GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-19 21:12:28 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.8919 298,09GB Running: jhnmqgsg.exe; Driver: C:\Users\hp\AppData\Local\Temp\pxldipoc.sys ---- Kernel code sections - GMER 2.1 ---- .xreloc C:\Windows\system32\drivers\ps6ak2qb.sys unknown last section [0x86B4B000, 0x998, 0x40000040] .xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x86B5E000, 0xC5E, 0x40000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x85001300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x85044300, 0x1BEE, 0xE8000020] C:\Program Files\HP\QuickPlay\000.fcl entry point in "" section [0x85185000] .clc C:\Program Files\HP\QuickPlay\000.fcl unknown last section [0x85186000, 0x1000, 0x00000000] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!LdrLoadDll 76ED79B3 5 Bytes JMP 6D541F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtCreateFile 76F07C78 5 Bytes JMP 64B39AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtFlushBuffersFile 76F08178 5 Bytes JMP 64B1C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtQueryFullAttributesFile 76F086A8 5 Bytes JMP 64B1C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtReadFile 76F088D8 5 Bytes JMP 64B1C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtReadFileScatter 76F088E8 5 Bytes JMP 6553F60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtWriteFile 76F08EE8 5 Bytes JMP 64B3A9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!NtWriteFileGather 76F08EF8 5 Bytes JMP 6553F5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] kernel32.dll!HeapSetInformation + 26 77057008 7 Bytes JMP 64B363D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] kernel32.dll!LockResource + C 7707813B 7 Bytes JMP 65464AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] kernel32.dll!VirtualAllocEx + 54 7707BA7A 2 Bytes JMP 65464AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] kernel32.dll!VirtualAllocEx + 57 7707BA7D 4 Bytes [3E, EE, EB, F9] {OUT DX, AL; JMP 0xfffffffd} .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] USER32.dll!GetWindowInfo 76E20560 5 Bytes JMP 6535B991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3460] GDI32.dll!StretchDIBits + 179 75A675BB 7 Bytes JMP 65464A21 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4336] USER32.dll!GetWindowInfo 76E20560 5 Bytes JMP 64E0261E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4336] USER32.dll!IsZoomed + 80 76E20731 7 Bytes JMP 64E00102 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4336] USER32.dll!AdjustWindowRectEx + 76 76E21F30 7 Bytes JMP 64E00173 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4336] USER32.dll!CheckMenuRadioItem + 12E 76E31412 7 Bytes JMP 64DFD8F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateFile + 6 76F07C7E 4 Bytes [28, F0, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateFile + B 76F07C83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateKey + 6 76F07CBE 4 Bytes [68, F1, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateKey + B 76F07CC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateMutant + 6 76F07CEE 4 Bytes [28, F2, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateMutant + B 76F07CF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateSection + 6 76F07D6E 4 Bytes [68, F2, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtCreateSection + B 76F07D73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtMapViewOfSection + 6 76F083CE 4 Bytes [A8, F4, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtMapViewOfSection + B 76F083D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenFile + 6 76F0845E 4 Bytes [68, F0, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenFile + B 76F08463 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenKey + 6 76F0848E 4 Bytes [A8, F1, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenKey + B 76F08493 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenMutant + 6 76F084AE 4 Bytes CALL 75F09BA4 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenMutant + B 76F084B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcess + 6 76F084DE 4 Bytes [28, F3, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcess + B 76F084E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcessToken + 6 76F084EE 4 Bytes [68, F3, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcessToken + B 76F084F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcessTokenEx + 6 76F084FE 4 Bytes [28, F4, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenProcessTokenEx + B 76F08503 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenSection + 6 76F0850E 4 Bytes [A8, F2, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenSection + B 76F08513 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThread + 6 76F0854E 4 Bytes CALL 75F09C45 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThread + B 76F08553 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThreadToken + 6 76F0855E 4 Bytes CALL 75F09C56 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThreadToken + B 76F08563 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThreadTokenEx + 6 76F0856E 4 Bytes [68, F4, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtOpenThreadTokenEx + B 76F08573 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtQueryAttributesFile + 6 76F085FE 4 Bytes [A8, F0, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtQueryAttributesFile + B 76F08603 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtQueryFullAttributesFile + 6 76F086AE 4 Bytes CALL 75F09DA3 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtQueryFullAttributesFile + B 76F086B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtSetInformationFile + 6 76F08B8E 4 Bytes [28, F1, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtSetInformationFile + B 76F08B93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtSetInformationThread + 6 76F08BDE 4 Bytes [A8, F3, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtSetInformationThread + B 76F08BE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtUnmapViewOfSection + 6 76F08E7E 4 Bytes CALL 75F0A577 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ntdll.dll!NtUnmapViewOfSection + B 76F08E83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] kernel32.dll!CreateProcessW 77031C01 5 Bytes JMP 001700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] kernel32.dll!CreateProcessA 77031C36 5 Bytes JMP 001700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] kernel32.dll!OpenEventW 7704C8AD 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] kernel32.dll!CreateEventW 7707447A 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetDeviceCaps 75A65AF0 5 Bytes JMP 001A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!DeleteObject 75A65BED 5 Bytes JMP 001A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SelectObject 75A66100 5 Bytes JMP 001A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetTextColor 75A66549 5 Bytes JMP 001A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetBkMode 75A665F4 5 Bytes JMP 001A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!DeleteDC 75A66A44 5 Bytes JMP 001A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetStretchBltMode 75A66D78 5 Bytes JMP 001A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetCurrentObject 75A66F4B 5 Bytes JMP 001A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!StretchDIBits 75A67442 5 Bytes JMP 001A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SaveDC 75A6772D 5 Bytes JMP 001A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!RestoreDC 75A677C6 5 Bytes JMP 001A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!ExtSelectClipRgn 75A679DA 5 Bytes JMP 001A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SelectClipRgn 75A67AE5 5 Bytes JMP 001A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!Rectangle 75A67D49 5 Bytes JMP 001A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextAlign 75A68178 5 Bytes JMP 001A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!ExtTextOutW 75A682B1 5 Bytes JMP 001A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetClipBox 75A68629 5 Bytes JMP 001A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetTextAlign 75A686EA 5 Bytes JMP 001A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!MoveToEx 75A6878E 5 Bytes JMP 001A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextMetricsW 75A69434 5 Bytes JMP 001A0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!IntersectClipRect 75A69698 5 Bytes JMP 001A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetICMMode 75A69DAB 5 Bytes JMP 001A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextExtentPoint32W 75A6A926 5 Bytes JMP 001A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!CreateDCA 75A6AC01 5 Bytes JMP 001A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!CreateDCW 75A6ADA5 5 Bytes JMP 001A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!CreateICW 75A6ADFD 5 Bytes JMP 001A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextFaceW 75A6C1CF 5 Bytes JMP 001A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetFontData 75A6C835 5 Bytes JMP 001A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetWorldTransform 75A6CAB8 5 Bytes JMP 001A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextMetricsA 75A6D65F 5 Bytes JMP 001A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!LineTo 75A6EF82 5 Bytes JMP 001A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!ExtTextOutA 75A6FE29 5 Bytes JMP 001A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextExtentPoint32A 75A70B59 5 Bytes JMP 001A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!ExtEscape 75A7208D 5 Bytes JMP 001A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!Escape 75A72A7B 5 Bytes JMP 001A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!ResetDCW 75A7321A 5 Bytes JMP 001A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetPolyFillMode 75A749EE 5 Bytes JMP 001A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SetMiterLimit 75A76298 5 Bytes JMP 001A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!EndPage 75A7F173 5 Bytes JMP 001A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetTextFaceA 75A7F321 5 Bytes JMP 001A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!GetGlyphOutlineW 75A8A04F 5 Bytes JMP 001A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!CreateScalableFontResourceW 75A8C4BB 5 Bytes JMP 001A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!AddFontResourceW 75A8C8C3 5 Bytes JMP 001A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!RemoveFontResourceW 75A8CD59 5 Bytes JMP 001A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!AbortDoc 75A92A4E 5 Bytes JMP 001A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!EndDoc 75A92E62 5 Bytes JMP 001A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!StartPage 75A92F4D 5 Bytes JMP 001A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!StartDocW 75A93A31 5 Bytes JMP 001A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!BeginPath 75A941ED 5 Bytes JMP 001A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!SelectClipPath 75A94244 5 Bytes JMP 001A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!CloseFigure 75A9429F 5 Bytes JMP 001A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!EndPath 75A942F6 5 Bytes JMP 001A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!StrokePath 75A94528 5 Bytes JMP 001A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!FillPath 75A945B4 5 Bytes JMP 001A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!PolylineTo 75A94A1D 5 Bytes JMP 001A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!PolyBezierTo 75A94AAD 5 Bytes JMP 001A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] GDI32.dll!PolyDraw 75A94B5E 5 Bytes JMP 001A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!SetCursor 76E1E563 5 Bytes JMP 001B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!RegisterClipboardFormatW 76E1E869 5 Bytes JMP 001B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!MonitorFromWindow 76E213F6 7 Bytes JMP 001B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!ActivateKeyboardLayout 76E25A50 5 Bytes JMP 001B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClientRect 76E289F9 3 Bytes JMP 001B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClientRect + 4 76E289FD 3 Bytes [89, CC, CC] {MOV ESP, ECX; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetParent 76E2918E 7 Bytes JMP 001B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!RegisterClipboardFormatA 76E2974D 5 Bytes JMP 001B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardFormatNameA 76E29AB5 5 Bytes JMP 001B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!PostMessageW 76E2A064 5 Bytes JMP 001B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!MapWindowPoints 76E2A14F 5 Bytes JMP 001B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!ScreenToClient 76E30C02 7 Bytes JMP 001B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!IsWindowVisible 76E30CDC 7 Bytes JMP 001B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetOpenClipboardWindow 76E326DC 5 Bytes JMP 001B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!SetClipboardViewer 76E3BE37 5 Bytes JMP 001B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!IsClipboardFormatAvailable 76E3C8D4 5 Bytes JMP 001B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!CloseClipboard 76E3C8E8 5 Bytes JMP 001B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!OpenClipboard 76E3C90E 5 Bytes JMP 001B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetTopWindow 76E3D329 7 Bytes JMP 001B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardSequenceNumber 76E3E355 5 Bytes JMP 001B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!ChangeClipboardChain 76E3E52F 5 Bytes JMP 001B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardOwner 76E40A5E 5 Bytes JMP 001B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!CountClipboardFormats 76E40E19 5 Bytes JMP 001B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!SetClipboardData 76E562F8 5 Bytes JMP 001B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!EnumClipboardFormats 76E56C7E 5 Bytes JMP 001B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!SetCursorPos 76E56F1A 5 Bytes JMP 001B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardData 76E570B2 5 Bytes JMP 001B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardFormatNameW 76E5A93C 5 Bytes JMP 001B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!EmptyClipboard 76E7390B 5 Bytes JMP 001B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetClipboardViewer 76E7396D 5 Bytes JMP 001B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] USER32.dll!GetPriorityClipboardFormat 76E73A6F 5 Bytes JMP 001B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!FreeContextBuffer 755B2825 5 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!DeleteSecurityContext 755B2ABF 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!FreeCredentialsHandle 755B31F5 5 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!EncryptMessage 755B4BDE 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!DecryptMessage 755B4CAB 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!InitializeSecurityContextA 755B8233 5 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!AcquireCredentialsHandleA 755B833B 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!QueryContextAttributesA 755B8747 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!ApplyControlToken 755BDDB2 5 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] Secur32.dll!QueryCredentialsAttributesA 755BDFB5 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ole32.dll!OleGetClipboard 767E2AC1 5 Bytes JMP 001E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ole32.dll!OleSetClipboard 7680EC7D 5 Bytes JMP 001E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[4396] ole32.dll!OleIsCurrentClipboard 76818B31 5 Bytes JMP 001E0070 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll >>UNKNOWN [0x8b8b1078]<< 8b8b1078 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8bc305f8] 8bc305f8 Trace 3 CLASSPNP.SYS[87c0a745] -> nt!IofCallDriver -> [0x8bc30d48] 8bc30d48 Trace 5 hpdskflt.sys[8fa01f05] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a56d028] 8a56d028 Trace \Driver\iaStor[0x8a533230] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8b8b1078 8b8b1078 ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 8971AA90 ---- Threads - GMER 2.1 ---- Thread explorer.exe [2136:2396] 0221A434 Thread explorer.exe [2136:2400] 0221A436 Thread explorer.exe [2136:2408] 0221A436 Thread explorer.exe [2136:3548] 0221A434 Thread explorer.exe [2136:3756] 0221A434 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00218673dc3a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218673dc3a (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218673dc3a ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----