GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-11 17:06:49 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-009BA0 rev.15.01H15 931,51GB Running: 52yub312.exe; Driver: E:\Users\Konrad\AppData\Local\Temp\agrdapog.sys ---- System - GMER 2.1 ---- SSDT 86EA39F8 ZwAlpcConnectPort SSDT 86EA3D08 ZwLoadDriver SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xA37A7690] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xA37A77B0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xA37A7010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xA37A7490] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xA37A72D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xA37A73B0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xA37A7110] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xA37A71F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xA37A7590] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8347D8E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8349D3B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 834A464C 4 Bytes [F8, 39, EA, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 15D3 834A4860 4 Bytes [08, 3D, EA, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 1617 834A48A4 8 Bytes [90, 76, 7A, A3, B0, 77, 7A, ...] {NOP ; JBE 0x7d; MOV [0xa37a77b0], EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 165F 834A48EC 4 Bytes [10, 70, 7A, A3] .text ntoskrnl.exe!KeRemoveQueueEx + 167F 834A490C 4 Bytes [90, 74, 7A, A3] .text ... .sptd1 E:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8CB32346] ? system32\drivers\NAV\1501000.012\SYMDS.SYS System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\NAV\1501000.012\SYMEFA.SYS System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\NAV\1501000.012\ccSetx86.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\NAV\1501000.012\Ironx86.SYS System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\NAV\1501000.012\SYMNETS.SYS System nie może odnaleźć określonej ścieżki. ! ? E:\Windows\system32\Drivers\SYMEVENT.SYS Nie można odnaleźć określonego pliku. ! ? system32\drivers\NAV\1501000.012\SRTSPX.SYS System nie może odnaleźć określonej ścieżki. ! ? E:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvix86.sys System nie może odnaleźć określonej ścieżki. ! ? E:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys System nie może odnaleźć określonej ścieżki. ! ? E:\Windows\System32\Drivers\a8ct457q.SYS suspicious PE modification ? E:\Windows\System32\Drivers\atq9soef.SYS suspicious PE modification ? \Program Files\DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text E:\Program Files\Mozilla Firefox\plugin-container.exe[2688] USER32.dll!CharToOemA + 3A 7570B1DE 7 Bytes JMP 5B6D12C8 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[2688] USER32.dll!AdjustWindowRectEx + 117 7571660F 7 Bytes JMP 5B6D1339 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[2688] USER32.dll!GetWindowInfo 75716A82 1 Byte [E9] .text E:\Program Files\Mozilla Firefox\plugin-container.exe[2688] USER32.dll!GetWindowInfo 75716A82 5 Bytes JMP 5B6D508F E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[2688] USER32.dll!MenuItemFromPoint + F 75734B36 7 Bytes JMP 5B6CEA7F E:\Program Files\Mozilla Firefox\xul.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateFile + 6 77084A16 4 Bytes [28, 18, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateFile + B 77084A1B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateKey + 6 77084A56 4 Bytes [68, 19, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateKey + B 77084A5B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateMutant + 6 77084A96 4 Bytes [68, 1A, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateMutant + B 77084A9B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateSection + 6 77084B36 4 Bytes [A8, 1A, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtCreateSection + B 77084B3B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtMapViewOfSection + 6 77085076 4 Bytes CALL 76086797 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtMapViewOfSection + B 7708507B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenFile + 6 77085126 4 Bytes [68, 18, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenFile + B 7708512B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenKey + 6 77085156 4 Bytes [A8, 19, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenKey + B 7708515B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenKeyEx + 6 77085166 4 Bytes CALL 76086884 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenKeyEx + B 7708516B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenMutant + 6 770851A6 4 Bytes [28, 1A, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenMutant + B 770851AB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcess + 6 770851D6 4 Bytes [68, 1B, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcess + B 770851DB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcessToken + 6 770851E6 4 Bytes [A8, 1B, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcessToken + B 770851EB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcessTokenEx + 6 770851F6 4 Bytes [68, 1C, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenProcessTokenEx + B 770851FB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenSection + 6 77085216 4 Bytes CALL 76086935 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenSection + B 7708521B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThread + 6 77085256 4 Bytes [28, 1B, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThread + B 7708525B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThreadToken + 6 77085266 4 Bytes [28, 1C, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThreadToken + B 7708526B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThreadTokenEx + 6 77085276 4 Bytes [A8, 1C, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtOpenThreadTokenEx + B 7708527B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtQueryAttributesFile + 6 77085386 4 Bytes [A8, 18, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtQueryAttributesFile + B 7708538B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtQueryFullAttributesFile + 6 77085436 4 Bytes CALL 76086B53 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtQueryFullAttributesFile + B 7708543B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtSetInformationFile + 6 77085A86 4 Bytes [28, 19, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtSetInformationFile + B 77085A8B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtSetInformationThread + 6 77085AE6 4 Bytes CALL 76087206 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtSetInformationThread + B 77085AEB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtUnmapViewOfSection + 6 77085E06 4 Bytes [28, 1D, 17, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ntdll.dll!NtUnmapViewOfSection + B 77085E0B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00180030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00180070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SelectObject 757D61D0 5 Bytes JMP 001C05F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetTextColor 757D6622 5 Bytes JMP 001C0A30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetBkMode 757D66CD 5 Bytes JMP 001C08F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!DeleteObject 757D68B4 5 Bytes JMP 001C01B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!DeleteDC 757D6A2C 5 Bytes JMP 001C0170 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!ExtSelectClipRgn 757D6C72 5 Bytes JMP 001C02F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SelectClipRgn 757D6D84 5 Bytes JMP 001C05B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetDeviceCaps 757D6E03 5 Bytes JMP 001C03B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetStretchBltMode 757D73CE 5 Bytes JMP 001C06B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetCurrentObject 757D777C 5 Bytes JMP 001C0370 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextMetricsW 757D798F 5 Bytes JMP 001C0E30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!IntersectClipRect 757D7CCA 5 Bytes JMP 001C03F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextAlign 757D7D15 5 Bytes JMP 001C0D70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetTextAlign 757D7F92 5 Bytes JMP 001C09F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!ExtTextOutW 757D8053 5 Bytes JMP 001C0970 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetClipBox 757D81F2 5 Bytes JMP 001C0330 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!MoveToEx 757D8A16 5 Bytes JMP 001C0470 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!CreateDCA 757D9975 5 Bytes JMP 001C00B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!RestoreDC 757D9A10 5 Bytes JMP 001C0530 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SaveDC 757D9AD2 5 Bytes JMP 001C0570 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!StretchDIBits 757DAC38 5 Bytes JMP 001C0770 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextFaceW 757DB4CC 5 Bytes JMP 001C0D30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextExtentPoint32W 757DB535 5 Bytes JMP 001C0670 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetFontData 757DB8E8 5 Bytes JMP 001C0C70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!CreateDCW 757DBD21 5 Bytes JMP 001C00F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!CreateICW 757DC660 5 Bytes JMP 001C0130 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!LineTo 757DCA20 5 Bytes JMP 001C0430 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetWorldTransform 757DCB42 5 Bytes JMP 001C06F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextMetricsA 757DCE46 5 Bytes JMP 001C0DF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!Rectangle 757DF5BE 5 Bytes JMP 001C09B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetICMMode 757DF8D4 5 Bytes JMP 001C0DB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!ExtTextOutA 757E0158 5 Bytes JMP 001C0930 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextExtentPoint32A 757E08BB 5 Bytes JMP 001C0630 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!Escape 757E0B0D 5 Bytes JMP 001C0270 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!ExtEscape 757E3472 5 Bytes JMP 001C02B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetTextFaceA 757E3E49 5 Bytes JMP 001C0CF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetPolyFillMode 757E6CE1 5 Bytes JMP 001C0B30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SetMiterLimit 757E6E54 5 Bytes JMP 001C0B70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!ResetDCW 757F031C 5 Bytes JMP 001C0AB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!EndPage 757F07CD 5 Bytes JMP 001C0230 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!GetGlyphOutlineW 757FC292 5 Bytes JMP 001C0CB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!CreateScalableFontResourceW 757FE8EF 5 Bytes JMP 001C0BB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!AddFontResourceW 757FECEB 5 Bytes JMP 001C0BF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!RemoveFontResourceW 757FF1E1 5 Bytes JMP 001C0C30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!AbortDoc 75804D37 5 Bytes JMP 001C0030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!EndDoc 7580517E 5 Bytes JMP 001C01F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!StartPage 75805269 5 Bytes JMP 001C0730 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!StartDocW 75805BB6 5 Bytes JMP 001C07F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!BeginPath 7580635D 5 Bytes JMP 001C0830 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!SelectClipPath 758063B4 5 Bytes JMP 001C0AF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!CloseFigure 7580640F 5 Bytes JMP 001C0070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!EndPath 75806466 5 Bytes JMP 001C0A70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!StrokePath 75806699 5 Bytes JMP 001C07B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!FillPath 75806726 5 Bytes JMP 001C0870 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!PolylineTo 75806B94 5 Bytes JMP 001C04F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!PolyBezierTo 75806C25 5 Bytes JMP 001C04B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] GDI32.dll!PolyDraw 75806CD7 5 Bytes JMP 001C08B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!ActivateKeyboardLayout 7570817D 5 Bytes JMP 001D04F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!ScreenToClient 7570C1F2 7 Bytes JMP 001D0670 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!RegisterClipboardFormatA 7570E6B1 5 Bytes JMP 001D02F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!RegisterClipboardFormatW 7570EDFD 5 Bytes JMP 001D02B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!SetCursor 757152EA 5 Bytes JMP 001D0530 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!MonitorFromWindow 7571590A 7 Bytes JMP 001D0630 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!PostMessageW 75716225 5 Bytes JMP 001D05F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!IsWindowVisible 75716939 7 Bytes JMP 001D06B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClientRect 757174B1 7 Bytes JMP 001D05B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!MapWindowPoints 75717915 5 Bytes JMP 001D0570 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetParent 75717AB3 7 Bytes JMP 001D06F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!SetClipboardData 75724979 5 Bytes JMP 001D0170 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!EmptyClipboard 75724A28 5 Bytes JMP 001D0130 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardData 75724B47 5 Bytes JMP 001D0030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!EnumClipboardFormats 75724D98 5 Bytes JMP 001D01B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardFormatNameW 75727EB2 5 Bytes JMP 001D0230 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!SetClipboardViewer 75728F4D 5 Bytes JMP 001D04B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardFormatNameA 75728F61 5 Bytes JMP 001D0270 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetOpenClipboardWindow 7572902F 1 Byte [E9] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetOpenClipboardWindow 7572902F 5 Bytes JMP 001D03F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!ChangeClipboardChain 75733425 5 Bytes JMP 001D0430 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetTopWindow 75733A5D 7 Bytes JMP 001D0730 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!CloseClipboard 75735BA7 5 Bytes JMP 001D00B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!OpenClipboard 75735BB9 5 Bytes JMP 001D0070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!IsClipboardFormatAvailable 75735C3A 5 Bytes JMP 001D00F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardSequenceNumber 75735C4E 5 Bytes JMP 001D0330 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardOwner 75735C60 5 Bytes JMP 001D0370 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!CountClipboardFormats 75735DC9 5 Bytes JMP 001D01F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!SetCursorPos 7574C1D8 5 Bytes JMP 001D0770 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetClipboardViewer 75764B57 5 Bytes JMP 001D0470 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] USER32.dll!GetPriorityClipboardFormat 75764C59 5 Bytes JMP 001D03B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ole32.dll!OleSetClipboard 754DF1F6 5 Bytes JMP 001E0030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ole32.dll!OleIsCurrentClipboard 754E2370 5 Bytes JMP 001E0070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[3352] ole32.dll!OleGetClipboard 7550F71D 5 Bytes JMP 001E00B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateFile + 6 77084A16 4 Bytes CALL 5A074A22 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateFile + B 77084A1B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateKey + 6 77084A56 4 Bytes JMP 5A074A62 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateKey + B 77084A5B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateMutant + 6 77084A96 4 Bytes JMP E2FF0007 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateMutant + B 77084A9B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateSection + 6 77084B36 4 Bytes JMP E2FF0007 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtCreateSection + B 77084B3B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtMapViewOfSection + 6 77085076 4 Bytes CALL 76085867 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtMapViewOfSection + B 7708507B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenFile + 6 77085126 4 Bytes CALL 5A075132 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenFile + B 7708512B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenKey + 6 77085156 4 Bytes JMP 5A075162 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenKey + B 7708515B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenKeyEx + 6 77085166 4 Bytes CALL 76085954 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenKeyEx + B 7708516B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenMutant + 6 770851A6 4 Bytes JMP E2FF0007 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenMutant + B 770851AB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcess + 6 770851D6 4 Bytes [68, EB, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcess + B 770851DB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcessToken + 6 770851E6 4 Bytes [A8, EB, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcessToken + B 770851EB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcessTokenEx + 6 770851F6 4 Bytes [68, EC, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenProcessTokenEx + B 770851FB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenSection + 6 77085216 4 Bytes CALL 76085A05 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenSection + B 7708521B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThread + 6 77085256 4 Bytes [28, EB, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThread + B 7708525B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThreadToken + 6 77085266 4 Bytes [28, EC, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThreadToken + B 7708526B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThreadTokenEx + 6 77085276 4 Bytes [A8, EC, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtOpenThreadTokenEx + B 7708527B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtQueryAttributesFile + 6 77085386 4 Bytes CALL 5A075392 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtQueryAttributesFile + B 7708538B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtQueryFullAttributesFile + 6 77085436 4 Bytes CALL 76085C23 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtQueryFullAttributesFile + B 7708543B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtSetInformationFile + 6 77085A86 4 Bytes JMP 5A075A92 E:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtSetInformationFile + B 77085A8B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtSetInformationThread + 6 77085AE6 4 Bytes CALL 760862D6 E:\Windows\system32\SHELL32.dll .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtSetInformationThread + B 77085AEB 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtUnmapViewOfSection + 6 77085E06 4 Bytes [28, ED, 07, 00] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ntdll.dll!NtUnmapViewOfSection + B 77085E0B 1 Byte [E2] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00080030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00080070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SelectObject 757D61D0 5 Bytes JMP 001305F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetTextColor 757D6622 5 Bytes JMP 00130A30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetBkMode 757D66CD 5 Bytes JMP 001308F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!DeleteObject 757D68B4 5 Bytes JMP 001301B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!DeleteDC 757D6A2C 5 Bytes JMP 00130170 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!ExtSelectClipRgn 757D6C72 5 Bytes JMP 001302F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SelectClipRgn 757D6D84 5 Bytes JMP 001305B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetDeviceCaps 757D6E03 5 Bytes JMP 001303B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetStretchBltMode 757D73CE 5 Bytes JMP 001306B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetCurrentObject 757D777C 5 Bytes JMP 00130370 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextMetricsW 757D798F 5 Bytes JMP 00130E30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!IntersectClipRect 757D7CCA 5 Bytes JMP 001303F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextAlign 757D7D15 5 Bytes JMP 00130D70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetTextAlign 757D7F92 5 Bytes JMP 001309F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!ExtTextOutW 757D8053 5 Bytes JMP 00130970 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetClipBox 757D81F2 5 Bytes JMP 00130330 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!MoveToEx 757D8A16 5 Bytes JMP 00130470 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!CreateDCA 757D9975 5 Bytes JMP 001300B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!RestoreDC 757D9A10 5 Bytes JMP 00130530 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SaveDC 757D9AD2 5 Bytes JMP 00130570 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!StretchDIBits 757DAC38 5 Bytes JMP 00130770 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextFaceW 757DB4CC 5 Bytes JMP 00130D30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextExtentPoint32W 757DB535 5 Bytes JMP 00130670 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetFontData 757DB8E8 5 Bytes JMP 00130C70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!CreateDCW 757DBD21 5 Bytes JMP 001300F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!CreateICW 757DC660 5 Bytes JMP 00130130 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!LineTo 757DCA20 5 Bytes JMP 00130430 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetWorldTransform 757DCB42 5 Bytes JMP 001306F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextMetricsA 757DCE46 5 Bytes JMP 00130DF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!Rectangle 757DF5BE 5 Bytes JMP 001309B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetICMMode 757DF8D4 5 Bytes JMP 00130DB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!ExtTextOutA 757E0158 5 Bytes JMP 00130930 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextExtentPoint32A 757E08BB 5 Bytes JMP 00130630 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!Escape 757E0B0D 5 Bytes JMP 00130270 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!ExtEscape 757E3472 5 Bytes JMP 001302B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetTextFaceA 757E3E49 5 Bytes JMP 00130CF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetPolyFillMode 757E6CE1 5 Bytes JMP 00130B30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SetMiterLimit 757E6E54 5 Bytes JMP 00130B70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!ResetDCW 757F031C 5 Bytes JMP 00130AB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!EndPage 757F07CD 5 Bytes JMP 00130230 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!GetGlyphOutlineW 757FC292 5 Bytes JMP 00130CB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!CreateScalableFontResourceW 757FE8EF 5 Bytes JMP 00130BB0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!AddFontResourceW 757FECEB 5 Bytes JMP 00130BF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!RemoveFontResourceW 757FF1E1 5 Bytes JMP 00130C30 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!AbortDoc 75804D37 5 Bytes JMP 00130030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!EndDoc 7580517E 5 Bytes JMP 001301F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!StartPage 75805269 5 Bytes JMP 00130730 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!StartDocW 75805BB6 5 Bytes JMP 001307F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!BeginPath 7580635D 5 Bytes JMP 00130830 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!SelectClipPath 758063B4 5 Bytes JMP 00130AF0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!CloseFigure 7580640F 5 Bytes JMP 00130070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!EndPath 75806466 5 Bytes JMP 00130A70 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!StrokePath 75806699 5 Bytes JMP 001307B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!FillPath 75806726 5 Bytes JMP 00130870 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!PolylineTo 75806B94 5 Bytes JMP 001304F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!PolyBezierTo 75806C25 5 Bytes JMP 001304B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] GDI32.dll!PolyDraw 75806CD7 5 Bytes JMP 001308B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!ActivateKeyboardLayout 7570817D 5 Bytes JMP 001404F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!ScreenToClient 7570C1F2 7 Bytes JMP 00140670 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!RegisterClipboardFormatA 7570E6B1 5 Bytes JMP 001402F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!RegisterClipboardFormatW 7570EDFD 5 Bytes JMP 001402B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!SetCursor 757152EA 5 Bytes JMP 00140530 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!MonitorFromWindow 7571590A 7 Bytes JMP 00140630 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!PostMessageW 75716225 5 Bytes JMP 001405F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!IsWindowVisible 75716939 7 Bytes JMP 001406B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClientRect 757174B1 7 Bytes JMP 001405B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!MapWindowPoints 75717915 5 Bytes JMP 00140570 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetParent 75717AB3 7 Bytes JMP 001406F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!SetClipboardData 75724979 5 Bytes JMP 00140170 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!EmptyClipboard 75724A28 5 Bytes JMP 00140130 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardData 75724B47 5 Bytes JMP 00140030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!EnumClipboardFormats 75724D98 5 Bytes JMP 001401B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardFormatNameW 75727EB2 5 Bytes JMP 00140230 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!SetClipboardViewer 75728F4D 5 Bytes JMP 001404B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardFormatNameA 75728F61 5 Bytes JMP 00140270 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetOpenClipboardWindow 7572902F 1 Byte [E9] .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetOpenClipboardWindow 7572902F 5 Bytes JMP 001403F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!ChangeClipboardChain 75733425 5 Bytes JMP 00140430 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetTopWindow 75733A5D 7 Bytes JMP 00140730 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!CloseClipboard 75735BA7 5 Bytes JMP 001400B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!OpenClipboard 75735BB9 5 Bytes JMP 00140070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!IsClipboardFormatAvailable 75735C3A 5 Bytes JMP 001400F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardSequenceNumber 75735C4E 5 Bytes JMP 00140330 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardOwner 75735C60 5 Bytes JMP 00140370 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!CountClipboardFormats 75735DC9 5 Bytes JMP 001401F0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!SetCursorPos 7574C1D8 5 Bytes JMP 00140770 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetClipboardViewer 75764B57 5 Bytes JMP 00140470 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] USER32.dll!GetPriorityClipboardFormat 75764C59 5 Bytes JMP 001403B0 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ole32.dll!OleSetClipboard 754DF1F6 5 Bytes JMP 00150030 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ole32.dll!OleIsCurrentClipboard 754E2370 5 Bytes JMP 00150070 .text E:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[4648] ole32.dll!OleGetClipboard 7550F71D 5 Bytes JMP 001500B0 .text E:\Program Files\Mozilla Firefox\firefox.exe[4844] ntdll.dll!wcsncmp + 33B 7709F580 7 Bytes JMP 5B37E210 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\firefox.exe[4844] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7566C0CF 7 Bytes JMP 5BB422AA E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\firefox.exe[4844] kernel32.dll!CloseHandle + 38 756705EF 7 Bytes JMP 5BB422CD E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\firefox.exe[4844] kernel32.dll!GetExitCodeProcess + 2C 7567313D 7 Bytes JMP 5B382C10 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\firefox.exe[4844] GDI32.dll!GetViewportOrgEx + 21C 757D85EB 7 Bytes JMP 5BB4222B E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[4856] USER32.dll!CharToOemA + 3A 7570B1DE 7 Bytes JMP 5B6D12C8 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[4856] USER32.dll!AdjustWindowRectEx + 117 7571660F 7 Bytes JMP 5B6D1339 E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[4856] USER32.dll!GetWindowInfo 75716A82 1 Byte [E9] .text E:\Program Files\Mozilla Firefox\plugin-container.exe[4856] USER32.dll!GetWindowInfo 75716A82 5 Bytes JMP 5B6D508F E:\Program Files\Mozilla Firefox\xul.dll .text E:\Program Files\Mozilla Firefox\plugin-container.exe[4856] USER32.dll!MenuItemFromPoint + F 75734B36 7 Bytes JMP 5B6CEA7F E:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85BEE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FE3C8D6D-2001-4B94-889E-60764932B32F} 86EB61F8 Device \Driver\usbehci \Device\USBPDO-0 85C57430 Device \Driver\usbehci \Device\USBPDO-1 85C57430 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys Device \Driver\cdrom \Device\CdRom0 86CF81F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BDC1F8 Device \Driver\atapi \Device\Ide\IdePort0 85BDC1F8 Device \Driver\atapi \Device\Ide\IdePort1 85BDC1F8 Device \Driver\atapi \Device\Ide\IdePort2 85BDC1F8 Device \Driver\atapi \Device\Ide\IdePort3 85BDC1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85BDC1F8 Device \Driver\cdrom \Device\CdRom1 86CF81F8 Device \Driver\cdrom \Device\CdRom2 86CF81F8 Device \Driver\cdrom \Device\CdRom3 86CF81F8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 865E21F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86EB61F8 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys Device \Driver\PCI_PNP0035 \Device\0000006b sptd.sys Device \Driver\usbehci \Device\USBFDO-0 85C57430 Device \Driver\PCI_PNP0035 \Device\0000006c sptd.sys Device \Driver\usbehci \Device\USBFDO-1 85C57430 Device \Driver\SymIRON \Device\SymIron Ironx86.SYS Device \Driver\dtsoftbus01 \Device\0000007e 865E21F8 Device \Driver\a8ct457q \Device\Scsi\a8ct457q1 87255430 Device \Driver\atq9soef \Device\Scsi\atq9soef1 872B01F8 Device \Driver\a8ct457q \Device\Scsi\a8ct457q1Port4Path0Target0Lun0 87255430 Device \Driver\atq9soef \Device\Scsi\atq9soef1Port5Path0Target0Lun0 872B01F8 Device \FileSystem\cdfs \Cdfs 88A121F8 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85bdc1f8]<< 85bdc1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86aa9560] 86aa9560 Trace 3 CLASSPNP.SYS[8cfbf59e] -> nt!IofCallDriver -> [0x865748e0] 865748e0 Trace 5 ACPI.sys[8cb553b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c77908] 85c77908 Trace \Driver\atapi[0x865a8430] -> IRP_MJ_CREATE -> 0x85bdc1f8 85bdc1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ? ??????? ???????????????????j?1????????????????????? ?????????????????????1????????????????????????????NO_DRV_X_PNP?a??????????????.???????????????????????????????????????????????????????????????????????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ?????????????????? ? ??? ? ? ??????? ? ? ? ??? ??? ????? ? ???????P?P????U???? ??????V??????P???? ?? ????H???????? ? ? ? ??? ???????? ???? ??? ? ??? ? ????????? ????? ? ????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????????????????????????????????????????????????????I?I????U???????????V??????I???? ???????H?????????????????? ???????? ???????????????????????????????????????????????USBSTOR\Disk&Ven_FLASH&Prod_Drive_SM_USB20&Rev_1100\AA04012700014091&0??????? ????????????????????????????0????? ??????????????????????????????;???;??????oft Help???????????????L??sptd?&????????????????????,Po??czenie lokalne* 11?????????? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBA 0x69 0x2F 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC7 0x40 0xF4 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x16 0x27 0xBE 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x7F 0xBD 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0xA8 0xCE 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x18 0x90 0x3A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBA 0x69 0x2F 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC7 0x40 0xF4 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x16 0x27 0xBE 0x56 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x17 0x51 0xBD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0xA8 0xCE 0x7C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x18 0x90 0x3A ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{AAFD591C-A736-11E1-B948-806E6F6E6963} 6361415224 ---- EOF - GMER 2.1 ----