xAE 0x8C 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x98 0x68 0xD1 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xFC 0xDC 0xC5 0xAE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x88 0x59 0x92 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x2D 0x7B 0x27 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a@00197ee4a5c6 0xCA 0x82 0x5D 0x95 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a@0022fd43416f 0x92 0xEF 0x1D 0x8D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a@001ea3da1654 0x25 0xCD 0xBD 0xA2 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a@402ba19f0b22 0x97 0xE7 0xEA 0xDE ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cc79a3a@1cb094feaea7 0xC5 0x08 0xE4 0xB7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCB 0x3F 0x28 0x0B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x40 0x87 0x81 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAE 0xAE 0x8C 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x98 0x68 0xD1 0xC0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xFC 0xDC 0xC5 0xAE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x88 0x59 0x92 0xFA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x2D 0x7B 0x27 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 86400 Reg HKLM\SOFTWARE\Classes\CLSID\{4054E22C-C97E-FDCE-A420-342784E68636}\kryV@ lyqbrdzsGLAy\Ke] Reg HKLM\SOFTWARE\Classes\CLSID\{4054E22C-C97E-FDCE-A420-342784E68636}\qsntmyxuv@ SMomNPE@NzfpFsgA]xAF_?OIEebp[G Reg HKLM\SOFTWARE\Classes\CLSID\{4054E22C-C97E-FDCE-A420-342784E68636}\ubOxlYxgzlfZc@ P ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----