GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-04 21:35:34 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000007a SAMSUNG_ rev.1AC0 298,09GB Running: j2m089nx.exe; Driver: C:\Users\T\AppData\Local\Temp\axloyuog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwAddBootEntry [0x91942492] SSDT 85BEC680 ZwAlertResumeThread SSDT 85BEC718 ZwAlertThread SSDT 85B9D278 ZwAllocateVirtualMemory SSDT 85AFD610 ZwAlpcConnectPort SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwAlpcSendWaitReceivePort [0x91944A3A] SSDT 85BEC0F8 ZwAssignProcessToJobObject SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwConnectPort [0x91943AA4] SSDT 85BEC4A8 ZwCreateMutant SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwCreateSection [0x91943724] SSDT 85BEBEA8 ZwCreateSymbolicLinkObject SSDT 85BE9070 ZwCreateThread SSDT 85BEBF50 ZwCreateThreadEx SSDT 85BEC190 ZwDebugActiveProcess SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwDeleteBootEntry [0x919424FE] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwDeleteFile [0x91942BCC] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwDeviceIoControlFile [0x91941E10] SSDT 85B9D3B8 ZwDuplicateObject SSDT 85BEB430 ZwFreeVirtualMemory SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwFsControlFile [0x91942B6C] SSDT 85BEC550 ZwImpersonateAnonymousToken SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwImpersonateClientOfPort [0x91942B32] SSDT 85BEC5E8 ZwImpersonateThread SSDT 85AFD598 ZwLoadDriver SSDT 85BEB378 ZwMapViewOfSection SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwModifyBootEntry [0x919424C8] SSDT 85BEC410 ZwOpenEvent SSDT 85BE2988 ZwOpenProcess SSDT 85B9D320 ZwOpenProcessToken SSDT 85BEC2E0 ZwOpenSection SSDT 85BE2900 ZwOpenThread SSDT 85BEC050 ZwProtectVirtualMemory SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwQueueApcThread [0x91941ECE] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwReplaceKey [0x91942620] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwRequestWaitReplyPort [0x91944956] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwRestoreKey [0x9194256A] SSDT 85BEC790 ZwResumeThread SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwSecureConnectPort [0x91943B8E] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwSetBootOptions [0x91942534] SSDT 85BEB1A0 ZwSetContextThread SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwSetInformationFile [0x91942C30] SSDT 85BEB238 ZwSetInformationProcess SSDT 85BEC228 ZwSetSystemInformation SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwShutdownSystem [0x9194244A] SSDT 85BEC378 ZwSuspendProcess SSDT 85BEB070 ZwSuspendThread SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys ZwSystemDebugControl [0x91941FA4] SSDT 85BE2150 ZwTerminateProcess SSDT 85BEB108 ZwTerminateThread SSDT 85BEB2E0 ZwUnmapViewOfSection SSDT 85BEB4D8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8264FA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82689212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CC 82690461 3 Bytes [24, 94, 91] {AND AL, 0x94; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82690470 8 Bytes [80, C6, BE, 85, 18, C7, BE, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82690488 4 Bytes [78, D2, B9, 85] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82690494 4 Bytes [10, D6, AF, 85] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 826904D8 4 Bytes [3A, 4A, 94, 91] {CMP CL, [EDX-0x6c]; XCHG ECX, EAX} .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88B07346] .hgjhgj1˙˙˙˙SpySheltentry point in ".hgjhgj1˙˙˙˙SpySheltentry point in "" section [0x919F6253] C:\Program Files\SpyShelter Personal Free\SpyShelter.sys entry point in ".hgjhgj1˙˙˙˙SpySheltentry point in "" section [0x919F6253] ? C:\Windows\System32\Drivers\ahk4vt59.SYS suspicious PE modification ? C:\Windows\System32\Drivers\abma6b8p.SYS suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[1192] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[1192] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[1192] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\spoolsv.exe[1484] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\spoolsv.exe[1484] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\spoolsv.exe[1484] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\Explorer.EXE[1648] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\Explorer.EXE[1648] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\Explorer.EXE[1648] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[1780] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[1780] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[1780] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\svchost.exe[1824] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\svchost.exe[1824] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\System32\svchost.exe[1824] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\firefox.exe[2180] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\firefox.exe[2180] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\firefox.exe[2180] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\firefox.exe[2180] ntdll.dll!LdrGetProcedureAddress + 26 775F22A9 7 Bytes JMP 61E74AE0 C:\Program Files\Nightly\xul.dll .text C:\Program Files\Nightly\firefox.exe[2180] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75A1941E 7 Bytes JMP 627077E2 C:\Program Files\Nightly\xul.dll .text C:\Program Files\Nightly\firefox.exe[2180] kernel32.dll!QueryPerformanceCounter + 13 75A1C425 7 Bytes JMP 62707805 C:\Program Files\Nightly\xul.dll .text C:\Program Files\Nightly\firefox.exe[2180] kernel32.dll!LoadAppInitDlls + 355 75A1F4E6 7 Bytes JMP 61E78B9E C:\Program Files\Nightly\xul.dll .text C:\Program Files\Nightly\firefox.exe[2180] GDI32.dll!GetViewportOrgEx + 26C 7598884B 7 Bytes JMP 62707763 C:\Program Files\Nightly\xul.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[2268] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[2268] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Norton Internet Security\Engine\21.0.2.1\NIS.exe[2268] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\SearchIndexer.exe[2432] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[2488] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[2488] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[2488] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\plugin-container.exe[2624] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\plugin-container.exe[2624] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\plugin-container.exe[2624] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Nightly\plugin-container.exe[2624] USER32.dll!GetWindowInfo 77384B5E 5 Bytes JMP 621E9EDB C:\Program Files\Nightly\xul.dll .text C:\Program Files\Nightly\plugin-container.exe[2624] USER32.dll!ToUnicodeEx + 71 77392223 7 Bytes JMP 621E38AC C:\Program Files\Nightly\xul.dll .text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3164] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3164] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3164] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3196] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3196] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3196] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Users\T\Downloads\j2m089nx.exe[3252] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Users\T\Downloads\j2m089nx.exe[3252] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Users\T\Downloads\j2m089nx.exe[3252] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3296] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3296] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3296] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[3400] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[3400] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\taskhost.exe[3400] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3484] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3484] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3484] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[3684] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[3684] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[3684] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[4148] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[4148] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[4148] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\foobar2000\foobar2000.exe[5148] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\foobar2000\foobar2000.exe[5148] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\foobar2000\foobar2000.exe[5148] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5596] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5596] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[5596] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtAllocateVirtualMemory 775D5318 5 Bytes JMP 7242F6F0 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateFile + 6 775D560E 4 Bytes [28, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateFile + B 775D5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateKey + 6 775D564E 4 Bytes [68, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateKey + B 775D5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateMutant + 6 775D568E 4 Bytes [68, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateMutant + B 775D5693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateSection + 6 775D572E 4 Bytes [A8, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtCreateSection + B 775D5733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtFreeVirtualMemory 775D5A18 5 Bytes JMP 7242F830 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtMapViewOfSection + B 775D5C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenFile + 6 775D5D1E 4 Bytes [68, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenFile + B 775D5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenKey + 6 775D5D4E 4 Bytes [A8, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenKey + B 775D5D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenKeyEx + B 775D5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenMutant + 6 775D5D9E 4 Bytes [28, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenMutant + B 775D5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcess + 6 775D5DCE 4 Bytes [68, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcess + B 775D5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcessToken + 6 775D5DDE 4 Bytes [A8, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcessToken + B 775D5DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DEE 4 Bytes [68, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenProcessTokenEx + B 775D5DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenSection + B 775D5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThread + 6 775D5E4E 4 Bytes [28, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThread + B 775D5E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThreadToken + 6 775D5E5E 4 Bytes [28, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThreadToken + B 775D5E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThreadTokenEx + 6 775D5E6E 4 Bytes [A8, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtOpenThreadTokenEx + B 775D5E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtProtectVirtualMemory 775D5F58 5 Bytes JMP 7242F750 C:\Windows\system32\hmpalert.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtQueryAttributesFile + 6 775D5F7E 4 Bytes [A8, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtQueryAttributesFile + B 775D5F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtQueryFullAttributesFile + B 775D6033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtSetInformationFile + 6 775D667E 4 Bytes [28, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtSetInformationFile + B 775D6683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtSetInformationThread + B 775D66E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtUnmapViewOfSection + 6 775D69FE 4 Bytes [28, 85, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ntdll.dll!NtUnmapViewOfSection + B 775D6A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] kernel32.dll!CreateProcessW 759D204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] kernel32.dll!CreateProcessA 759D2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!ActivateKeyboardLayout 77378203 5 Bytes JMP 001004F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!ScreenToClient 7737A506 7 Bytes JMP 00100670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!RegisterClipboardFormatA 7737C091 5 Bytes JMP 001002F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!RegisterClipboardFormatW 7737DF8D 5 Bytes JMP 001002B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!SetCursor 77383075 5 Bytes JMP 00100530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!MonitorFromWindow 77383622 7 Bytes JMP 00100630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!PostMessageW 7738447B 5 Bytes JMP 001005F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!IsWindowVisible 77384D69 7 Bytes JMP 001006B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClientRect 773854DD 7 Bytes JMP 001005B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!MapWindowPoints 77385CAA 5 Bytes JMP 00100570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetParent 77386029 7 Bytes JMP 001006F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!EmptyClipboard 7739290C 5 Bytes JMP 00100130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!SetClipboardData 77392962 5 Bytes JMP 00100170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardData 77392BA7 5 Bytes JMP 00100030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardFormatNameW 77395FD2 5 Bytes JMP 00100230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!SetClipboardViewer 77396FF6 5 Bytes JMP 001004B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardFormatNameA 7739700A 5 Bytes JMP 00100270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!ChangeClipboardChain 773A147C 5 Bytes JMP 00100430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetTopWindow 773A24D9 7 Bytes JMP 00100730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!CloseClipboard 773A446C 5 Bytes JMP 001000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!OpenClipboard 773A447E 5 Bytes JMP 00100070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!IsClipboardFormatAvailable 773A44FF 5 Bytes JMP 001000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardSequenceNumber 773A4513 5 Bytes JMP 00100330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardOwner 773A4525 5 Bytes JMP 00100370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!CountClipboardFormats 773A470A 5 Bytes JMP 001001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!EnumClipboardFormats 773A47EC 5 Bytes JMP 001001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetOpenClipboardWindow 773A480B 5 Bytes JMP 001003F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!SetCursorPos 773BC1B0 5 Bytes JMP 00100770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetClipboardViewer 773D4AF7 5 Bytes JMP 00100470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] user32.DLL!GetPriorityClipboardFormat 773D4BF9 5 Bytes JMP 001003B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!DeleteObject 75985F14 5 Bytes JMP 002801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SelectObject 75986640 5 Bytes JMP 002805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetTextColor 75986906 5 Bytes JMP 00280A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetBkMode 759869B1 5 Bytes JMP 002808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!DeleteDC 75986EAA 5 Bytes JMP 00280170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetDeviceCaps 75986F7F 5 Bytes JMP 002803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!ExtSelectClipRgn 75987114 5 Bytes JMP 002802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SelectClipRgn 75987242 5 Bytes JMP 002805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetStretchBltMode 75987705 5 Bytes JMP 002806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetCurrentObject 75987917 5 Bytes JMP 00280370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextMetricsW 75987B8F 5 Bytes JMP 00280E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextAlign 75987DAF 5 Bytes JMP 00280D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!IntersectClipRect 75987DFE 5 Bytes JMP 002803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!ExtTextOutW 75988192 5 Bytes JMP 00280970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetTextAlign 7598828E 5 Bytes JMP 002809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetClipBox 75988525 5 Bytes JMP 00280330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!MoveToEx 75988C21 5 Bytes JMP 00280470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!StretchDIBits 7598A53E 5 Bytes JMP 00280770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!RestoreDC 7598A67B 5 Bytes JMP 00280530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SaveDC 7598A74B 5 Bytes JMP 00280570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextExtentPoint32W 7598B4B5 5 Bytes JMP 00280670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextFaceW 7598B73A 2 Bytes JMP 00280D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextFaceW + 3 7598B73D 2 Bytes [8F, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetFontData 7598BCC4 5 Bytes JMP 00280C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetWorldTransform 7598C90A 5 Bytes JMP 002806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!CreateDCA 7598CCA9 5 Bytes JMP 002800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!CreateDCW 7598CF79 5 Bytes JMP 002800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!CreateICW 7598CFD0 5 Bytes JMP 00280130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextMetricsA 7598D0F2 5 Bytes JMP 00280DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!Rectangle 7598F1FF 5 Bytes JMP 002809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!LineTo 7598F59B 5 Bytes JMP 00280430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetICMMode 7598FAA4 5 Bytes JMP 00280DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!ExtTextOutA 759903F9 5 Bytes JMP 00280930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextExtentPoint32A 759907B0 5 Bytes JMP 00280630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!ExtEscape 75992949 5 Bytes JMP 002802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!Escape 75993939 5 Bytes JMP 00280270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetTextFaceA 75993E6A 5 Bytes JMP 00280CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetPolyFillMode 7599D851 5 Bytes JMP 00280B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SetMiterLimit 7599DA0D 5 Bytes JMP 00280B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!EndPage 759A00D7 5 Bytes JMP 00280230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!ResetDCW 759A050D 5 Bytes JMP 00280AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!GetGlyphOutlineW 759AC1BA 5 Bytes JMP 00280CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!CreateScalableFontResourceW 759AE817 5 Bytes JMP 00280BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!AddFontResourceW 759AEC13 5 Bytes JMP 00280BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!RemoveFontResourceW 759AF109 5 Bytes JMP 00280C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!AbortDoc 759B4C63 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!EndDoc 759B50AA 5 Bytes JMP 002801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!StartPage 759B5195 5 Bytes JMP 00280730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!StartDocW 759B5BB0 5 Bytes JMP 002807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!BeginPath 759B635D 5 Bytes JMP 00280830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!SelectClipPath 759B63B4 5 Bytes JMP 00280AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!CloseFigure 759B640F 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!EndPath 759B6466 5 Bytes JMP 00280A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!StrokePath 759B6699 5 Bytes JMP 002807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!FillPath 759B6726 5 Bytes JMP 00280870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!PolylineTo 759B6B94 5 Bytes JMP 002804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!PolyBezierTo 759B6C25 5 Bytes JMP 002804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] GDI32.dll!PolyDraw 759B6CD7 5 Bytes JMP 002808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ole32.dll!OleSetClipboard 76E30045 5 Bytes JMP 002A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ole32.dll!OleIsCurrentClipboard 76E336B2 5 Bytes JMP 002A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5936] ole32.dll!OleGetClipboard 76E5FDCD 5 Bytes JMP 002A00B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7438562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743856EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743985AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74394D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74395105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743951DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74396707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74398301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74398850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743990B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7439E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74394C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8466F1F8 Device \FileSystem\fastfat \FatCdrom 85CAF1F8 Device \Driver\usbohci \Device\USBPDO-0 85CCD1F8 Device \Driver\usbehci \Device\USBPDO-1 85CE4430 Device \Driver\cdrom \Device\CdRom0 86E8E1F8 Device \Driver\cdrom \Device\CdRom1 86E8E1F8 Device \Driver\atapi \Device\Ide\IdePort0 8466C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8466C1F8 Device \Driver\cdrom \Device\CdRom2 86E8E1F8 Device \Driver\PCI_PNP7616 \Device\00000076 sptd.sys Device \Driver\PCI_PNP7616 \Device\00000077 sptd.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 859C21F8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 85863430 Device \Driver\NetBT \Device\NetBT_Tcpip_{80AA3CF7-F7C7-4F59-AFA7-6E9B55C1DFBF} 859C21F8 Device \Driver\nvstor \Device\RaidPort0 8466D1F8 Device \Driver\nvstor \Device\RaidPort1 8466D1F8 Device \Driver\usbohci \Device\USBFDO-0 85CCD1F8 Device \Driver\nvstor \Device\0000007a 8466D1F8 Device \Driver\usbehci \Device\USBFDO-1 85CE4430 Device \Driver\NetBT \Device\NetBT_Tcpip_{F9F6582E-D341-4B5B-8B09-50801914B096} 859C21F8 Device \Driver\abma6b8p \Device\Scsi\abma6b8p1 864901F8 Device \Driver\ahk4vt59 \Device\Scsi\ahk4vt591Port4Path0Target0Lun0 864791F8 Device \Driver\ahk4vt59 \Device\Scsi\ahk4vt591 864791F8 Device \Driver\abma6b8p \Device\Scsi\abma6b8p1Port5Path0Target0Lun0 864901F8 Device \Driver\dtsoftbus01 \Device\0000008d 85863430 Device \FileSystem\fastfat \Fat 85CAF1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8466d1f8]<< 8466d1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8568aac8] 8568aac8 Trace 3 CLASSPNP.SYS[893b959e] -> nt!IofCallDriver -> [0x854097d8] 854097d8 Trace 5 ACPI.sys[88b2a3d4] -> nt!IofCallDriver -> \Device\0000007a[0x85409900] 85409900 Trace \Driver\nvstor[0x8469b350] -> IRP_MJ_CREATE -> 0x8466d1f8 8466d1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x05 0xD7 0xB1 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x74 0x03 0xF4 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE4 0xB2 0x09 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBB 0xDB 0x58 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x89 0x6F 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x3A 0x10 0xDE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x05 0xD7 0xB1 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x74 0x03 0xF4 0x38 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE4 0xB2 0x09 0xF5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBB 0xDB 0x58 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x89 0x6F 0xF0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x3A 0x10 0xDE ... ---- EOF - GMER 2.1 ----