GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-25 16:23:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.AAK 298,09GB Running: d00zikzg.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pgddyaoc.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000735317fa 2 bytes [53, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073531860 2 bytes [53, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073531942 2 bytes [53, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007353194d 2 bytes [53, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000773e1401 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000773e1419 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000773e1431 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000773e144a 2 bytes [3E, 77] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773e14dd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773e14f5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000773e150d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000773e1525 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000773e153d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000773e1555 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000773e156d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000773e1585 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000773e159d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773e15b5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773e15cd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773e16b2 2 bytes [3E, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773e16bd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000773e1401 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000773e1419 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000773e1431 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000773e144a 2 bytes [3E, 77] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773e14dd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773e14f5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000773e150d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000773e1525 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000773e153d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000773e1555 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000773e156d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000773e1585 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000773e159d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773e15b5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773e15cd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773e16b2 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773e16bd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007742f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007742f99b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007742fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007742fa17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007742fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007742fb2f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007742fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007742fbdf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007742fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007742fc0f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007742fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007742fc27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007742fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007742fc3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007742fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007742fc6f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007742fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007742fcef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007742fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007742fd07 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007742fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007742fd53 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007742fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007742fdb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007742fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007742fe4b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007742ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007742ff93 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077430099 8 bytes {MOV EDX, 0xd0028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000774300a3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077430781 8 bytes {MOV EDX, 0xd0268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007743078b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077430ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077431007 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007743105d 8 bytes {MOV EDX, 0xd0228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077431067 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774310a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000774310af 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007743111d 8 bytes {MOV EDX, 0xd0328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077431127 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077431321 8 bytes {MOV EDX, 0xd00e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007743132b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d1103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074d11072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000074e9119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000074e911cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076ad4de0 5 bytes JMP 00000001001603b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076ad4f70 5 bytes JMP 00000001001605f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076ad51a2 5 bytes JMP 00000001001608f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076ad522d 5 bytes JMP 0000000100160a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076ad5689 5 bytes JMP 00000001001601b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076ad58b3 5 bytes JMP 0000000100160170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076ad6bad 5 bytes JMP 0000000100160370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076ad6e05 5 bytes JMP 0000000100160570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076ad6ead 5 bytes JMP 0000000100160530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076ad7180 5 bytes JMP 00000001001606b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076ad7435 5 bytes JMP 0000000100160770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076ad7bcc 5 bytes JMP 00000001001600b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076ad7dc4 5 bytes JMP 00000001001603f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076ad7fd5 5 bytes JMP 0000000100160d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076ad82b2 5 bytes JMP 0000000100160e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076ad8401 5 bytes JMP 00000001001609f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076ad879f 5 bytes JMP 00000001001602f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076ad8916 5 bytes JMP 00000001001605b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076ad8b7a 5 bytes JMP 0000000100160970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076ad8ee6 5 bytes JMP 0000000100160470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076ad9875 5 bytes JMP 0000000100160c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076ad9936 5 bytes JMP 0000000100160d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076ada53a 5 bytes JMP 00000001001609b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076adaf9f 5 bytes JMP 0000000100160330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076adb9e5 5 bytes JMP 0000000100160430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076adbd55 5 bytes JMP 0000000100160db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076adc040 5 bytes JMP 0000000100160130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076adc107 5 bytes JMP 0000000100160670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076adc269 5 bytes JMP 00000001001606f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076add1f1 5 bytes JMP 0000000100160df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076add349 5 bytes JMP 0000000100160630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076addce4 5 bytes JMP 0000000100160930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076ade743 5 bytes JMP 00000001001600f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076ae03b7 5 bytes JMP 00000001001602b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!Escape 0000000076ae1bda 5 bytes JMP 0000000100160270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076ae1e89 5 bytes JMP 0000000100160cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076ae4843 5 bytes JMP 0000000100160b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076ae5690 5 bytes JMP 0000000100160b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076ae6bde 5 bytes JMP 0000000100160230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076aee2db 5 bytes JMP 0000000100160ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076af940d 5 bytes JMP 0000000100160cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000076afc621 5 bytes JMP 0000000100160bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076afd2b2 5 bytes JMP 0000000100160bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000076afd919 5 bytes JMP 0000000100160c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076b03adc 5 bytes JMP 0000000100160030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076b03f29 5 bytes JMP 00000001001601f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076b0401a 5 bytes JMP 0000000100160730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076b04c51 5 bytes JMP 00000001001607f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076b053fd 5 bytes JMP 0000000100160830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076b05454 5 bytes JMP 0000000100160af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076b054af 5 bytes JMP 0000000100160070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076b05506 5 bytes JMP 0000000100160a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000076b0573f 5 bytes JMP 00000001001607b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!FillPath 0000000076b057d2 5 bytes JMP 0000000100160870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076b05c44 5 bytes JMP 00000001001604f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076b05cd5 5 bytes JMP 00000001001604b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076b05d87 5 bytes JMP 00000001001608b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000075a08c40 5 bytes JMP 0000000100170570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000075a09ebd 5 bytes JMP 00000001001702b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000075a10afa 5 bytes JMP 00000001001702f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000075a10c62 7 bytes JMP 00000001001705b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetParent 0000000075a10f68 7 bytes JMP 00000001001706f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075a1112d 7 bytes JMP 00000001001706b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075a112a5 5 bytes JMP 00000001001705f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000075a1227d 7 bytes JMP 0000000100170670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000075a13150 7 bytes JMP 0000000100170630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075a141f6 5 bytes JMP 0000000100170530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000075a168ef 5 bytes JMP 0000000100170270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075a177fa 5 bytes JMP 0000000100170230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075a17887 7 bytes JMP 0000000100170730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075a18676 5 bytes JMP 00000001001700f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000075a18696 5 bytes JMP 0000000100170330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000075a18e8d 5 bytes JMP 00000001001700b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075a18ecb 5 bytes JMP 0000000100170070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000075a1c17b 5 bytes JMP 0000000100170430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000075a1c449 5 bytes JMP 00000001001701b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000075a1c468 5 bytes JMP 00000001001703f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000075a1c486 5 bytes JMP 00000001001701f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075a1c4b6 5 bytes JMP 00000001001704b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075a1d6c0 5 bytes JMP 00000001001704f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000075a1e360 5 bytes JMP 0000000100170370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075a48e57 5 bytes JMP 0000000100170170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075a49cfd 5 bytes JMP 0000000100170770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a49f1d 5 bytes JMP 0000000100170030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075a67cb9 5 bytes JMP 0000000100170130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075a68111 5 bytes JMP 0000000100170470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000075a6832f 5 bytes JMP 00000001001703b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074b09606 5 bytes JMP 00000001001800f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074b10581 5 bytes JMP 0000000100180130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074b10bb9 5 bytes JMP 0000000100180270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074b10c2e 5 bytes JMP 00000001001801b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074b10f2e 5 bytes JMP 0000000100180070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074b11096 5 bytes JMP 00000001001800b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074b1124e 5 bytes JMP 00000001001801f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074b1129d 5 bytes JMP 0000000100180230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074b11527 5 bytes JMP 0000000100180030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074b11590 5 bytes JMP 0000000100180170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075380045 5 bytes JMP 0000000100290030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000753836b2 5 bytes JMP 0000000100290070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000753afdcd 5 bytes JMP 00000001002900b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000773e1401 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000773e1419 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000773e1431 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000773e144a 2 bytes [3E, 77] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773e14dd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773e14f5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000773e150d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000773e1525 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000773e153d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000773e1555 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000773e156d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000773e1585 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000773e159d 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773e15b5 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773e15cd 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773e16b2 2 bytes [3E, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773e16bd 2 bytes [3E, 77] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef7b9741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7b95f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7b95674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7b95e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7b97f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7b96a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7b96ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7b97b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7b97ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef7b978b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7b94fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7b95d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2168] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7b97584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2772:3352] 000007fefbcc2a7c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2772:3956] 0000000072156c88 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2772:3224] 000000006f902340 Thread D:\Programy\Firefox\firefox.exe [2556:3216] 000000006df86314 Thread D:\Programy\Firefox\firefox.exe [2556:2864] 000000006df8539b Thread D:\Programy\Firefox\firefox.exe [2556:2960] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2256] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3292] 00000000733b62ee Thread D:\Programy\Firefox\firefox.exe [2556:3960] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2408] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3112] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3316] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:580] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3168] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:916] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:1956] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:1312] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3772] 0000000077462e25 Thread D:\Programy\Firefox\firefox.exe [2556:1960] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2912] 000000006d5d27e1 Thread D:\Programy\Firefox\firefox.exe [2556:1032] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3504] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3508] 000000006d3f32fb Thread D:\Programy\Firefox\firefox.exe [2556:412] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3432] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:216] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2796] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3660] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2924] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3056] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2580] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3296] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:4060] 0000000077463e45 Thread D:\Programy\Firefox\firefox.exe [2556:2668] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3836] 00000000730227c1 Thread D:\Programy\Firefox\firefox.exe [2556:3640] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:836] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:1608] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3380] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3692] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:4064] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3944] 000000006e56775e Thread D:\Programy\Firefox\firefox.exe [2556:7744] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:7740] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:7724] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:5212] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:3132] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:7836] 0000000077467111 Thread D:\Programy\Firefox\firefox.exe [2556:6208] 0000000077463e45 Thread D:\Programy\Firefox\firefox.exe [2556:7180] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:5564] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:7440] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:2152] 0000000077463e45 Thread D:\Programy\Firefox\firefox.exe [2556:5192] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:4588] 0000000070fdc724 Thread D:\Programy\Firefox\firefox.exe [2556:8108] 0000000077463e45 Thread D:\Programy\Firefox\plugin-container.exe [3968:3848] 000000006df8539b Thread D:\Programy\Firefox\plugin-container.exe [3968:3304] 000000006a52eb50 Thread D:\Programy\Firefox\plugin-container.exe [3968:1676] 000000006a52eb50 Thread D:\Programy\Firefox\plugin-container.exe [3968:2716] 0000000077462e25 Thread D:\Programy\Firefox\plugin-container.exe [3968:3544] 0000000077463e45 Thread D:\Programy\Firefox\plugin-container.exe [3968:172] 000000006a52eb50 Thread D:\Programy\Firefox\plugin-container.exe [3968:2600] 000000006a52eb50 Thread D:\Programy\Firefox\plugin-container.exe [3968:3460] 000000006d5d27e1 Thread D:\Programy\Firefox\plugin-container.exe [3968:1284] 0000000077463e45 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3440] 0000000076b50000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3516] 000007feefb50000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2772] 000007fefd670000 Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3356] 000007feefb50000 ---- EOF - GMER 2.0 ----