GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-03 11:45:21 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 SAMSUNG_HD252HJ rev.1AC01113 232,89GB Running: lb3zo52i.exe; Driver: C:\Users\Sniper\AppData\Local\Temp\ufdiqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CAE34BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x93188C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8CAE3ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CAEEFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CAEEFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CAEF176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CAEEF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x93188FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CAEEF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8CAE411C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8CAE42F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CAEF130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8CAE493E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CAE3508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x93188CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x931873EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CAE3556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CAE8534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CAE53A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CAEEFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CAEF016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CAEF19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CAEEF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CAEF0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CAEEF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CAEF154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x93188E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CAE5272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8CAE4F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CAE35A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CAE35F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8CAE47BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CAE31FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CAE33AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CAE3350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8CAE4AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8CAE4C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CAE341A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x93188EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8CAE4636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9318741C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CAE3640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x93188D96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x931A1E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 83478989 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 834984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 8349F750 4 Bytes [BA, 34, AE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 8349F778 4 Bytes [22, 8C, 18, 93] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 8349F7D8 4 Bytes [D6, 3E, AE, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 8349F82C 8 Bytes [A8, EF, AE, 8C, F4, EF, AE, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 147B 8349F838 4 Bytes [76, F1, AE, 8C] .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 8362548A 5 Bytes JMP 9319ECF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8364C9D6 5 Bytes JMP 931A0828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 83653136 4 Bytes CALL 8CAE5A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 8368FDE7 4 Bytes CALL 8CAE5AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 83715944 7 Bytes JMP 931A1E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text afd.sys 8C74E000 147 Bytes [90, 90, 90, 90, 90, FF, 15, ...] .text afd.sys 8C74E094 178 Bytes [F0, C7, 45, F4, F4, 01, 00, ...] .text afd.sys 8C74E148 47 Bytes [00, 08, 0F, 84, 8E, 00, 00, ...] .text afd.sys 8C74E178 28 Bytes [8D, 55, E0, 8D, 4E, 1C, FF, ...] .text afd.sys 8C74E195 80 Bytes [1D, 39, 77, 08, 74, 18, 8D, ...] .text ... ? C:\Windows\system32\drivers\afd.sys suspicious PE modification .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96412000, 0x136CEC, 0xE8000020] ? C:\Users\Sniper\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B243B000 85 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4FE6 B243B056 61 Bytes [B2, 5E, C3, 8B, FF, 55, 8B, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5024 B243B094 6 Bytes [B2, FF, 25, 80, 11, 43] PAGE spsys.sys!?SPRevision@@3PADA + 502B B243B09B 135 Bytes [8B, FF, 55, 8B, EC, E8, 31, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B243B123 629 Bytes [65, 43, B2, FE, 05, 34, 65, ...] PAGE ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskeng.exe[240] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Users\Sniper\Desktop\Programy\Core Temp.exe[376] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 770BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1652] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1668] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1736] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1756] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text ... .text C:\Windows\system32\sppsvc.exe[2436] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000803FC .text C:\Windows\system32\sppsvc.exe[2436] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000801F8 .text C:\Windows\system32\sppsvc.exe[2436] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[2436] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\sppsvc.exe[2436] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001503FC .text C:\Windows\system32\sppsvc.exe[2436] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00150804 .text C:\Windows\system32\sppsvc.exe[2436] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\sppsvc.exe[2436] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00150600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2516] kernel32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 001A0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2608] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[2620] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000F03FC .text C:\Windows\system32\svchost.exe[2620] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\svchost.exe[2620] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2620] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[2620] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001103FC .text C:\Windows\system32\svchost.exe[2620] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[2620] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[2620] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00110600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000F03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000F01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00110A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001103FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00110804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001101F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2708] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00110600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!CharToOemA + 3A 75C4B1DE 7 Bytes JMP 613EADE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00100804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!AdjustWindowRectEx + 117 75C5660F 7 Bytes JMP 613EAD6F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!GetWindowInfo 75C56A82 5 Bytes JMP 612347EC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!MenuItemFromPoint + F 75C74B36 7 Bytes JMP 61234E1E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00100600 .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 001703FC .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 001701F8 .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00190A08 .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001903FC .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00190804 .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001901F8 .text C:\Users\Sniper\Downloads\lb3zo52i.exe[3060] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00190600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3304] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 000F0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000703FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 000701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 002003FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00200804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 002001F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3316] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00200600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 003101F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3684] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00310600 .text C:\Windows\system32\AUDIODG.EXE[3688] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 001203FC .text C:\Windows\system32\AUDIODG.EXE[3688] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 001201F8 .text C:\Windows\system32\AUDIODG.EXE[3688] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3688] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\AUDIODG.EXE[3688] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001403FC .text C:\Windows\system32\AUDIODG.EXE[3688] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00140804 .text C:\Windows\system32\AUDIODG.EXE[3688] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\AUDIODG.EXE[3688] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00140600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtQueryAttributesFile 77235F38 5 Bytes JMP 63479CD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtQueryFullAttributesFile 77235FE8 5 Bytes JMP 63479E10 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtQueryInformationFile 77236018 5 Bytes JMP 63479C40 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtQueryValueKey 77236248 5 Bytes JMP 63472730 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtSetInformationFile 77236638 5 Bytes JMP 63479BA0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!NtSetValueKey 77236808 5 Bytes JMP 634727C0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 610DA650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 770B93D6 7 Bytes JMP 61317DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!QueryPerformanceCounter + 13 770BC435 7 Bytes JMP 61317E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!GetStartupInfoW + 586 770BE863 7 Bytes JMP 63479AD0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!CloseHandle + 38 770BE8A0 7 Bytes JMP 634799B0 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!GetSystemTime + B 770BEA5C 7 Bytes JMP 63479890 c:\progra~1\mocaflix\sprote~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!LoadAppInitDlls + 355 770BF4F6 7 Bytes JMP 610DEDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00130A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 001303FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00130804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 001301F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00130600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] GDI32.dll!GetViewportOrgEx + 26C 7591884B 7 Bytes JMP 61317D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] CRYPT32.dll!CryptImportPublicKeyInfoEx + 98 753C39CA 7 Bytes JMP 0077EE40 .text C:\Program Files\Mozilla Firefox\firefox.exe[3788] CRYPT32.dll!I_CryptEnumMatchingLruEntries + 1BFC 753CA6E4 7 Bytes JMP 0077EEB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateFile + 6 772355CE 4 Bytes [28, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateFile + B 772355D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateKey + 6 7723560E 4 Bytes [68, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateKey + B 77235613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateMutant + 6 7723564E 4 Bytes [68, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateMutant + B 77235653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateSection + 6 772356EE 4 Bytes [A8, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtCreateSection + B 772356F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtMapViewOfSection + B 77235C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenFile + 6 77235CDE 4 Bytes [68, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenFile + B 77235CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenKey + 6 77235D0E 4 Bytes [A8, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenKey + B 77235D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenKeyEx + B 77235D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenMutant + 6 77235D5E 4 Bytes [28, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenMutant + B 77235D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcess + 6 77235D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcess + 6 77235D8E 4 Bytes [68, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcess + B 77235D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcessToken + 6 77235D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcessToken + 6 77235D9E 4 Bytes [A8, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcessToken + B 77235DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 77235DAE 4 Bytes [68, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 77235DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenSection + B 77235DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThread + 6 77235E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThread + 6 77235E0E 4 Bytes [28, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThread + B 77235E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThreadToken + 6 77235E1E 4 Bytes [28, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThreadToken + B 77235E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThreadTokenEx + 6 77235E2E 4 Bytes [A8, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 77235E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 77235F3E 4 Bytes [A8, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtQueryAttributesFile + B 77235F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 77235FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtSetInformationFile + 6 7723663E 4 Bytes [28, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtSetInformationFile + B 77236643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtSetInformationThread + 6 7723669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtSetInformationThread + B 772366A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 772369BE 4 Bytes [28, 05, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 772369C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!LdrUnloadDll 7724C86E 5 Bytes JMP 002303FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ntdll.dll!LdrLoadDll 7725223E 5 Bytes JMP 002301F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] KERNEL32.dll!CreateProcessW 7707204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] KERNEL32.dll!CreateProcessA 77072082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] KERNEL32.dll!GetBinaryTypeW + 70 770D69F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!DeleteObject 75915F14 5 Bytes JMP 002501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SelectObject 75916640 5 Bytes JMP 002505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetTextColor 75916906 5 Bytes JMP 00250A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetBkMode 759169B1 5 Bytes JMP 002508F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!DeleteDC 75916EAA 5 Bytes JMP 00250170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetDeviceCaps 75916F7F 5 Bytes JMP 002503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!ExtSelectClipRgn 75917114 5 Bytes JMP 002502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SelectClipRgn 75917242 5 Bytes JMP 002505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetStretchBltMode 75917705 5 Bytes JMP 002506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetCurrentObject 75917917 5 Bytes JMP 00250370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextMetricsW 75917B8F 5 Bytes JMP 00250E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextAlign 75917DAF 5 Bytes JMP 00250D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!IntersectClipRect 75917DFE 5 Bytes JMP 002503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!ExtTextOutW 75918192 5 Bytes JMP 00250970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetTextAlign 7591828E 5 Bytes JMP 002509F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetClipBox 75918525 5 Bytes JMP 00250330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!MoveToEx 75918C21 5 Bytes JMP 00250470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!StretchDIBits 7591A53E 5 Bytes JMP 00250770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!RestoreDC 7591A67B 5 Bytes JMP 00250530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SaveDC 7591A74B 5 Bytes JMP 00250570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextExtentPoint32W 7591B4B5 5 Bytes JMP 00250670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextFaceW 7591B73A 2 Bytes JMP 00250D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextFaceW + 3 7591B73D 2 Bytes [93, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetFontData 7591BCC4 5 Bytes JMP 00250C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetWorldTransform 7591C90A 5 Bytes JMP 002506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!CreateDCA 7591CCA9 5 Bytes JMP 002500B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!CreateDCW 7591CF79 5 Bytes JMP 002500F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!CreateICW 7591CFD0 5 Bytes JMP 00250130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextMetricsA 7591D0F2 5 Bytes JMP 00250DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!Rectangle 7591F1FF 5 Bytes JMP 002509B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!LineTo 7591F59B 5 Bytes JMP 00250430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetICMMode 7591FAA4 5 Bytes JMP 00250DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!ExtTextOutA 759203F9 5 Bytes JMP 00250930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextExtentPoint32A 759207B0 5 Bytes JMP 00250630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!ExtEscape 75922949 5 Bytes JMP 002502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!Escape 75923939 5 Bytes JMP 00250270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetTextFaceA 75923E6A 5 Bytes JMP 00250CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetPolyFillMode 7592D851 5 Bytes JMP 00250B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SetMiterLimit 7592DA0D 5 Bytes JMP 00250B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!EndPage 759300D7 5 Bytes JMP 00250230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!ResetDCW 7593050D 5 Bytes JMP 00250AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!GetGlyphOutlineW 7593C1BA 5 Bytes JMP 00250CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!CreateScalableFontResourceW 7593E817 5 Bytes JMP 00250BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!AddFontResourceW 7593EC13 5 Bytes JMP 00250BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!RemoveFontResourceW 7593F109 5 Bytes JMP 00250C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!AbortDoc 75944C63 5 Bytes JMP 00250030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!EndDoc 759450AA 5 Bytes JMP 002501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!StartPage 75945195 5 Bytes JMP 00250730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!StartDocW 75945BB0 5 Bytes JMP 002507F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!BeginPath 7594635D 5 Bytes JMP 00250830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!SelectClipPath 759463B4 5 Bytes JMP 00250AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!CloseFigure 7594640F 5 Bytes JMP 00250070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!EndPath 75946466 5 Bytes JMP 00250A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!StrokePath 75946699 5 Bytes JMP 002507B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!FillPath 75946726 5 Bytes JMP 00250870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!PolylineTo 75946B94 5 Bytes JMP 002504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!PolyBezierTo 75946C25 5 Bytes JMP 002504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] GDI32.dll!PolyDraw 75946CD7 5 Bytes JMP 002508B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!ActivateKeyboardLayout 75C4817D 5 Bytes JMP 002604F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!ScreenToClient 75C4C1F2 7 Bytes JMP 00260670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!UnhookWindowsHookEx 75C4CC7B 5 Bytes JMP 00270A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!UnhookWinEvent 75C4D924 5 Bytes JMP 002703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!RegisterClipboardFormatA 75C4E6B1 5 Bytes JMP 002602F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!RegisterClipboardFormatW 75C4EDFD 5 Bytes JMP 002602B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetWindowsHookExW 75C5210A 5 Bytes JMP 00270804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetWinEventHook 75C5507E 5 Bytes JMP 002701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetCursor 75C552EA 5 Bytes JMP 00260530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!MonitorFromWindow 75C5590A 3 Bytes JMP 00260630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!MonitorFromWindow + 4 75C5590E 3 Bytes [8A, CC, CC] {MOV CL, AH; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!PostMessageW 75C56225 5 Bytes JMP 002605F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!IsWindowVisible 75C56939 7 Bytes JMP 002606B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClientRect 75C574B1 7 Bytes JMP 002605B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!MapWindowPoints 75C57915 5 Bytes JMP 00260570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetParent 75C57AB3 7 Bytes JMP 002606F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetClipboardData 75C64979 5 Bytes JMP 00260170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!EmptyClipboard 75C64A28 5 Bytes JMP 00260130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardData 75C64B47 5 Bytes JMP 00260030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!EnumClipboardFormats 75C64D98 5 Bytes JMP 002601B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardFormatNameW 75C67EB2 5 Bytes JMP 00260230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetClipboardViewer 75C68F4D 5 Bytes JMP 002604B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardFormatNameA 75C68F61 5 Bytes JMP 00260270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetOpenClipboardWindow 75C6902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetOpenClipboardWindow 75C6902F 5 Bytes JMP 002603F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!ChangeClipboardChain 75C73425 5 Bytes JMP 00260430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetTopWindow 75C73A5D 7 Bytes JMP 00260730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!CloseClipboard 75C75BA7 5 Bytes JMP 002600B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!OpenClipboard 75C75BB9 5 Bytes JMP 00260070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!IsClipboardFormatAvailable 75C75C3A 5 Bytes JMP 002600F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardSequenceNumber 75C75C4E 5 Bytes JMP 00260330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardOwner 75C75C60 5 Bytes JMP 00260370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!CountClipboardFormats 75C75DC9 5 Bytes JMP 002601F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetWindowsHookExA 75C76DFA 5 Bytes JMP 00270600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!SetCursorPos 75C8C1D8 5 Bytes JMP 00260770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetClipboardViewer 75CA4B57 5 Bytes JMP 00260470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] USER32.dll!GetPriorityClipboardFormat 75CA4C59 5 Bytes JMP 002603B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ole32.dll!OleSetClipboard 76A70045 5 Bytes JMP 002D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ole32.dll!OleIsCurrentClipboard 76A736B2 5 Bytes JMP 002D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] ole32.dll!OleGetClipboard 76A9FDCD 5 Bytes JMP 002D00B0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!DbgBreakPoint] DB33ABAB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmFreeNonCachedMemory] 66E84D89 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeSetEvent] 9C1D39AB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoReadPartitionTable] 0F8C75E3 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmAddVerifierThunks] 0000FF84 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwQuerySymbolicLinkObject] 8DC03300 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmAllocateNonCachedMemory] ABABEC7D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcMdlWriteComplete] 4D89ABAB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoMakeAssociatedIrp] 74CB3BEC IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmProbeAndLockPages] 18418B05 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoQueryDeviceDescription] 15FF09EB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlInsertUnicodePrefix] [8C75C304] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!wcsstr] 56E84D8B IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeQueryInterruptTime] 890C558D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlInitString] FFFF7495 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlUnicodeToMultiByteN] C5A8BEFF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlCheckRegistryKey] 7D8D8C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlPrefixUnicodeString] 558DA5D4 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoAcquireCancelSpinLock] 845589E4 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExReleaseResourceLite] E8558DA5 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeEnterCriticalRegion] 8D945589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 45891455 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeInsertQueueDpc] A45589E4 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwSetSecurityObject] 08458DA5 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 6A18558D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeSetSystemAffinityThread] 64858904 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeRundownQueue] 58FFFFFF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcPinMappedData] 8DB45589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeRemoveQueueDpc] 89A51C55 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoSetDeviceInterfaceState] FFFF689D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeReadStateEvent] 6C8589FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!PsGetCurrentProcess] 89FFFFFF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoGetDeviceInterfaceAlias] FFFF709D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwFreeVirtualMemory] 789D89FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlExtendedIntegerMultiply] 89FFFFFF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!wcscmp] FFFF7C85 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeSetKernelStackSwapEnable] 805D89FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcIsThereDirtyData] 89885D89 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlDeleteRegistryValue] 5D898C45 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeFlushQueuedDpcs] 985D8990 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlCopyUnicodeString] 899C4589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoSetThreadHardErrorMode] 5D89A05D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlAnsiStringToUnicodeString] AC4589A8 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KdEnableDebugger] 89B05D89 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwOpenKey] 4589B85D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmGetPhysicalAddress] C05D89BC IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcUninitializeCacheMap] 89C45589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!FsRtlGetNextFileLock] 4589C85D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoGetLowerDeviceObject] D05D89CC IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!FsRtlIsTotalDeviceFailure] 74CB3B5E IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeSaveFloatingPointState] AFD1B812 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!PoCallDriver] D2330000 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmAllocateMappingAddress] 0F013966 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoSetHardErrorOrVerifyDevice] 8B42C295 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwEnumerateValueKey] 3302EBC2 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlClearAllBits] 450999C0 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoVerifyVolume] E05509DC IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!FsRtlIsNameInExpression] 0F1C5D39 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlSubAuthoritySid] 448DC09D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeRemoveDeviceQueue] 45880200 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoInitializeTimer] 64858DD8 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoUpdateShareAccess] 50FFFFFF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoCheckShareAccess] 458D076A IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoIsOperationSynchronous] 458D50EC IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!PsGetThreadProcessId] 35FF50D4 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlInitUnicodeString] [8C75E3B4] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmAllocateContiguousMemory] E3B035FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoReportDetectedDevice] 15FF8C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlEqualSid] [8C75C308] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoAcquireRemoveLockEx] 5FFC4D8B IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlUpperChar] E85BCD33 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoReuseIrp] FFFFD546 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwReadFile] 0018C2C9 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ZwCreateFile] 90909090 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!FsRtlNotifyInitializeSync] 55FF8B90 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoAllocateAdapterChannel] EC83EC8B IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] E1D8A13C IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExUuidCreate] C5338C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoGetAttachedDevice] 8BFC4589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlFreeAnsiString] 4D8B1C45 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcFastCopyRead] D8458928 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ProbeForRead] 8B53C033 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ObOpenObjectByPointer] 3357105D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] DC5589D2 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!SeAccessCheck] ABE07D8D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoSetShareAccess] C033ABAB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlRemoveUnicodePrefix] 8DEC5589 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!SeQueryAuthenticationIdToken] ABABF07D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlEqualUnicodeString] ABD44D89 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!PoSetSystemState] 0F2C5538 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!HalExamineMBR] 00008884 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlCompareMemory] 9C153900 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeSetTargetProcessorDpc] 758C75E3 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlUpperString] E408A109 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcRemapBcb] C0858C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ObfDereferenceObject] C0337774 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExUnregisterCallback] ABDC7D8D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmIsVerifierEnabled] 33ABABAB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeBugCheck] EC7D8DC0 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoReleaseRemoveLockEx] ABABABAB IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeInitializeDpc] 89DC5D89 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] 5539EC4D IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExRaiseStatus] A15A7508 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeReleaseSemaphore] [8C75E408] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExReinitializeResourceLite] 2174C085 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeWaitForSingleObject] 1068026A IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoIsSystemThread] 8D8C75EF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoGetBootDiskInformation] 6850EC45 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeClearEvent] [8C75CFF8] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!_allmul] E40435FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] 35FF8C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!IoSetPartitionInformationEx] [8C75E400] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeInsertHeadQueue] 005836E8 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!SeImpersonateClientEx] E408A100 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlFindClearRuns] C0858C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!ExAllocatePoolWithQuotaTag] 026A2774 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!SeSetSecurityDescriptorInfo] 75EF1068 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KePulseEvent] 8D006A8C IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmForceSectionClosed] 8D50DC45 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeReadStateSemaphore] 6850EC45 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!KeInsertByKeyDeviceQueue] [8C75D018] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!MmIsThisAnNtAsSystem] E40435FF IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!RtlQueryRegistryValues] 35FF8C75 IAT \SystemRoot\system32\drivers\afd.sys[ntoskrnl.exe!CcFlushCache] [8C75E400] \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe[396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7524FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7209F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7209F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 002607D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00260790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002607D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4020] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c6e698]<< 86c6e698 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86898030] 86898030 Trace 3 CLASSPNP.SYS[8ca5a59e] -> nt!IofCallDriver -> [0x86c2c980] 86c2c980 Trace \Driver\00000476[0x86c3f948] -> IRP_MJ_CREATE -> 0x86c6e698 86c6e698 ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 8C733000-8C74D000 (106496 bytes) ---- Files - GMER 2.1 ---- File C:\Windows\$NtUninstallKB12710$\1496727178 0 bytes File C:\Windows\$NtUninstallKB12710$\3079702070 0 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\@ 2048 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\L 0 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\L\00000004.@ 804 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\L\201d3dde 187 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\L\76603ac3 0 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\L\xadqgnnk 338944 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U 0 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U\00000004.@ 2048 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U\00000008.@ 1024 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U\000000cb.@ 1632 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U\80000000.@ 11776 bytes File C:\Windows\$NtUninstallKB12710$\3079702070\U\80000032.@ 96768 bytes ---- EOF - GMER 2.1 ----