GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-25 19:46:01 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD1001FALS-00E8B0 rev.05.00K05 931,51GB Running: te5mrndw.exe; Driver: C:\Users\Pat\AppData\Local\Temp\uxldapob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 832839E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BD312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spqp.sys The system cannot find the path specified. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E0F000, 0x2BFBF0, 0xE8000020] .text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x9D801000, 0x328BA, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x9D845000] .relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x9D861000, 0x8E, 0x42000040] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!RegisterMessagePumpHook + 2F1 75148B9E 7 Bytes JMP 10580102 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!IsDialogMessageW + 340 75154444 7 Bytes JMP 10580173 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!GetWindowInfo 75154B5E 5 Bytes JMP 1058261E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2452] USER32.dll!ToUnicodeEx + 71 75162223 7 Bytes JMP 1057D8F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\kiess\Kies\External\FirmwareUpdate\KiesPDLR.exe[3152] ntdll.dll!DbgUiRemoteBreakin 76EBF1D3 1 Byte [C3] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateFile + 6 76E6560E 4 Bytes [28, D0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateFile + B 76E65613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateKey + 6 76E6564E 4 Bytes [68, D1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateKey + B 76E65653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateMutant + 6 76E6568E 4 Bytes [68, D2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateMutant + B 76E65693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateSection + 6 76E6572E 4 Bytes [A8, D2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtCreateSection + B 76E65733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtMapViewOfSection + 6 76E65C6E 4 Bytes CALL 75E66447 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtMapViewOfSection + B 76E65C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenFile + 6 76E65D1E 4 Bytes [68, D0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenFile + B 76E65D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenKey + 6 76E65D4E 4 Bytes [A8, D1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenKey + B 76E65D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenKeyEx + 6 76E65D5E 4 Bytes CALL 75E66534 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenKeyEx + B 76E65D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenMutant + 6 76E65D9E 4 Bytes [28, D2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenMutant + B 76E65DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcess + 6 76E65DCE 4 Bytes [68, D3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcess + B 76E65DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcessToken + 6 76E65DDE 4 Bytes [A8, D3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcessToken + B 76E65DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcessTokenEx + 6 76E65DEE 4 Bytes [68, D4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenProcessTokenEx + B 76E65DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenSection + 6 76E65E0E 4 Bytes CALL 75E665E5 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenSection + B 76E65E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThread + 6 76E65E4E 4 Bytes [28, D3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThread + B 76E65E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThreadToken + 6 76E65E5E 4 Bytes [28, D4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThreadToken + B 76E65E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThreadTokenEx + 6 76E65E6E 4 Bytes [A8, D4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtOpenThreadTokenEx + B 76E65E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtQueryAttributesFile + 6 76E65F7E 4 Bytes [A8, D0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtQueryAttributesFile + B 76E65F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtQueryFullAttributesFile + 6 76E6602E 4 Bytes CALL 75E66803 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtQueryFullAttributesFile + B 76E66033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtSetInformationFile + 6 76E6667E 4 Bytes [28, D1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtSetInformationFile + B 76E66683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtSetInformationThread + 6 76E666DE 4 Bytes CALL 75E66EB6 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtSetInformationThread + B 76E666E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtUnmapViewOfSection + 6 76E669FE 4 Bytes [28, D5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ntdll.dll!NtUnmapViewOfSection + B 76E66A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!ActivateKeyboardLayout 75148203 5 Bytes JMP 001304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!ScreenToClient 7514A506 7 Bytes JMP 00130670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!RegisterClipboardFormatA 7514C091 5 Bytes JMP 001302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!RegisterClipboardFormatW 7514DF8D 5 Bytes JMP 001302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!SetCursor 75153075 5 Bytes JMP 00130530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!MonitorFromWindow 75153622 7 Bytes JMP 00130630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!PostMessageW 7515447B 5 Bytes JMP 001305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!IsWindowVisible 75154D69 7 Bytes JMP 001306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClientRect 751554DD 7 Bytes JMP 001305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!MapWindowPoints 75155CAA 5 Bytes JMP 00130570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetParent 75156029 7 Bytes JMP 001306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!EmptyClipboard 7516290C 5 Bytes JMP 00130130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!SetClipboardData 75162962 5 Bytes JMP 00130170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardData 75162BA7 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardFormatNameW 75165FD2 5 Bytes JMP 00130230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!SetClipboardViewer 75166FF6 5 Bytes JMP 001304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardFormatNameA 7516700A 5 Bytes JMP 00130270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!ChangeClipboardChain 7517147C 5 Bytes JMP 00130430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetTopWindow 751724D9 7 Bytes JMP 00130730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!CloseClipboard 7517446C 5 Bytes JMP 001300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!OpenClipboard 7517447E 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!IsClipboardFormatAvailable 751744FF 5 Bytes JMP 001300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardSequenceNumber 75174513 5 Bytes JMP 00130330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardOwner 75174525 5 Bytes JMP 00130370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!CountClipboardFormats 7517470A 5 Bytes JMP 001301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!EnumClipboardFormats 751747EC 5 Bytes JMP 001301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetOpenClipboardWindow 7517480B 5 Bytes JMP 001303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!SetCursorPos 7518C1B0 5 Bytes JMP 00130770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetClipboardViewer 751A4AF7 5 Bytes JMP 00130470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] user32.DLL!GetPriorityClipboardFormat 751A4BF9 5 Bytes JMP 001303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!DeleteObject 75215F14 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SelectObject 75216640 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetTextColor 75216906 5 Bytes JMP 00140A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetBkMode 752169B1 5 Bytes JMP 001408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!DeleteDC 75216EAA 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetDeviceCaps 75216F7F 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!ExtSelectClipRgn 75217114 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SelectClipRgn 75217242 5 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetStretchBltMode 75217705 5 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetCurrentObject 75217917 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextMetricsW 75217B8F 5 Bytes JMP 00140E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextAlign 75217DAF 5 Bytes JMP 00140D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!IntersectClipRect 75217DFE 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!ExtTextOutW 75218192 5 Bytes JMP 00140970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetTextAlign 7521828E 5 Bytes JMP 001409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetClipBox 75218525 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!MoveToEx 75218C21 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!StretchDIBits 7521A53E 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!RestoreDC 7521A67B 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SaveDC 7521A74B 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextExtentPoint32W 7521B4B5 5 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextFaceW 7521B73A 2 Bytes JMP 00140D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextFaceW + 3 7521B73D 2 Bytes [F2, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetFontData 7521BCC4 5 Bytes JMP 00140C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetWorldTransform 7521C90A 5 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!CreateDCA 7521CCA9 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!CreateDCW 7521CF79 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!CreateICW 7521CFD0 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextMetricsA 7521D0F2 5 Bytes JMP 00140DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!Rectangle 7521F1E7 5 Bytes JMP 001409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!LineTo 7521F583 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetICMMode 7521FA8C 5 Bytes JMP 00140DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!ExtTextOutA 75220D08 5 Bytes JMP 00140930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextExtentPoint32A 75221167 5 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!ExtEscape 75222D31 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!Escape 752233E8 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!ResetDCW 75223A83 5 Bytes JMP 00140AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!EndPage 752240C2 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetPolyFillMode 752267C9 5 Bytes JMP 00140B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SetMiterLimit 75226985 5 Bytes JMP 00140B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetTextFaceA 75230D12 5 Bytes JMP 00140CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!GetGlyphOutlineW 7523C32A 5 Bytes JMP 00140CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!CreateScalableFontResourceW 7523E987 5 Bytes JMP 00140BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!AddFontResourceW 7523ED83 5 Bytes JMP 00140BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!RemoveFontResourceW 7523F279 5 Bytes JMP 00140C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!AbortDoc 75244E79 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!EndDoc 752452C0 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!StartPage 752453AB 5 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!StartDocW 75245DC6 5 Bytes JMP 001407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!BeginPath 7524656D 5 Bytes JMP 00140830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!SelectClipPath 752465C4 5 Bytes JMP 00140AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!CloseFigure 7524661F 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!EndPath 75246676 5 Bytes JMP 00140A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!StrokePath 752468A9 5 Bytes JMP 001407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!FillPath 75246936 5 Bytes JMP 00140870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!PolylineTo 75246DA4 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!PolyBezierTo 75246E35 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] GDI32.dll!PolyDraw 75246EE7 5 Bytes JMP 001408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ole32.dll!OleSetClipboard 764E0045 5 Bytes JMP 00160030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ole32.dll!OleIsCurrentClipboard 764E36B2 5 Bytes JMP 00160070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe[3800] ole32.dll!OleGetClipboard 7650FDCD 5 Bytes JMP 001600B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtCreateFile 76E65608 5 Bytes JMP 102B9AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtFlushBuffersFile 76E65998 5 Bytes JMP 1029C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtQueryFullAttributesFile 76E66028 5 Bytes JMP 1029C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtReadFile 76E662F8 5 Bytes JMP 1029C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtReadFileScatter 76E66308 5 Bytes JMP 10CBF60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtWriteFile 76E66AA8 5 Bytes JMP 102BA9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!NtWriteFileGather 76E66AB8 5 Bytes JMP 10CBF5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!LdrLoadDll 76E822AE 5 Bytes JMP 57391F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76A994E6 7 Bytes JMP 10BE4AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] kernel32.dll!QueryPerformanceCounter + 13 76A9C4E5 7 Bytes JMP 10BE4AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] kernel32.dll!LoadAppInitDlls + 355 76A9F5A6 7 Bytes JMP 102B63D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] USER32.dll!GetWindowInfo 75154B5E 5 Bytes JMP 10ADB991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5884] GDI32.dll!GetViewportOrgEx + 26C 7521884B 7 Bytes JMP 10BE4A21 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 859821F8 Device \FileSystem\fastfat \FatCdrom 869F71F8 Device \Driver\volmgr \Device\VolMgrControl 8597E1F8 Device \Driver\usbuhci \Device\USBPDO-0 86C5C1F8 Device \Driver\usbuhci \Device\USBPDO-1 86C5C1F8 Device \Driver\sptd \Device\2523072800 spqp.sys Device \Driver\usbuhci \Device\USBPDO-2 86C5C1F8 Device \Driver\usbehci \Device\USBPDO-3 86B92500 Device \Driver\usbuhci \Device\USBPDO-4 86C5C1F8 Device \Driver\usbuhci \Device\USBPDO-5 86C5C1F8 Device \Driver\usbuhci \Device\USBPDO-6 86C5C1F8 Device \Driver\PCI_PNP4799 \Device\00000057 spqp.sys Device \Driver\PCI_PNP4799 \Device\00000057 spqp.sys Device \Driver\volmgr \Device\HarddiskVolume1 8597E1F8 Device \Driver\usbehci \Device\USBPDO-7 86B92500 Device \Driver\volmgr \Device\HarddiskVolume2 8597E1F8 Device \Driver\cdrom \Device\CdRom0 869E31F8 Device \Driver\volmgr \Device\HarddiskVolume3 8597E1F8 Device \Driver\atapi \Device\Ide\IdePort0 859801F8 Device \Driver\atapi \Device\Ide\IdePort1 859801F8 Device \Driver\atapi \Device\Ide\IdePort2 859801F8 Device \Driver\atapi \Device\Ide\IdePort3 859801F8 Device \Driver\atapi \Device\Ide\IdePort4 859801F8 Device \Driver\atapi \Device\Ide\IdePort5 859801F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 859801F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-7 859801F8 Device \Driver\cdrom \Device\CdRom1 869E31F8 Device \Driver\volmgr \Device\HarddiskVolume4 8597E1F8 Device \Driver\volmgr \Device\HarddiskVolume5 8597E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86A871F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{C0676511-ED9B-4B6E-8E89-BE14F237BD72} 86A871F8 Device \Driver\usbuhci \Device\USBFDO-0 86C5C1F8 Device \Driver\usbuhci \Device\USBFDO-1 86C5C1F8 Device \Driver\usbuhci \Device\USBFDO-2 86C5C1F8 Device \Driver\usbehci \Device\USBFDO-3 86B92500 Device \Driver\usbuhci \Device\USBFDO-4 86C5C1F8 Device \Driver\usbuhci \Device\USBFDO-5 86C5C1F8 Device \Driver\usbuhci \Device\USBFDO-6 86C5C1F8 Device \Driver\usbehci \Device\USBFDO-7 86B92500 Device \Driver\agjyavm5 \Device\Scsi\agjyavm51Port6Path0Target0Lun0 86B90500 Device \Driver\agjyavm5 \Device\Scsi\agjyavm51 86B90500 Device \FileSystem\fastfat \Fat 869F71F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859801f8]<< 859801f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868212a0] 868212a0 Trace 3 CLASSPNP.SYS[8bd9f59e] -> nt!IofCallDriver -> [0x8669b918] 8669b918 Trace 5 ACPI.sys[8b58f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8671c908] 8671c908 Trace \Driver\atapi[0x86719030] -> IRP_MJ_CREATE -> 0x859801f8 859801f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xAC 0x0C 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x15 0x64 0x49 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0x83 0xAF 0x65 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xAC 0x0C 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x15 0x64 0x49 0xBD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0x83 0xAF 0x65 ... ---- EOF - GMER 2.1 ----