GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-22 00:38:40 Windows 6.1.7601 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-80A0RT0 rev.01.01A01 298,09GB Running: wck2qw3m.exe; Driver: C:\Users\33\AppData\Local\Temp\fgldrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E4CA09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E86352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x93416000, 0x2D2B8A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtCreateFile + 6 777546AE 4 Bytes [28, 5C, 8F, 00] {SUB [EDI+ECX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtCreateFile + B 777546B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtMapViewOfSection + 6 77754D0E 4 Bytes [28, 5F, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenFile + 6 77754DBE 4 Bytes [68, 5C, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenFile + B 77754DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcess + 6 77754E6E 4 Bytes [A8, 5D, 8F, 00] {TEST AL, 0x5d; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcess + B 77754E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessToken + B 77754E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessTokenEx + 6 77754E8E 4 Bytes [A8, 5E, 8F, 00] {TEST AL, 0x5e; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenProcessTokenEx + B 77754E93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThread + 6 77754EEE 4 Bytes [68, 5D, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThread + B 77754EF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadToken + 6 77754EFE 4 Bytes [68, 5E, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadToken + B 77754F03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtOpenThreadTokenEx + B 77754F13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryAttributesFile + 6 7775501E 4 Bytes [A8, 5C, 8F, 00] {TEST AL, 0x5c; POP DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryAttributesFile + B 77755023 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtQueryFullAttributesFile + B 777550D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationFile + 6 7775571E 4 Bytes [28, 5D, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationFile + B 77755723 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationThread + 6 7775577E 4 Bytes [28, 5E, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtSetInformationThread + B 77755783 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtUnmapViewOfSection + 6 77755A9E 4 Bytes [68, 5F, 8F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[684] ntdll.dll!NtUnmapViewOfSection + B 77755AA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 777546AE 4 Bytes [28, 08, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 777546B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 77754D0E 4 Bytes [28, 0B, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 77754DBE 4 Bytes [68, 08, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 77754DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 77754E6E 4 Bytes [A8, 09, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 77754E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 77754E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 77754E8E 4 Bytes [A8, 0A, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 77754E93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 77754EEE 4 Bytes [68, 09, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 77754EF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 77754EFE 4 Bytes [68, 0A, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 77754F03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 77754F13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 7775501E 4 Bytes [A8, 08, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 77755023 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 777550D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 7775571E 4 Bytes [28, 09, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 77755723 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 7775577E 4 Bytes [28, 0A, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 77755783 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 77755A9E 4 Bytes [68, 0B, F8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + B 77755AA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 77754D0E 4 Bytes [18, 20, 38, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + 6 777546AE 4 Bytes [28, 14, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtCreateFile + B 777546B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + 6 77754D0E 4 Bytes [28, 17, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + 6 77754DBE 4 Bytes [68, 14, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenFile + B 77754DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + 6 77754E6E 4 Bytes [A8, 15, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcess + B 77754E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessToken + B 77754E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + 6 77754E8E 4 Bytes [A8, 16, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenProcessTokenEx + B 77754E93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + 6 77754EEE 4 Bytes [68, 15, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThread + B 77754EF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + 6 77754EFE 4 Bytes [68, 16, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadToken + B 77754F03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtOpenThreadTokenEx + B 77754F13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + 6 7775501E 4 Bytes [A8, 14, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryAttributesFile + B 77755023 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtQueryFullAttributesFile + B 777550D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + 6 7775571E 4 Bytes [28, 15, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationFile + B 77755723 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + 6 7775577E 4 Bytes [28, 16, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtSetInformationThread + B 77755783 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + 6 77755A9E 4 Bytes [68, 17, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3608] ntdll.dll!NtUnmapViewOfSection + B 77755AA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtCreateFile + 6 777546AE 4 Bytes [28, BC, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtCreateFile + B 777546B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtMapViewOfSection + 6 77754D0E 4 Bytes [28, BF, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenFile + 6 77754DBE 4 Bytes [68, BC, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenFile + B 77754DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcess + 6 77754E6E 4 Bytes [A8, BD, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcess + B 77754E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessToken + B 77754E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessTokenEx + 6 77754E8E 4 Bytes [A8, BE, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenProcessTokenEx + B 77754E93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThread + 6 77754EEE 4 Bytes [68, BD, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThread + B 77754EF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadToken + 6 77754EFE 4 Bytes [68, BE, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadToken + B 77754F03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtOpenThreadTokenEx + B 77754F13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryAttributesFile + 6 7775501E 4 Bytes [A8, BC, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryAttributesFile + B 77755023 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtQueryFullAttributesFile + B 777550D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationFile + 6 7775571E 4 Bytes [28, BD, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationFile + B 77755723 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationThread + 6 7775577E 4 Bytes [28, BE, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtSetInformationThread + B 77755783 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtUnmapViewOfSection + 6 77755A9E 4 Bytes [68, BF, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4084] ntdll.dll!NtUnmapViewOfSection + B 77755AA3 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtCreateFile 777546A8 5 Bytes JMP 553C3D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtFlushBuffersFile 77754A38 5 Bytes JMP 553AC661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtQueryFullAttributesFile 777550C8 5 Bytes JMP 553C3820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtReadFile 77755398 5 Bytes JMP 553AC750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtReadFileScatter 777553A8 5 Bytes JMP 55C4E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtWriteFile 77755B48 5 Bytes JMP 553C43D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!NtWriteFileGather 77755B58 5 Bytes JMP 55C4E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] ntdll.dll!LdrLoadDll 7776E7FF 5 Bytes JMP 60DF1F4C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75679D61 7 Bytes JMP 55BEF55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] kernel32.dll!RegQueryValueExW + 136 7567EC76 7 Bytes JMP 55BEF582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] kernel32.dll!RegisterWaitForInputIdle + 11 756805E3 7 Bytes JMP 553C06F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] USER32.dll!GetWindowInfo 75304A4E 5 Bytes JMP 55AFE5A9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4740] GDI32.dll!GetViewportOrgEx + 121 77048E7E 7 Bytes JMP 55BEF4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5100] USER32.dll!CreateWindowExA + EA 752FB284 7 Bytes JMP 556144B6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5100] USER32.dll!GetFocus + 254 753042CE 7 Bytes JMP 55614527 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5100] USER32.dll!GetWindowInfo 75304A4E 5 Bytes JMP 5561825D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5100] USER32.dll!GetMenuInfo + AD 753197B8 7 Bytes JMP 55611BFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateFile + 6 777546AE 4 Bytes [28, 70, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateFile + B 777546B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateKey + 6 777546EE 4 Bytes [68, 71, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateKey + B 777546F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateMutant + 6 7775472E 4 Bytes [68, 72, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateMutant + B 77754733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateSection + 6 777547CE 4 Bytes [A8, 72, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtCreateSection + B 777547D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtMapViewOfSection + B 77754D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenFile + 6 77754DBE 4 Bytes [68, 70, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenFile + B 77754DC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenKey + 6 77754DEE 4 Bytes [A8, 71, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenKey + B 77754DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenKeyEx + B 77754E03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenMutant + 6 77754E3E 4 Bytes [28, 72, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenMutant + B 77754E43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcess + 6 77754E6E 4 Bytes [68, 73, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcess + B 77754E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcessToken + 6 77754E7E 4 Bytes [A8, 73, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcessToken + B 77754E83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcessTokenEx + 6 77754E8E 4 Bytes [68, 74, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenProcessTokenEx + B 77754E93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenSection + B 77754EB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThread + 6 77754EEE 4 Bytes [28, 73, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThread + B 77754EF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThreadToken + 6 77754EFE 4 Bytes [28, 74, 07, 00] {SUB [EDI+EAX+0x0], DH} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThreadToken + B 77754F03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThreadTokenEx + 6 77754F0E 4 Bytes [A8, 74, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtOpenThreadTokenEx + B 77754F13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtQueryAttributesFile + 6 7775501E 4 Bytes [A8, 70, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtQueryAttributesFile + B 77755023 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtQueryFullAttributesFile + B 777550D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtSetInformationFile + 6 7775571E 4 Bytes [28, 71, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtSetInformationFile + B 77755723 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtSetInformationThread + B 77755783 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtUnmapViewOfSection + 6 77755A9E 4 Bytes [28, 75, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ntdll.dll!NtUnmapViewOfSection + B 77755AA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] kernel32.dll!CreateProcessW 7566203F 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] kernel32.dll!CreateProcessA 75662074 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!DeleteObject 77045F85 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SelectObject 77046390 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetTextColor 770466D8 5 Bytes JMP 000C0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetBkMode 77046783 5 Bytes JMP 000C08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!DeleteDC 77046A59 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetDeviceCaps 77046F70 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextMetricsW 770472BF 5 Bytes JMP 000C0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetCurrentObject 7704782A 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetStretchBltMode 77047A0A 5 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!ExtSelectClipRgn 77047FFE 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SelectClipRgn 77048110 5 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!IntersectClipRect 770481AA 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextAlign 77048310 5 Bytes JMP 000C0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetTextAlign 7704858D 5 Bytes JMP 000C09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!ExtTextOutW 770489D1 5 Bytes JMP 000C0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetClipBox 77048C93 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!MoveToEx 770493AE 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!CreateDCA 7704A0C5 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextFaceW 7704AFEC 5 Bytes JMP 000C0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextExtentPoint32W 7704B4DB 5 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetFontData 7704B81B 5 Bytes JMP 000C0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!CreateDCW 7704BE75 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!CreateICW 7704C147 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetWorldTransform 7704C642 5 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!RestoreDC 7704C89F 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SaveDC 7704C96F 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!StretchDIBits 7704CEF4 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextMetricsA 7704E694 5 Bytes JMP 000C0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!Rectangle 7704F02B 5 Bytes JMP 000C09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!LineTo 7704F27B 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetICMMode 7704F485 5 Bytes JMP 000C0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!ExtTextOutA 77050C16 5 Bytes JMP 000C0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextExtentPoint32A 77051AF5 5 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!ExtEscape 77053F2F 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetPolyFillMode 770557CA 5 Bytes JMP 000C0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SetMiterLimit 77057404 5 Bytes JMP 000C0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!Escape 770583A8 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetTextFaceA 77061EB9 5 Bytes JMP 000C0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!GetGlyphOutlineW 770624C3 5 Bytes JMP 000C0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!CreateScalableFontResourceW 77064DEC 5 Bytes JMP 000C0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!AddFontResourceW 770651EB 5 Bytes JMP 000C0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!RemoveFontResourceW 770656E1 5 Bytes JMP 000C0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!ResetDCW 77070236 5 Bytes JMP 000C0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!AbortDoc 770704F9 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!EndPage 77070AAF 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!EndDoc 77070ADF 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!StartPage 77070BCA 5 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!StartDocW 77071763 5 Bytes JMP 000C07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!BeginPath 77071F0D 5 Bytes JMP 000C0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!SelectClipPath 77071F64 5 Bytes JMP 000C0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!CloseFigure 77071FBF 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!EndPath 77072016 5 Bytes JMP 000C0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!StrokePath 77072249 5 Bytes JMP 000C07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!FillPath 770722D6 5 Bytes JMP 000C0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!PolylineTo 77072744 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!PolyBezierTo 770727D5 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] GDI32.dll!PolyDraw 77072887 5 Bytes JMP 000C08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!ActivateKeyboardLayout 752F8BD1 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!SetCursor 752F92B4 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!RegisterClipboardFormatA 752FB5C2 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!MonitorFromWindow 752FC9F3 7 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!RegisterClipboardFormatW 752FCD2B 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!ScreenToClient 753020F8 7 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!PostMessageW 75304305 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!IsWindowVisible 75304C2C 7 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClientRect 75305376 7 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!MapWindowPoints 753055B2 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetParent 75305F86 7 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!SetClipboardViewer 753122DC 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!ChangeClipboardChain 7531298D 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardFormatNameA 75313031 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardFormatNameW 75313132 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!EmptyClipboard 7531B3D3 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!SetClipboardData 7531B450 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardSequenceNumber 7531BFCC 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!CloseClipboard 7531BFDE 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!OpenClipboard 7531BFF0 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!EnumClipboardFormats 7531C0C8 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetOpenClipboardWindow 7531C0E7 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardData 7531C10D 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardOwner 7531EBA7 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!CountClipboardFormats 7531EF34 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!IsClipboardFormatAvailable 7531F527 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetTopWindow 7531F53B 7 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!SetCursorPos 75333E4F 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetClipboardViewer 75353933 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] USER32.dll!GetPriorityClipboardFormat 75353A35 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ole32.dll!OleSetClipboard 77343539 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ole32.dll!OleGetClipboard 77344475 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe[5156] ole32.dll!OleIsCurrentClipboard 7735944B 5 Bytes JMP 000E0070 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73985624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73998573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73994D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [739966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73998819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7399907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7399E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73994C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys Device \Driver\usbehci \Device\USBPDO-0 hcmon.sys Device \Driver\usbehci \Device\USBPDO-1 hcmon.sys Device \Driver\usbhub \Device\USBPDO-2 hcmon.sys Device \Driver\usbhub \Device\USBPDO-3 hcmon.sys Device \Driver\usbhub \Device\USBPDO-4 hcmon.sys Device \Driver\usbhub \Device\00000084 hcmon.sys Device \Driver\usbhub \Device\00000085 hcmon.sys Device \Driver\usbehci \Device\USBFDO-0 hcmon.sys Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys Device \Driver\usbhub \Device\0000008a hcmon.sys Device \Driver\usbhub \Device\0000008b hcmon.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F2200 series@ChangeID 2603360 ---- EOF - GMER 2.1 ----