GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-02 17:59:12 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EFRX-68PJCN0 rev.01.01A01 931,51GB Running: nlnqosff.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A7DA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB7212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C239000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[284] SHELL32.dll!SHFormatDrive + 7D3 76354808 8 Bytes [80, 11, A2, 6B, C0, 11, A2, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtCreateFile 77635608 5 Bytes JMP 6608C6E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtFlushBuffersFile 77635998 5 Bytes JMP 65D8D3A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtQueryFullAttributesFile 77636028 5 Bytes JMP 65D8D620 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtReadFile 776362F8 5 Bytes JMP 65D8D400 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtReadFileScatter 77636308 5 Bytes JMP 669B6F6A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtWriteFile 77636AA8 5 Bytes JMP 6608D5B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!NtWriteFileGather 77636AB8 5 Bytes JMP 669B6F19 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] ntdll.dll!LdrLoadDll 776522AE 5 Bytes JMP 6D0E1F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 760594E6 7 Bytes JMP 6691EAD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] kernel32.dll!QueryPerformanceCounter + 13 7605C4E5 7 Bytes JMP 6691EAF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] kernel32.dll!LoadAppInitDlls + 355 7605F5A6 7 Bytes JMP 6608913E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] USER32.dll!GetWindowInfo 75EB4B5E 5 Bytes JMP 66825F20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2136] GDI32.dll!GetViewportOrgEx + 26C 777A884B 7 Bytes JMP 6691EA53 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2980] USER32.dll!RegisterMessagePumpHook + 2F1 75EA8B9E 7 Bytes JMP 662F7C8C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2980] USER32.dll!IsDialogMessageW + 340 75EB4444 7 Bytes JMP 662F7CFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2980] USER32.dll!GetWindowInfo 75EB4B5E 5 Bytes JMP 662FBB64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2980] USER32.dll!ToUnicodeEx + 71 75EC2223 7 Bytes JMP 662F52C7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + 6 7763560E 4 Bytes [28, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + B 77635613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + 6 7763564E 4 Bytes [68, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + B 77635653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + 6 7763568E 4 Bytes [68, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + B 77635693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + 6 7763572E 4 Bytes [A8, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + B 77635733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtMapViewOfSection + B 77635C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + 6 77635D1E 4 Bytes [68, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + B 77635D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + 6 77635D4E 4 Bytes [A8, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + B 77635D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKeyEx + B 77635D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenMutant + 6 77635D9E 4 Bytes [28, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenMutant + B 77635DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + 6 77635DCE 4 Bytes [68, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + B 77635DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + 6 77635DDE 4 Bytes [A8, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + B 77635DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 77635DEE 4 Bytes [68, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 77635DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenSection + B 77635E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThread + 6 77635E4E 4 Bytes [28, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThread + B 77635E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadToken + 6 77635E5E 4 Bytes [28, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadToken + B 77635E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 77635E6E 4 Bytes [A8, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 77635E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 77635F7E 4 Bytes [A8, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + B 77635F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 77636033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + 6 7763667E 4 Bytes [28, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + B 77636683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationThread + B 776366E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 776369FE 4 Bytes [28, 35, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 77636A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessW 7601204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessA 76012082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!ActivateKeyboardLayout 75EA8203 5 Bytes JMP 001304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!ScreenToClient 75EAA506 7 Bytes JMP 00130670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!RegisterClipboardFormatA 75EAC091 5 Bytes JMP 001302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!RegisterClipboardFormatW 75EADF8D 5 Bytes JMP 001302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!SetCursor 75EB3075 5 Bytes JMP 00130530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!MonitorFromWindow 75EB3622 7 Bytes JMP 00130630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!PostMessageW 75EB447B 5 Bytes JMP 001305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!IsWindowVisible 75EB4D69 7 Bytes JMP 001306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClientRect 75EB54DD 7 Bytes JMP 001305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!MapWindowPoints 75EB5CAA 5 Bytes JMP 00130570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetParent 75EB6029 7 Bytes JMP 001306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!EmptyClipboard 75EC290C 5 Bytes JMP 00130130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!SetClipboardData 75EC2962 5 Bytes JMP 00130170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardData 75EC2BA7 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardFormatNameW 75EC5FD2 5 Bytes JMP 00130230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!SetClipboardViewer 75EC6FF6 5 Bytes JMP 001304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardFormatNameA 75EC700A 5 Bytes JMP 00130270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!ChangeClipboardChain 75ED147C 5 Bytes JMP 00130430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetTopWindow 75ED24D9 7 Bytes JMP 00130730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!CloseClipboard 75ED446C 5 Bytes JMP 001300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!OpenClipboard 75ED447E 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!IsClipboardFormatAvailable 75ED44FF 5 Bytes JMP 001300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardSequenceNumber 75ED4513 5 Bytes JMP 00130330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardOwner 75ED4525 5 Bytes JMP 00130370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!CountClipboardFormats 75ED470A 5 Bytes JMP 001301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!EnumClipboardFormats 75ED47EC 5 Bytes JMP 001301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetOpenClipboardWindow 75ED480B 5 Bytes JMP 001303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!SetCursorPos 75EEC1B0 5 Bytes JMP 00130770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetClipboardViewer 75F04AF7 5 Bytes JMP 00130470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] user32.DLL!GetPriorityClipboardFormat 75F04BF9 5 Bytes JMP 001303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteObject 777A5F14 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectObject 777A6640 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextColor 777A6906 5 Bytes JMP 00140A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetBkMode 777A69B1 5 Bytes JMP 001408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteDC 777A6EAA 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetDeviceCaps 777A6F7F 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtSelectClipRgn 777A7114 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipRgn 777A7242 5 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetStretchBltMode 777A7705 5 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetCurrentObject 777A7917 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsW 777A7B8F 5 Bytes JMP 00140E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextAlign 777A7DAF 5 Bytes JMP 00140D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!IntersectClipRect 777A7DFE 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutW 777A8192 5 Bytes JMP 00140970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextAlign 777A828E 5 Bytes JMP 001409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetClipBox 777A8525 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!MoveToEx 777A8C21 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StretchDIBits 777AA53E 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RestoreDC 777AA67B 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SaveDC 777AA74B 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32W 777AB4B5 5 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceW 777AB73A 2 Bytes JMP 00140D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceW + 3 777AB73D 2 Bytes [99, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetFontData 777ABCC4 5 Bytes JMP 00140C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetWorldTransform 777AC90A 5 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCA 777ACCA9 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCW 777ACF79 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateICW 777ACFD0 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsA 777AD0F2 5 Bytes JMP 00140DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Rectangle 777AF1E7 5 Bytes JMP 001409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!LineTo 777AF583 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetICMMode 777AFA8C 5 Bytes JMP 00140DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutA 777B0D08 5 Bytes JMP 00140930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32A 777B1167 5 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtEscape 777B2D31 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Escape 777B33E8 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ResetDCW 777B3A83 5 Bytes JMP 00140AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPage 777B40C2 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetPolyFillMode 777B67C9 5 Bytes JMP 00140B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetMiterLimit 777B6985 5 Bytes JMP 00140B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceA 777C0D12 5 Bytes JMP 00140CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetGlyphOutlineW 777CC32A 5 Bytes JMP 00140CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateScalableFontResourceW 777CE987 5 Bytes JMP 00140BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AddFontResourceW 777CED83 5 Bytes JMP 00140BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RemoveFontResourceW 777CF279 5 Bytes JMP 00140C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AbortDoc 777D4E79 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndDoc 777D52C0 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartPage 777D53AB 5 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartDocW 777D5DC6 5 Bytes JMP 001407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!BeginPath 777D656D 5 Bytes JMP 00140830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipPath 777D65C4 5 Bytes JMP 00140AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CloseFigure 777D661F 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPath 777D6676 5 Bytes JMP 00140A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StrokePath 777D68A9 5 Bytes JMP 001407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!FillPath 777D6936 5 Bytes JMP 00140870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolylineTo 777D6DA4 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyBezierTo 777D6E35 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyDraw 777D6EE7 5 Bytes JMP 001408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleSetClipboard 774F0045 5 Bytes JMP 00160030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleIsCurrentClipboard 774F36B2 5 Bytes JMP 00160070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleGetClipboard 7751FDCD 5 Bytes JMP 001600B0 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@A8AA71CF 404 ---- Files - GMER 2.1 ---- File C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eu0bkx8n.default\cache2\entries\CB9AE6C9AF9CD1121AA1AF710D8675FC531C579F 295 bytes ---- EOF - GMER 2.1 ----