GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-11 11:05:50 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AJ1 298,09GB Running: nwjtvvmi.exe; Driver: C:\Users\Eliza\AppData\Local\Temp\uxldqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x89E017F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x89E018B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x89E01870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x89E01830] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E889E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EC21C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 81EC9318 4 Bytes [F0, 17, E0, 89] {POP SS; LOOPNZ 0xffffff8d} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 81EC9428 4 Bytes [B0, 18, E0, 89] {MOV AL, 0x18; LOOPNZ 0xffffff8d} .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 81EC9734 4 Bytes [70, 18, E0, 89] {JO 0x1a; LOOPNZ 0xffffff8d} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81EC977C 4 Bytes [30, 18, E0, 89] {XOR [EAX], BL; LOOPNZ 0xffffff8d} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1636] kernel32.dll!SetUnhandledExceptionFilter 75C6F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2032] USER32.dll!RegisterMessagePumpHook + 2F1 77668B9E 7 Bytes JMP 695F5343 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2032] USER32.dll!IsDialogMessageW + 340 77674444 7 Bytes JMP 695F52D2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2032] USER32.dll!GetWindowInfo 77674B5E 5 Bytes JMP 6923F19F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2032] USER32.dll!ToUnicodeEx + 71 77682223 7 Bytes JMP 6923F665 C:\Program Files\Mozilla Firefox\xul.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateFile + 6 775455CE 4 Bytes [28, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateFile + B 775455D3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateKey + 6 7754560E 4 Bytes [68, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateKey + B 77545613 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateMutant + 6 7754564E 4 Bytes [68, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateMutant + B 77545653 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateSection + 6 775456EE 4 Bytes [A8, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtCreateSection + B 775456F3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtMapViewOfSection + B 77545C33 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenFile + 6 77545CDE 4 Bytes [68, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenFile + B 77545CE3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenKey + 6 77545D0E 4 Bytes [A8, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenKey + B 77545D13 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenKeyEx + B 77545D23 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenMutant + 6 77545D5E 4 Bytes [28, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenMutant + B 77545D63 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcess + 6 77545D8E 1 Byte [68] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcess + 6 77545D8E 4 Bytes [68, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcess + B 77545D93 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcessToken + 6 77545D9E 1 Byte [A8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcessToken + 6 77545D9E 4 Bytes [A8, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcessToken + B 77545DA3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcessTokenEx + 6 77545DAE 4 Bytes [68, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenProcessTokenEx + B 77545DB3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenSection + B 77545DD3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThread + 6 77545E0E 1 Byte [28] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThread + 6 77545E0E 4 Bytes [28, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThread + B 77545E13 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThreadToken + 6 77545E1E 4 Bytes [28, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThreadToken + B 77545E23 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThreadTokenEx + 6 77545E2E 4 Bytes [A8, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtOpenThreadTokenEx + B 77545E33 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtQueryAttributesFile + 6 77545F3E 4 Bytes [A8, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtQueryAttributesFile + B 77545F43 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtQueryFullAttributesFile + B 77545FF3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtSetInformationFile + 6 7754663E 4 Bytes [28, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtSetInformationFile + B 77546643 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtSetInformationThread + 6 7754669E 1 Byte [E8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtSetInformationThread + B 775466A3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtUnmapViewOfSection + 6 775469BE 4 Bytes [28, 05, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ntdll.dll!NtUnmapViewOfSection + B 775469C3 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] kernel32.dll!CreateProcessW 75C2204D 5 Bytes JMP 00010030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] kernel32.dll!CreateProcessA 75C22082 5 Bytes JMP 00010070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!ActivateKeyboardLayout 77668203 5 Bytes JMP 000A04F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!ScreenToClient 7766A506 7 Bytes JMP 000A0670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!RegisterClipboardFormatA 7766C091 5 Bytes JMP 000A02F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!RegisterClipboardFormatW 7766DF8D 5 Bytes JMP 000A02B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!SetCursor 77673075 5 Bytes JMP 000A0530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!MonitorFromWindow 77673622 7 Bytes JMP 000A0630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!PostMessageW 7767447B 5 Bytes JMP 000A05F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!IsWindowVisible 77674D69 7 Bytes JMP 000A06B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClientRect 776754DD 7 Bytes JMP 000A05B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!MapWindowPoints 77675CAA 5 Bytes JMP 000A0570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetParent 77676029 7 Bytes JMP 000A06F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!EmptyClipboard 7768290C 5 Bytes JMP 000A0130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!SetClipboardData 77682962 5 Bytes JMP 000A0170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardData 77682BA7 5 Bytes JMP 000A0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardFormatNameW 77685FD2 5 Bytes JMP 000A0230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!SetClipboardViewer 77686FF6 5 Bytes JMP 000A04B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardFormatNameA 7768700A 5 Bytes JMP 000A0270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!ChangeClipboardChain 7769147C 5 Bytes JMP 000A0430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetTopWindow 776924D9 7 Bytes JMP 000A0730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!CloseClipboard 7769446C 5 Bytes JMP 000A00B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!OpenClipboard 7769447E 5 Bytes JMP 000A0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!IsClipboardFormatAvailable 776944FF 5 Bytes JMP 000A00F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardSequenceNumber 77694513 5 Bytes JMP 000A0330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardOwner 77694525 5 Bytes JMP 000A0370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!CountClipboardFormats 7769470A 5 Bytes JMP 000A01F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!EnumClipboardFormats 776947EC 5 Bytes JMP 000A01B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetOpenClipboardWindow 7769480B 5 Bytes JMP 000A03F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!SetCursorPos 776AC1B0 5 Bytes JMP 000A0770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetClipboardViewer 776C4AF7 5 Bytes JMP 000A0470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] user32.DLL!GetPriorityClipboardFormat 776C4BF9 5 Bytes JMP 000A03B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!DeleteObject 76135F14 5 Bytes JMP 000B01B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SelectObject 76136640 5 Bytes JMP 000B05F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetTextColor 76136906 5 Bytes JMP 000B0A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetBkMode 761369B1 5 Bytes JMP 000B08F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!DeleteDC 76136EAA 5 Bytes JMP 000B0170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetDeviceCaps 76136F7F 5 Bytes JMP 000B03B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!ExtSelectClipRgn 76137114 5 Bytes JMP 000B02F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SelectClipRgn 76137242 5 Bytes JMP 000B05B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetStretchBltMode 76137705 5 Bytes JMP 000B06B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetCurrentObject 76137917 5 Bytes JMP 000B0370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextMetricsW 76137B8F 5 Bytes JMP 000B0E30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextAlign 76137DAF 5 Bytes JMP 000B0D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!IntersectClipRect 76137DFE 5 Bytes JMP 000B03F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!ExtTextOutW 76138192 5 Bytes JMP 000B0970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetTextAlign 7613828E 5 Bytes JMP 000B09F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetClipBox 76138525 5 Bytes JMP 000B0330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!MoveToEx 76138C21 5 Bytes JMP 000B0470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!StretchDIBits 7613A53E 5 Bytes JMP 000B0770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!RestoreDC 7613A67B 5 Bytes JMP 000B0530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SaveDC 7613A74B 5 Bytes JMP 000B0570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextExtentPoint32W 7613B4B5 5 Bytes JMP 000B0670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextFaceW 7613B73A 2 Bytes JMP 000B0D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextFaceW + 3 7613B73D 2 Bytes [F7, 89] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetFontData 7613BCC4 5 Bytes JMP 000B0C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetWorldTransform 7613C90A 5 Bytes JMP 000B06F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!CreateDCA 7613CCA9 5 Bytes JMP 000B00B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!CreateDCW 7613CF79 5 Bytes JMP 000B00F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!CreateICW 7613CFD0 5 Bytes JMP 000B0130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextMetricsA 7613D0F2 5 Bytes JMP 000B0DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!Rectangle 7613F1FF 5 Bytes JMP 000B09B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!LineTo 7613F59B 5 Bytes JMP 000B0430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetICMMode 7613FAA4 5 Bytes JMP 000B0DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!ExtTextOutA 761403F9 5 Bytes JMP 000B0930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextExtentPoint32A 761407B0 5 Bytes JMP 000B0630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!ExtEscape 76142949 5 Bytes JMP 000B02B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!Escape 76143939 5 Bytes JMP 000B0270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetTextFaceA 76143E6A 5 Bytes JMP 000B0CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetPolyFillMode 7614D851 5 Bytes JMP 000B0B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SetMiterLimit 7614DA0D 5 Bytes JMP 000B0B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!EndPage 761500D7 5 Bytes JMP 000B0230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!ResetDCW 7615050D 5 Bytes JMP 000B0AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!GetGlyphOutlineW 7615C1BA 5 Bytes JMP 000B0CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!CreateScalableFontResourceW 7615E817 5 Bytes JMP 000B0BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!AddFontResourceW 7615EC13 5 Bytes JMP 000B0BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!RemoveFontResourceW 7615F109 5 Bytes JMP 000B0C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!AbortDoc 76164C63 5 Bytes JMP 000B0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!EndDoc 761650AA 5 Bytes JMP 000B01F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!StartPage 76165195 5 Bytes JMP 000B0730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!StartDocW 76165BB0 5 Bytes JMP 000B07F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!BeginPath 7616635D 5 Bytes JMP 000B0830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!SelectClipPath 761663B4 5 Bytes JMP 000B0AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!CloseFigure 7616640F 5 Bytes JMP 000B0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!EndPath 76166466 5 Bytes JMP 000B0A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!StrokePath 76166699 5 Bytes JMP 000B07B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!FillPath 76166726 5 Bytes JMP 000B0870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!PolylineTo 76166B94 5 Bytes JMP 000B04F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!PolyBezierTo 76166C25 5 Bytes JMP 000B04B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] GDI32.dll!PolyDraw 76166CD7 5 Bytes JMP 000B08B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ole32.dll!OleSetClipboard 767B0045 5 Bytes JMP 00240030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ole32.dll!OleIsCurrentClipboard 767B36B2 5 Bytes JMP 00240070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2404] ole32.dll!OleGetClipboard 767DFDCD 5 Bytes JMP 002400B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] ntdll.dll!LdrGetProcedureAddress + 26 77562239 7 Bytes JMP 6906D2A0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75C6941E 7 Bytes JMP 693BE7C3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] kernel32.dll!QueryPerformanceCounter + 13 75C6C435 7 Bytes JMP 693BE7E6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] kernel32.dll!LoadAppInitDlls + 355 75C6F4F6 7 Bytes JMP 69082245 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] USER32.dll!GetWindowInfo 77674B5E 5 Bytes JMP 69246BEF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2656] GDI32.dll!GetViewportOrgEx + 26C 7613884B 7 Bytes JMP 693BE744 C:\Program Files\Mozilla Firefox\xul.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fee034 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313acdf6a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca942af21b Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fee034 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313acdf6a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca942af21b (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----